r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ec332b81a27117ce9c16b67a5a8e4fac
b6d2afa2c859d000ad830d3d8d73f57bac6ffce2
1dc32c78e4e850303813338fd4e9616a41c8c05d1063748a1e76a92c397a5e8f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DC32C78E4E850303813338FD4E9616A41C8C05D1063748A1E76A92C397A5E8F"
Last-Modified: Mon, 20 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18173
Expires: Tue, 21 Mar 2023 20:11:58 GMT
Date: Tue, 21 Mar 2023 15:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 00e304a3fc0c2f01af0e94fcefe0ca40
833969e75e5e13e823c8d97ee59a9821eb157ee3
c2b7f7ae4861f2dd16867de54c7e47d95582de77887f523841d9683a369d20a7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2B7F7AE4861F2DD16867DE54C7E47D95582DE77887F523841D9683A369D20A7"
Last-Modified: Sun, 19 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16316
Expires: Tue, 21 Mar 2023 19:41:01 GMT
Date: Tue, 21 Mar 2023 15:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4e6141892ec4705c6a0134f3157b969d
4169fdea42b0fa9cb565e14b8e8fdb293575c78e
905537ef3e3a4a9030391b44bd6ac6bb5d7c9ec752b1821d683dfbf483096163
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "905537EF3E3A4A9030391B44BD6AC6BB5D7C9EC752B1821D683DFBF483096163"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4278
Expires: Tue, 21 Mar 2023 16:20:23 GMT
Date: Tue, 21 Mar 2023 15:09:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 21 Mar 2023 14:14:58 GMT
content-type: application/json
age: 3247
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ym/i73r5G+N4eWpCd9b6SQIZZULsGMXttEkdvCmgI/a+7H3LHZIlDz4Jr7mlpWFNfxYJjbc80a0=
x-amz-request-id: KVP93GN1PSAENYYQ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 21 Mar 2023 14:53:13 GMT
age: 952
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 21 Mar 2023 15:09:05 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 21 Mar 2023 14:17:22 GMT
age: 3104
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4c195a3fc0c2abb831630cef1dcfa770
eda338de3063640556177b9db364c33193d7f6dc
c22eb0537cd79666b82fe61dd77fe9b0b3c059a4c65d405412acfc2c6800b444
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C22EB0537CD79666B82FE61DD77FE9B0B3C059A4C65D405412ACFC2C6800B444"
Last-Modified: Sun, 19 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11613
Expires: Tue, 21 Mar 2023 18:22:39 GMT
Date: Tue, 21 Mar 2023 15:09:06 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PszkvggRfN4e1hMCIn/9LA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EY0h33zZ+y2x9o8kCRFrDjsKbHY=
heatherandthistle.org/documents/n200511.doc
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/documents/n200511.doc
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /documents/n200511.doc HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:05 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Set-Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://heatherandthistle.org/documents/n200511.doc/
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/documents/n200511.doc/
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/documents/n200511.doc/
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /documents/n200511.doc/ HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css?ver=5.1.15
172.217.21.170200 OK 5.9 kB URL HTTP/1.1 ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css?ver=5.1.15
IP 172.217.21.170:0
File type ASCII text, with very long lines (1398)
Hash a4c64be3878ceb36796c1a87b3173c3a
37febc085eab2a582388c75954c6b39b3fcebdeb
c3f85a3d153d17f7fb99133915101d9fa1510cf8f1a426fc69875fef78487bb8
GET /ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css?ver=5.1.15 HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 5862
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 16 Mar 2023 08:09:51 GMT
Expires: Fri, 15 Mar 2024 08:09:51 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/css; charset=UTF-8
Vary: Accept-Encoding
Age: 457156
fonts.googleapis.com/css?family=Droid+Serif|Droid+Sans
172.217.21.170200 OK 322 B URL HTTP/1.1 fonts.googleapis.com/css?family=Droid+Serif|Droid+Sans
IP 172.217.21.170:0
Hash b8eea190e4c0c628dba2c29a6aafc7fa
dcae4e5b6b58cdcc2f376ab01f73249e688814d6
84c86e0c00a82593187b543443a979040f7ac468d5482fd75c3fcd2a2df468d0
GET /css?family=Droid+Serif|Droid+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 21 Mar 2023 15:09:07 GMT
Date: Tue, 21 Mar 2023 15:09:07 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
www.google.com/recaptcha/api.js?ver=7.8.5&onload=ccfRecaptchaOnload&render=explicit
142.250.74.164200 OK 580 B URL HTTP/1.1 www.google.com/recaptcha/api.js?ver=7.8.5&onload=ccfRecaptchaOnload&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (912), with no line terminators
Hash f533f54a363368f131b2836a12842be5
9cce4861a9ca45e148ced8e0c1ee408ba6a0a7e2
248f9959c0899e9d232c041c799831e5610fa76fb3cb4bf73004a71247120fc8
GET /recaptcha/api.js?ver=7.8.5&onload=ccfRecaptchaOnload&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/
HTTP/1.1 200 OK
Expires: Tue, 21 Mar 2023 15:09:07 GMT
Date: Tue, 21 Mar 2023 15:09:07 GMT
Cache-Control: private, max-age=300
Content-Type: text/javascript; charset=UTF-8
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 580
Server: GSE
heatherandthistle.org/wp-includes/css/dist/block-library/style.min.css?ver=5.1.15
192.185.121.113200 OK 5.6 kB URL HTTP/1.1 heatherandthistle.org/wp-includes/css/dist/block-library/style.min.css?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (25245), with no line terminators
Hash 0adb00828ab6fbc558d16170c65e3eba
57a669175415a32d0015bdee5ecbe5e98c18d498
fddd028b16fff5fcc7faabd864b0b7f034f369199b1bdb6d51668e02dcbcbe99
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5637
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
heatherandthistle.org/wp-content/plugins/custom-contact-forms/assets/build/css/form.min.css?ver=7.8.5
192.185.121.113409 Conflict 83 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/custom-contact-forms/assets/build/css/form.min.css?ver=7.8.5
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/custom-contact-forms/assets/build/css/form.min.css?ver=7.8.5 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 409 Conflict
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Content-Length: 83
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
heatherandthistle.org/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
192.185.121.113200 OK 239 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 21fec527969cbcfec759744ce51f94c0
827130fb99b0005a5206028abfe82e93610184f2
fe2a280a5ffe9f5d3b1bf125035d478e46bae689a2f0cde07d48bef1ba7c74b1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 01 Apr 2019 12:27:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 239
Keep-Alive: timeout=5, max=75
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/styles/common-css/reset.css?ver=1.0
192.185.121.113200 OK 566 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/common-css/reset.css?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash ca171b3c6ed39369781b77a66fdd641b
e5add0a1df54163d67c54d3bd577c4b5a6871693
e08a05d3392ece5426a1c7462375f087e79eba76b0cbcd06f1fd9d7be5de88e8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/styles/common-css/reset.css?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 566
Keep-Alive: timeout=5, max=75
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/text.css?ver=1.0
192.185.121.113200 OK 747 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/text.css?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 813a4b12aee8fe3a6fde9fca19d800d9
a97fc9f62e970ec569ee3e2a590117305f340bfb
077473373126216570516e22089d0f1634326e962d35e422a00bbc8b88845fb7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/styles/style1/css/text.css?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 747
Keep-Alive: timeout=5, max=75
Content-Type: text/css
heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/styles/lightbox.min.css?ver=1.4.8
192.185.121.113200 OK 812 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/styles/lightbox.min.css?ver=1.4.8
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (2126), with no line terminators
Hash 1ed5fbe76c72b8bb53dc90174cd35b29
e258a061ac4e6d100b7ba7ed185a80423363914f
feb9f5933cac1662bd643e0b060cf58ac1f136eb037234740712f9eddd2abd8b
GET /wp-content/plugins/wp-jquery-lightbox/styles/lightbox.min.css?ver=1.4.8 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 01 Apr 2019 12:27:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 812
Keep-Alive: timeout=5, max=75
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/styles/common-css/960.css?ver=1.0
192.185.121.113200 OK 1.3 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/common-css/960.css?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash db80bd090dd1dcee6b691a44a3282d7a
377dfb2d8659afeb72f325e11afe73908c19e36a
b4f5fe24a7614c23cd170055312627a33e19a4718babfe78e078b2d71448c907
GET /wp-content/themes/u-design/styles/common-css/960.css?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1345
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/css
heatherandthistle.org/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
192.185.121.113200 OK 1.9 kB URL HTTP/1.1 heatherandthistle.org/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3704)
Hash 94f5473c517f98b97818ba21a20e7e46
384c9f5a03ce7f7fb473b4484b7010b2f4e90e1b
54ecc370ec11f0e806f4b059478fb09c5f252dc297e611249db47f282086e7cb
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1894
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/css/prettyPhoto.css?ver=3.1.2
192.185.121.113200 OK 3.9 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/css/prettyPhoto.css?ver=3.1.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19697), with no line terminators
Hash 74b827120dba0fd34609fb07c8fca58c
0e59eb3400aa8e1b4365eea779c064769d854fc1
a0502471754efa4d960a415e37a3213dbbb1018115cd6f4d25e912d6f98310a2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/prettyPhoto/css/prettyPhoto.css?ver=3.1.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3879
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
192.185.121.113200 OK 1.8 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (344), with CRLF line terminators
Hash 1ad5601c50231278bd7664532e5d4e16
ac836ebcd7e211a4771b5fc22248a26e7618f1ce
db7cc149e24f3f09b14cf0a6884f267ddd6a69a7e7749a27c4df0133f67a3850
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1779
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/css;charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/scripts/superfish-1.4.8/css/superfish.css?ver=1.0
192.185.121.113200 OK 1.2 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/superfish-1.4.8/css/superfish.css?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3fcfdf44dc1e17587415dba74645b4bc
5e73647392a8af5d493d57e51c101d875ca3699f
6aad7c412bd776acf079c14f1c4b4b96e508477159c1e5cefee9638679df1949
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/superfish-1.4.8/css/superfish.css?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1228
Keep-Alive: timeout=5, max=75
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
192.185.121.113200 OK 18 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash d5d2d90e0429cbb0301f89211feb0ab6
5f4cc87eb67c244224ebad5b71fe8442d33a97f4
e362f197c2e47e47569e2d9ace87023ac0d32e50e6a29817a138ac4bbcabd843
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/css
heatherandthistle.org/wp-content/themes/u-design/scripts/jquery-1.4.4.min.js?ver=5.1.15
192.185.121.113200 OK 34 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/jquery-1.4.4.min.js?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (820)
Hash 386dc8f3a49623fb67fdb4399010c868
b73a4caf1303df999ccce35f3554580a839f27ff
7a8ba63dcaf759fbde7d70ab4071eeeb27230353d1dcb876bda660b5dd3a3bfc
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/jquery-1.4.4.min.js?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript
heatherandthistle.org/wp-includes/js/underscore.min.js?ver=1.8.3
192.185.121.113200 OK 6.3 kB URL HTTP/1.1 heatherandthistle.org/wp-includes/js/underscore.min.js?ver=1.8.3
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (16010), with no line terminators
Hash 025a224616d936ec780d49dae004b799
77ba8a5a8dae4b591f5f3d1b34f2d10338c4a73d
340cc30020bf4359d9e1b041cb5b85338cbe7999a0ac05ac26c970436ff14495
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/underscore.min.js?ver=1.8.3 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6347
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/custom-contact-forms/assets/build/js/form.min.js?ver=7.8.5
192.185.121.113409 Conflict 83 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/custom-contact-forms/assets/build/js/form.min.js?ver=7.8.5
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/custom-contact-forms/assets/build/js/form.min.js?ver=7.8.5 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 409 Conflict
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Content-Length: 83
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/jquery.cycle.all.min.js?ver=2.99
192.185.121.113200 OK 10 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/jquery.cycle.all.min.js?ver=2.99
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (19821)
Hash a8cad0b0e39e5f8948048fbd08affe4f
07a5b367881d967afd0658865e14e29caee2fb06
a5664c4ab2d3822957a8b9e5d904d9e7f3f700325f476ed76b1c7bdf718d5d2f
GET /wp-content/themes/u-design/sliders/cycle/jquery.cycle.all.min.js?ver=2.99 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10302
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_script.js?ver=1.0.0
192.185.121.113200 OK 495 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_script.js?ver=1.0.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 5cd7d8447880c6c6d392af59136c86ca
169d22355da22378e447fc33765053603db09a47
ab2c1c3381821c637d1ba50c4817d3bacaf52f45865a016d018e0dec75f7b38c
GET /wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_script.js?ver=1.0.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 495
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php?ver=5.1.15
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php/?ver=5.1.15
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.2
192.185.121.113200 OK 8.0 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document, ASCII text, with very long lines (5462)
Hash a3ce84f320878cbd4d6c76372d97e5f3
ea134f43aee597ff8c5eebcd707a363d8e6f48e2
9d61172e6245ee716c016778128410e80a588ee7f816bd93a2e5079a55c38ab9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8016
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js?ver=5.1.15
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:07 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js/?ver=5.1.15
Content-Length: 0
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Tue, 21 Mar 2023 15:57:48 GMT
Date: Tue, 21 Mar 2023 15:09:08 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de95776582936b8e129e876cf6d80fa8
0233251e1cf0123f1260d980d7c8ef92718723f9
49c07da2ab4ebd66bd166bf0e20dd084b38973cd40c79f85eb283d15a1ccac36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49C07DA2AB4EBD66BD166BF0E20DD084B38973CD40C79F85EB283D15A1CCAC36"
Last-Modified: Sun, 19 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2920
Expires: Tue, 21 Mar 2023 15:57:48 GMT
Date: Tue, 21 Mar 2023 15:09:08 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68a4b574-14c9-4d65-81df-d700ef3fa2f4.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68a4b574-14c9-4d65-81df-d700ef3fa2f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e538277f72ecedd22d24c1012250fa9e
4bd955ea3790a6926486e3d56f51c712c56997d7
5f4d374598cfb1a78e7016ec3a0b563e61e7481be202c34b10c9fdfbfc7b638e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F68a4b574-14c9-4d65-81df-d700ef3fa2f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11336
x-amzn-requestid: 3aaca817-ebbc-449f-806c-d5a2a7559335
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWjFEmFIAMFqhg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d146-435381723c24efc66eed6b4b;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:33:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: GIjvleZ9_Ylizb0wtrfvVrU8qtjVdojVpS3IGmBZaqtLha42eEMBJw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6af3b573d8970d5db2a4d03354335b84.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:17:11 GMT
age: 60717
etag: "4bd955ea3790a6926486e3d56f51c712c56997d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f73dbc0fc3d196647ddc1e30450989d4
75d0a1414a5d350ba426dc37333a6ea131f66753
2a6954b3ccf01567c0c0c2911dd8b02c1cd264fc78178cef2eef6a6796c16c3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6943b819-ab3e-4698-a81d-266be026b4b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10855
x-amzn-requestid: bb845712-834d-49b1-97f0-f3750f132741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CEZD0GCHIAMFq6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418087e-4361bbd40ec5f0d10dabdf85;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 07:17:18 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: d81ObS_T4QBMAr1KU_lJ1hJC4FMqpJNCreDNuU481S4RZo3aQxMkaQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 07:20:22 GMT
age: 28126
etag: "75d0a1414a5d350ba426dc37333a6ea131f66753"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a940b362660fdee25faaa51e08c439b
85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c
18b99e3e890fdc959421c895ce343b8b3ed88819c83fa0009823e8ded23458f1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3db1704b-1ecd-4198-a98e-0353d4671a5c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8195
x-amzn-requestid: c6844a50-a6b2-4ef4-ad28-f1a0fbcec14f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDFESEDGoAMFQ8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6417821b-22fa560d4b7811c233fe07fa;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:43:55 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: hZeMhs-Z5fNn0pvRUSkNcGau_K6EG9EQtDktbLUth0uEveafUgCxeQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 22:07:00 GMT
age: 61328
etag: "85fa91b5c4e6ddc1f3cf45eb6a4a3facfc6ad68c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e5e49ed-9ec4-4b75-b7ba-3c4c213d5d27.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e5e49ed-9ec4-4b75-b7ba-3c4c213d5d27.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0e5cb0b321323913460ba1efd6b7b63
701eb0eb86c6673bbb6e85cf933bea53187b6048
150d0e93b808b222fcb4b58f0f4a78a403517b84461cb3029fc71c30930bb11b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0e5e49ed-9ec4-4b75-b7ba-3c4c213d5d27.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4712
x-amzn-requestid: 3c0b3a28-a1a9-4ba0-94ad-29156c2d83c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9yGEE8SIAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641563c0-1937b8bc1e42142720eddd7b;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:09:52 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: a-jsgTjZQKzBK_IFEYlrxbjpk6zou_7vbQe4ptwA1IOtUdlqDG2uWA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 21 Mar 2023 13:27:42 GMT
age: 6086
etag: "701eb0eb86c6673bbb6e85cf933bea53187b6048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e5f234aedfabd736b50fef3017380f9
71672a6c3523d9999522e005091863d07ea0e94a
3314df7a93e317d509aeffc1cde69ec450ddad116a27dc197db1abce966da344
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2ad5022-7f23-468e-8e1f-6388d8cc9db8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6511
x-amzn-requestid: 82d12180-bdcb-4ce0-8588-4239ee27f236
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CGWI_E_eoAMF3sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6418d09f-2f5df7cd5f6cee4762703d29;Sampled=0
x-amzn-remapped-date: Mon, 20 Mar 2023 21:31:11 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: sTt0-W1XE7yUFGFXg2nPnKw5tKKkrw-cH_TCIbQy8JL-k0QtCNZS8w==
via: 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:52:08 GMT
age: 62220
etag: "71672a6c3523d9999522e005091863d07ea0e94a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 302595cc68fe8cf12121d0f652b3194d
e5532a3fed552246e8a63ea2ba75e174273a7b9f
6ca3599a9af06f51d4dc205d4ebd8f7f8b38c54864b6b478eac8c0d1adbc97c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7963a1ee-914e-454a-a5e7-9466ab707e33.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7695
x-amzn-requestid: 1009077b-14aa-42e5-86f1-de94b8b2aba0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CDETIHf8oAMFxEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641780e0-07bbb0376f1c1941731e00ba;Sampled=0
x-amzn-remapped-date: Sun, 19 Mar 2023 21:38:40 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 02HknfEEVW-DU3f3sOQgfs_eL48pvEgV4ft__uRLXOFlDO5qX5tDsQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 a06140ffee86972bad90c57fc682df36.cloudfront.net (CloudFront), 1.1 google
date: Mon, 20 Mar 2023 21:49:06 GMT
age: 62402
etag: "e5532a3fed552246e8a63ea2ba75e174273a7b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
heatherandthistle.org/wp-content/themes/u-design/scripts/masked-input-plugin/jquery.maskedinput.min.js?ver=1.2.2
192.185.121.113200 OK 1.7 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/masked-input-plugin/jquery.maskedinput.min.js?ver=1.2.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (3314), with CRLF line terminators
Hash 4bdab593f6d6fce295fa46e3cdabcfc1
58a7136c1a1eb462c573b94bd37491cbf5f27c18
9f9d6188d5efa59acbd14abb7ace93d7601461d3c1b1e3249a20e83d2ba313ad
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/masked-input-plugin/jquery.maskedinput.min.js?ver=1.2.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1715
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/themes/u-design/scripts/script.js?ver=1.0
192.185.121.113200 OK 3.0 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/script.js?ver=1.0
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with CRLF line terminators
Hash 89df995f784e8d6372805d619d1b77b1
6ef783de9fc69c21ebb02f039306b12beec3a290
640ae4f545660632e1653a42ac10c114cb25b8d76f65a4dfa59a607d488fede4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/script.js?ver=1.0 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2959
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-includes/js/backbone.min.js?ver=1.2.3
192.185.121.113200 OK 8.8 kB URL HTTP/1.1 heatherandthistle.org/wp-includes/js/backbone.min.js?ver=1.2.3
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (22234), with no line terminators
Hash 7a3a1f5d9be98523801dd6a9fd7b2767
fba649eb8fbd919cbfd0e379c814cb37b6450301
27f4298d1d5164ee40509136087ec0825faa203056d6c013f5109ff8292825f5
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/backbone.min.js?ver=1.2.3 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8834
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2
192.185.121.113409 Conflict 83 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 409 Conflict
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Content-Length: 83
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
heatherandthistle.org/wp-includes/js/wp-emoji-release.min.js?ver=5.1.15
192.185.121.113200 OK 4.6 kB URL HTTP/1.1 heatherandthistle.org/wp-includes/js/wp-emoji-release.min.js?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (9071)
Hash 122e21d07df6406b4339db3edac0c8bd
b5d303d757a55542e58dc7c5d1c3cd7bb4079752
594b3412cfe7c3b48cb88f6200dc609267714d73da6c1941a2db9c938ab2f75f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4634
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/themes/u-design/scripts/jquery-validate/jquery.validate.min.js?ver=1.6
192.185.121.113200 OK 8.4 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/jquery-validate/jquery.validate.min.js?ver=1.6
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Unicode text, UTF-8 text, with very long lines (14681)
Hash 6d50282abfab268fd9fd75c8af782fef
36bc3789dc8b462be66137c3b4f7386b7bfde6a9
b6fa9ca90df4ed608f04427498bebac505c2d78a8a66e421f109a42aa8f749ea
GET /wp-content/themes/u-design/scripts/jquery-validate/jquery.validate.min.js?ver=1.6 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Wed, 14 Sep 2011 05:38:42 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8439
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/jquery.touchwipe.min.js?ver=1.4.8
192.185.121.113200 OK 736 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/jquery.touchwipe.min.js?ver=1.4.8
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1075)
Hash c6cdfaab5794286f5cdcca40004c2bf7
1483a045fe91e6de332a657a08b6d58be5fc6dd8
c9a852dda46da98251a53288d7600d261f4c38461e3b20d203cbaf91409dbd23
GET /wp-content/plugins/wp-jquery-lightbox/jquery.touchwipe.min.js?ver=1.4.8 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Mon, 01 Apr 2019 12:27:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 736
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/jquery.lightbox.min.js?ver=1.4.8
192.185.121.113200 OK 3.8 kB URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/wp-jquery-lightbox/jquery.lightbox.min.js?ver=1.4.8
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, Unicode text, UTF-8 text, with very long lines (9871), with no line terminators
Hash d89eb27acd0eb39cfaffff07ce3cc265
182e16b9d9d2ac157fe22052244dc3168157c2c9
4f8add021c0d191975243bd4e6d5e6f5fe8173a998817c03c06122d3a4aa956f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-jquery-lightbox/jquery.lightbox.min.js?ver=1.4.8 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Mon, 01 Apr 2019 12:27:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3812
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/custom_params.js?ver=3.1.2
192.185.121.113200 OK 2.0 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/scripts/prettyPhoto/custom_params.js?ver=3.1.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (662), with CRLF line terminators
Hash 2e1283b4dce499be4ed1fb1c5c9d85f7
0fc752ae6f0ebb9f14b897d02b2a7c5cba027d6c
3156cb5a25454aaafd907a6070ed4a460877512618d425904bd080668fb4f0b1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/scripts/prettyPhoto/custom_params.js?ver=3.1.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2020
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-includes/js/wp-embed.min.js?ver=5.1.15
192.185.121.113200 OK 750 B URL HTTP/1.1 heatherandthistle.org/wp-includes/js/wp-embed.min.js?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1391), with no line terminators
Hash 1c782657b72dd210e34fe872458db8a4
9aab886e2eb32e3ad3b48b414725b93875843201
f938f1b4a0bac49749cd11a5f8838cdcf6a188f2b4c5054467a08e209a1560aa
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-embed.min.js?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 750
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php/?ver=5.1.15
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php/?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/plugins/pdf-ppt-viewer/pdfppt-settings.js.php/?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/documents/n200511.doc/
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-includes/js/hoverIntent.min.js?ver=1.8.1
192.185.121.113200 OK 461 B URL HTTP/1.1 heatherandthistle.org/wp-includes/js/hoverIntent.min.js?ver=1.8.1
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1087), with no line terminators
Hash 3a2a8769be5c880aeeb5e504b1456f2c
394f14b24ec2298e2140f12515e3ed596fc85703
99032f8783df12492fe4ef9da67ba94304250f72beaa6132a7c0847401fa594d
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/hoverIntent.min.js?ver=1.8.1 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Thu, 15 Apr 2021 05:50:50 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 461
Keep-Alive: timeout=5, max=75
Content-Type: application/javascript
heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js/?ver=5.1.15
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js/?ver=5.1.15
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/plugins/pdf-ppt-viewer/pdfppt-renderer.js/?ver=5.1.15 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/documents/n200511.doc/
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
novati.ru/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fnovati.ru%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DThe%2520Heather%2520and%2520Thistle%2520Society%26se_referrer%3D%26source%3Dheatherandthistle.org
195.208.1.130200 OK 2.8 kB URL HTTP/1.1 novati.ru/js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fnovati.ru%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DThe%2520Heather%2520and%2520Thistle%2520Society%26se_referrer%3D%26source%3Dheatherandthistle.org
IP 195.208.1.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text
Hash bc98c24d81a68dcd7fc8174b7649c4ca
dc3a8be20abd140ee8c4e23d480fbc44d1824716
ead04097c7e6dca4fc773695d29c3a783b0cf41543a280377b54e607212dd19c
GET /js/jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fnovati.ru%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3DThe%2520Heather%2520and%2520Thistle%2520Society%26se_referrer%3D%26source%3Dheatherandthistle.org HTTP/1.1
Host: novati.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/
HTTP/1.1 200 OK
Server: openresty
Date: Tue, 21 Mar 2023 15:09:08 GMT
Content-Type: text/html; charset=windows-1251
Content-Length: 2758
Connection: keep-alive
X-Powered-By: PHP/7.3.26
fonts.gstatic.com/s/droidserif/v19/tDbI2oqRg1oM3QBjjcaDkOr9rAU.woff2
142.250.74.163200 OK 22 kB URL HTTP/1.1 fonts.gstatic.com/s/droidserif/v19/tDbI2oqRg1oM3QBjjcaDkOr9rAU.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22476, version 1.0\012- data
Hash c221fd7b9d189773de5e54745a6dc28c
9a58a6bd08f6cda6acbfaaa160375d3e1c5c93f0
aee4051a20e975b9bb6fdc20984a091eb1f55c35ea87abe441db4cdbe8c116d0
GET /s/droidserif/v19/tDbI2oqRg1oM3QBjjcaDkOr9rAU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://heatherandthistle.org
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22476
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 19 Mar 2023 17:44:45 GMT
Expires: Mon, 18 Mar 2024 17:44:45 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 19 Apr 2022 19:19:08 GMT
Content-Type: font/woff2
Age: 163463
fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
142.250.74.163200 OK 21 kB URL HTTP/1.1 fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21224, version 1.0\012- data
Hash 13bdfb843f942ccd9f485eb6c0bc1934
2bad44362ff7569f24f2a3df2521b27a97ec1297
7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c
GET /s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://heatherandthistle.org
Connection: keep-alive
Referer: http://fonts.googleapis.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 21224
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 17 Mar 2023 10:07:16 GMT
Expires: Sat, 16 Mar 2024 10:07:16 GMT
Cache-Control: public, max-age=31536000
Age: 363712
Last-Modified: Tue, 19 Apr 2022 18:04:18 GMT
Content-Type: font/woff2
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/lake.jpg
192.185.121.113200 OK 76 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/lake.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Hash ff1dc576677d67eb06e9b9affb1e4a93
09796ca3893a26e20c134b31b73ef0134de76536
68c177550371b4570b6d675ded9e8515a3bb5db1975c9332bfb26b5f02fc2df0
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/lake.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:08:27 GMT
Accept-Ranges: bytes
Content-Length: 75455
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/castle2.jpg
192.185.121.113200 OK 155 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/castle2.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 155 kB (155229 bytes)
Hash 904359d7e85e0f8c29f58c426975f948
425a24d33f9a16628d86127fa9e5ad151c47461c
59acea644982641393b65cc568c3dab7963caa0b012b6ea56e9532e1f52ce938
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/castle2.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:09:46 GMT
Accept-Ranges: bytes
Content-Length: 155229
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2
192.185.121.113409 Conflict 83 B URL HTTP/1.1 heatherandthistle.org/wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/custom-contact-forms/wp-api/wp-api.js?ver=1.2 HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 409 Conflict
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Content-Length: 83
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/castle.jpg
192.185.121.113200 OK 168 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/castle.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 168 kB (167501 bytes)
Hash d101612c8d62d558651c541f40119f6b
4a2cc5f2ba677e5217b8acf948fcda7af4894e67
bbec24007fe342c0960f4353ceac4f2b77caad9709a506f0923c64d2c3d4873b
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/castle.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:09:19 GMT
Accept-Ranges: bytes
Content-Length: 167501
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/dog.jpg
192.185.121.113200 OK 213 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/dog.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 213 kB (212598 bytes)
Hash 4d909a3957d279911c0d6fa5e05dc4b6
aa4788312651ae50a506e8bc828c9c377d27bb85
04ac5ee692d00bb6bb9cb93d0d6f3efac0747a4c07c8b8ac8ab7d9ad5e4a5eae
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/dog.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:09:07 GMT
Accept-Ranges: bytes
Content-Length: 212598
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/uploads/2011/09/headerpattern.jpg
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/headerpattern.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2011/09/headerpattern.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://heatherandthistle.org/wp-content/uploads/2011/09/headerpattern.jpg/
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/istock2.png
192.185.121.113200 OK 583 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/istock2.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 914 x 374, 8-bit/color RGB, non-interlaced\012- data
Size 583 kB (582872 bytes)
Hash 231913fa60142bc4ea8030de313da292
6806fe3842b285808cdb8bb2cc6122e31e6b983e
546013c54591b90f059f26e29dbef58bdceb7cc8b9ecb97b1171a9bd3d2b3f01
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/istock2.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:07:00 GMT
Accept-Ranges: bytes
Content-Length: 582872
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/searchbox.png
192.185.121.113200 OK 1.1 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/searchbox.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 185 x 52, 8-bit/color RGBA, non-interlaced\012- data
Hash 1d6baa5d1ab20a4732fd6f2d930751ea
c9b80ccc2e6a9a2d024351245f9b3964707452c2
138a01c633b94f819750d1f0310029f4de2f236f3c9149afc176e49ebb7a6389
GET /wp-content/themes/u-design/styles/style1/images/searchbox.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 1111
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_params.php
192.185.121.113200 OK 176 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_params.php
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type XML 1.0 document text\012- XML document, ASCII text
Hash ac5a58eedcfe3bdebb39f18b95839574
cb4268c507a95ef6e8383096ad2e7d55294ab5a0
3e57d96494c01be062ac01d7e2c5e46c0a413f0a68cf8d014d636bbfe64f065f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/u-design/sliders/cycle/cycle1/cycle1_params.php HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 176
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: application/xml; charset=ISO-8859-1
heatherandthistle.org/wp-content/uploads/2013/01/HT-Color-logo-small.jpg
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2013/01/HT-Color-logo-small.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2013/01/HT-Color-logo-small.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: http://heatherandthistle.org/wp-content/uploads/2013/01/HT-Color-logo-small.jpg/
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/styles/common-images/main-menu-btm-border.png
192.185.121.113200 OK 118 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/common-images/main-menu-btm-border.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 5 x 2, 8-bit/color RGBA, non-interlaced\012- data
Hash c32ed21ff7be16088cfd775487489d0d
290083cc75930bc807ebb81d0f956f4c076739cf
1a80bc96a4ab3c2efbb92ac4f7525d2c88431b11921bcd05982436aaeda0002f
GET /wp-content/themes/u-design/styles/common-images/main-menu-btm-border.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 118
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/styles/common-images/c1-frame.png
192.185.121.113200 OK 21 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/common-images/c1-frame.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 960 x 420, 8-bit/color RGBA, non-interlaced\012- data
Hash 74ca3de1377cafa8edbd6991fe852fad
806ea2dcae4aed831fc8ee95767c3b929f450918
797644679e306e85745a1ae4556e364ad609af4bd84fa09636470d27e3c2f5e2
GET /wp-content/themes/u-design/styles/common-images/c1-frame.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 20870
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/slider-controls.png
192.185.121.113200 OK 770 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/slider-controls.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 6d19bfa10bcd90089db2292625cd6ba2
a32ba8cd00f23696fef68a03ad1e2e0853b64b3b
25509484b72e9395640f9696e5f8c04e45684eeb5cc372fa1d53fb0c333657d0
GET /wp-content/themes/u-design/styles/style1/images/slider-controls.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 770
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/styles/common-images/home-page-before-content-top.png
192.185.121.113200 OK 112 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/common-images/home-page-before-content-top.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 3 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash fc783fa64267617203dedb6f66e81d68
48427f9a7c9dea2fd729032c32c6204867ae5e9a
f62baf1b315f5fb5634efa0da4d5fef0b04bcea66dc1e48d414b175d19e601f4
GET /wp-content/themes/u-design/styles/common-images/home-page-before-content-top.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 112
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/uploads/2011/09/whitepattern.jpg
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/whitepattern.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2011/09/whitepattern.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://heatherandthistle.org/wp-content/uploads/2011/09/whitepattern.jpg/
Content-Length: 0
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/uploads/2011/09/background2.png
192.185.121.113301 Moved Permanently 0 B URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/background2.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/uploads/2011/09/background2.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 301 Moved Permanently
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Redirect-By: WordPress
Location: http://heatherandthistle.org/wp-content/uploads/2011/09/background2.png/
Content-Length: 0
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock3.png
192.185.121.113200 OK 694 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock3.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 914 x 374, 8-bit/color RGB, non-interlaced\012- data
Size 694 kB (693502 bytes)
Hash 66ba8dcf31ddbe9c435b643aae33c9c1
cb5d8b2f3d6b9a854ed278931d7b0cf4db67b160
3905a18be8147952c36fb91021f10a0cec42558cbe00c10df13b72583b1f717b
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock3.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:08 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:09:54 GMT
Accept-Ranges: bytes
Content-Length: 693502
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/slider-bullet.png
192.185.121.113200 OK 788 B URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/styles/style1/images/slider-bullet.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 28 x 14, 8-bit/color RGBA, non-interlaced\012- data
Hash 31f042c71bda482ede51bd2add123a5d
de6b68292260848f0919912221e3d90233627dc1
83210adfa081eef5c0179a4c08b89dbe12e953ecda9da81b6f507893b31c8be0
GET /wp-content/themes/u-design/styles/style1/images/slider-bullet.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/style1/css/style.css?ver=1.0
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 05:38:43 GMT
Accept-Ranges: bytes
Content-Length: 788
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/image4.jpg
192.185.121.113200 OK 135 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/image4.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 914x374, components 3\012- data
Size 135 kB (135256 bytes)
Hash 96bccaf26e9f9c8792b28500957747d0
341a3b1369806f271836c4e60e77b2547f13bce7
990de6b124cbf3fc31ff65743caef2c5c68da4d29be095a806fc8a85643cf6b8
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/image4.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:07:40 GMT
Accept-Ranges: bytes
Content-Length: 135256
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/uploads/2011/09/headerpattern.jpg/
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/headerpattern.jpg/
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/uploads/2011/09/headerpattern.jpg/ HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/uploads/2013/01/HT-Color-logo-small.jpg/
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2013/01/HT-Color-logo-small.jpg/
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/uploads/2013/01/HT-Color-logo-small.jpg/ HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=68
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/uploads/2011/09/whitepattern.jpg/
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/whitepattern.jpg/
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/uploads/2011/09/whitepattern.jpg/ HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=63
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/thistlehillside.jpg
192.185.121.113200 OK 126 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/thistlehillside.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 126 kB (125632 bytes)
Hash f6a9ef50798c778d6ea2e0317e356e6b
76f0f79e2d8641a86e8d77ed52850835e3a6d0d9
68b8577f4475a4d006f6f51a6dd1a7e4b635861f720068b5a65537ce12f0e71f
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/thistlehillside.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:08:00 GMT
Accept-Ranges: bytes
Content-Length: 125632
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/uploads/2011/09/background2.png/
192.185.121.113200 OK 6.6 kB URL HTTP/1.1 heatherandthistle.org/wp-content/uploads/2011/09/background2.png/
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1746), with CRLF, LF line terminators
Hash 38ec54e73245ed906413249c565d20c1
24f464bd1935194f39fa23704fc2c6489400c7a7
af467caa8ea7398796664da483e7e4efe08cc1acaa12fa944774868d18e8d980
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET WEB_CLIENT Malicious Fake JS Lib Inject
GET /wp-content/uploads/2011/09/background2.png/ HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://heatherandthistle.org/wp-content/themes/u-design/styles/custom/custom_style.php?ver=5.1.15
Connection: keep-alive
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <http://heatherandthistle.org/index.php?rest_route=/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6630
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/scotch.jpg
192.185.121.113200 OK 146 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/scotch.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 146 kB (145999 bytes)
Hash b8afce8f0ede4c5aa982d88836017c3a
879cd64e2d4492d4aae7e634f05b0a208a9e7eae
44302f8704acc4c23f2bd8c74fa32933e9dd1683c80a21482c84085206dd356a
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/scotch.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:08:11 GMT
Accept-Ranges: bytes
Content-Length: 145999
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/hslide3.jpg
192.185.121.113200 OK 176 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/hslide3.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 176 kB (175752 bytes)
Hash 081abb1b18ec02cd3e752c9f108bd153
594e9416bab672a50bf98ce3dc01af1aee6de84f
b358894cc7506beafb5a3346f37a61fe24bad58a55aca16742c7f39a2a09b657
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/hslide3.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:08:58 GMT
Accept-Ranges: bytes
Content-Length: 175752
Keep-Alive: timeout=5, max=62
Connection: Keep-Alive
Content-Type: image/jpeg
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock4.png
192.185.121.113200 OK 548 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock4.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 914 x 374, 8-bit/color RGB, non-interlaced\012- data
Size 548 kB (547556 bytes)
Hash 51934aecd5364b01a834be9acdfff9d8
09055ea42344e5093e8325f05b1f20456d00c448
aeb68f8fd3edce19a611ee762edc00d67a73fd8b89cdbdbecb4c76408c84c8ac
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/slidestock4.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:09:29 GMT
Accept-Ranges: bytes
Content-Length: 547556
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slideistock1.png
192.185.121.113200 OK 703 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/slideistock1.png
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 914 x 374, 8-bit/color RGB, non-interlaced\012- data
Size 703 kB (703184 bytes)
Hash ab0df0f888d5840b8625db44146cc94e
5a65dbb5580f8875f138fb711f11d5fb929d7a6c
f67d6a6253dd4bb9e131b16f92d119835d00557b2e348fd10d7565fe561f4a7c
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/slideistock1.png HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:08:44 GMT
Accept-Ranges: bytes
Content-Length: 703184
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive
Content-Type: image/png
heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/sky.jpg
192.185.121.113200 OK 122 kB URL HTTP/1.1 heatherandthistle.org/wp-content/themes/u-design/sliders/cycle/cycle1/images/sky.jpg
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 914x374, components 3\012- data
Size 122 kB (122173 bytes)
Hash a3a45416203610ac90d7534dd617746e
e219291614c49a6cc1a300b3c4befdac43f8417a
b01a0ebb2dd9b9c50b4f6bfe06c55d23b4c84bc66f13f66929892d95dd028e5f
GET /wp-content/themes/u-design/sliders/cycle/cycle1/images/sky.jpg HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Last-Modified: Wed, 14 Sep 2011 14:07:52 GMT
Accept-Ranges: bytes
Content-Length: 122173
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: image/jpeg
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0086fc6b6b52670b2d7ca51fc65d8d44
1d906db50d0373e0e3e1e85031de970218264f4d
24a9078b3b1b7b060c8e68777d0baaa3651c18cebe9107a2598f07981086f830
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 15:09:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
216.58.207.195200 OK 165 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP 216.58.207.195:0
File type ASCII text, with very long lines (576)
Size 165 kB (164678 bytes)
Hash f22f07ee02fbeed3958345c90b52b818
2aa44ea19d580589c06c2170103b4d0505e18cdb
dc1eadf37f70bef92766d0c316d1da7af283b84e5c309a4732d8ed35d7bbfb84
GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://heatherandthistle.org
Connection: keep-alive
Referer: http://heatherandthistle.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 164678
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 21 Mar 2023 12:08:55 GMT
expires: Wed, 20 Mar 2024 12:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 13 Mar 2023 02:02:14 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 10814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash c26dba42c0d5a8ae943ac677b38929ea
21c68777a8249158f53f6f1bbf33d12769146cec
a890859401ea2f9079622841f24a700215fcab7fe291d0b1f581e675ae130342
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 21 Mar 2023 15:09:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
heatherandthistle.org/favicon.ico
192.185.121.113200 OK 0 B URL HTTP/1.1 heatherandthistle.org/favicon.ico
IP 192.185.121.113:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: heatherandthistle.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://heatherandthistle.org/documents/n200511.doc/
Cookie: PHPSESSID=d5beeca09263e43e3449e2cb278fe4dd
HTTP/1.1 200 OK
Date: Tue, 21 Mar 2023 15:09:09 GMT
Server: Apache
Content-Length: 0
Keep-Alive: timeout=5, max=66
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon