r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5157
Expires: Fri, 04 Nov 2022 20:32:16 GMT
Date: Fri, 04 Nov 2022 19:06:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5469
Cache-Control: max-age=143755
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 11:02:14 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4542
Cache-Control: max-age=142828
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:46:47 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 04 Nov 2022 18:43:02 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1397
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15417
Expires: Fri, 04 Nov 2022 23:23:16 GMT
Date: Fri, 04 Nov 2022 19:06:19 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Q7NLLSiubaSgtNtQHFB8X9h9sWaUryD6CKHXU9sEWdw+mu7WFa3O6YxZaGdbVCYOxKGJDgoVMDg=
x-amz-request-id: A78M2JC5QTXMYXKV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 18:09:41 GMT
age: 3398
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 19:06:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
busshelters.ky/files/BASICDATA.exe
151.101.130.159301 Moved Permanently 162 B URL HTTP/1.1 busshelters.ky/files/BASICDATA.exe
IP 151.101.130.159:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /files/BASICDATA.exe HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Location: https://busshelters.ky/files/BASICDATA.exe
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: 1r7n9qtuoz
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Fri, 04 Nov 2022 19:06:19 GMT
X-Served-By: cache-bma1666-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1667588779.998897,VS0,VE483
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2645
Cache-Control: max-age=135873
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 08:50:52 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.6.128101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.6.128:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BX9kATPA99l+rO4j2x7lLQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tGoaNjKZCAgGfYQSycNdKIg38pU=
busshelters.ky/files/BASICDATA.exe
151.101.130.159404 Not Found 9.0 kB URL HTTP/2 busshelters.ky/files/BASICDATA.exe
IP 151.101.130.159:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 6a2f63312ce110593a4741ef796ab276
7d31e45536a8a22feba73c8159678974590f94fc
39829f913151f101bbe04efadbb699a2a9cf72c58c943a7db76a5d6b8c3fac5d
Analyzer Verdict Alert fortinet Phishing
GET /files/BASICDATA.exe HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://busshelters.ky/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667588780.565259,VS0,VE1264
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 9013
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3
151.101.130.159200 OK 828 B URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (2443)
Hash a39903a72c7ec1a81ad439c84ee04047
8e28eb36cdd9f0ebb38284a86bfab05332b9581b
0e2c303ded7fc03c7cd52e7f95365a9d5aa22dcb01390b7c40655d25f5c56144
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-98c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928847,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 828
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3
151.101.130.159200 OK 1.6 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (4844)
Hash 4ae404fc4b362d777af5da6ebdc40694
5d02cdd54b988eecb7f04e54d68f02f367106f4c
948ffc672834fcd865b6a55b52e631d003d2ad7449bc2cf06abea454eb92b882
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-12ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.929015,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1574
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3
151.101.130.159200 OK 4.8 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (23292)
Hash 61a9dcc018aaa78af97d2528a212d8b0
4e86a7786791f8330d449978094679b27259dc1d
57d1220b393f2f66c79f4f21d5cb0c65329eaaaaad2c27177fcc04c18ccbdbd8
GET /wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-5afd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928915,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4799
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3
151.101.130.159200 OK 104 B URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3
IP 151.101.130.159:0
Hash aa39eb90d1abb956a8b45a0722fe80da
17c626a3269ee7873b80e61ce144833df6f599f1
31de1fcfddbbfdcf83e2a395b892637c5fb64fcdf50beba135e25854e69be333
GET /wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-7b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928858,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 104
X-Firefox-Spdy: h2
busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
151.101.130.159200 OK 4.4 kB URL HTTP/2 busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 151.101.130.159:0
File type ASCII text, with very long lines (11126)
Hash 24957bc8161f979c6e661f46fdc3974f
fa1237ffe8b3745baa78ac481239038e133fcc17
46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928748,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2
busshelters.ky/wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45
151.101.130.159200 OK 1.1 kB URL HTTP/2 busshelters.ky/wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45
IP 151.101.130.159:0
Hash 48216e139f99573cb19da51228580c6b
2d1647aefd14ed826f745846188aa7278774cda7
ecd0a4ebda0974422afbb554cce6e51dcb5a4b9f6c19dd37be18a90e45bde42e
GET /wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:39:57 GMT
etag: W/"61e85afd-ea6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928792,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1126
X-Firefox-Spdy: h2
busshelters.ky/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
151.101.130.159200 OK 14 kB URL HTTP/2 busshelters.ky/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (43771)
Hash 1047dd6779111ec73736abd71a40fef9
e08643922ce9a1a488f2a72c0341807f59f7528e
d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928999,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/style.css?ver=6.0.3
151.101.130.159200 OK 29 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/style.css?ver=6.0.3
IP 151.101.130.159:0
File type HTML document, ASCII text, with very long lines (5358)
Hash 5003c0ccad2b17d689004afc1c20a2c1
fe2d832146fdc8a39fc24b03d6ed0026a327acfd
ef8c326c2c55db70a5c0feff710937da27817fe989bc98d8295f443ed8a1185c
GET /wp-content/themes/themify-ultra/style.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-1ce21"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928975,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 28772
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/style.min.css?ver=6.0.3
151.101.130.159200 OK 23 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/style.min.css?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bda7e18203dbebf5323cbbf60f4b9120
87094ec83ddc0725ea1eafab900e9e9ab28c8135
4a11e4cba8d7e0ab3b78196f2c4fb1c4030c3164d98716d25301e66f3d6c1a01
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/style.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-165a6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928927,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23012
X-Firefox-Spdy: h2
busshelters.ky/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
151.101.130.159200 OK 34 kB URL HTTP/2 busshelters.ky/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 151.101.130.159:0
File type ASCII text, with very long lines (65447)
Hash 22b0253c0ecce70e41e296d176b0d972
a161c363d2092739db21bfeb2cf23c980ec71580
181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928771,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2
busshelters.ky/wp-content/uploads/2017/10/Logo_Small_60.png
151.101.130.159200 OK 13 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/Logo_Small_60.png
IP 151.101.130.159:0
File type PNG image data, 226 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 5acaa78f412409556fc5b8e16e2751d5
93160ca31b984bed679c61dc2cc4fd5dd1353688
b58a314be084220bb1a6dfe603a313cdba28f94be7c68c6c94b865a9e3dc234c
GET /wp-content/uploads/2017/10/Logo_Small_60.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:00 GMT
etag: W/"61e85b00-6a75"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928709,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 12603
X-Firefox-Spdy: h2
busshelters.ky/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4
151.101.130.159200 OK 4.0 kB URL HTTP/2 busshelters.ky/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4
IP 151.101.130.159:0
File type ASCII text, with very long lines (24504)
Hash e8c6499e6117936791d44721a6bd8bca
f2b8cc02c7e314f0bcb2846a7d20ca4b067068cf
24e530c4235a6d912d5752e9a34d803eca3fe1af09a0d80db0d48a89cf839d19
GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 28 Feb 2022 15:38:16 GMT
etag: W/"621cec68-5fb9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.929035,VS0,VE4
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3973
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
busshelters.ky/wp-content/themes/themify-ultra-child/style.css?ver=6.0.3
151.101.130.159200 OK 218 B URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra-child/style.css?ver=6.0.3
IP 151.101.130.159:0
Hash 271b35395ffa443720faceeb74510411
fcb5b31064cbe01dcf3ea7167a723c82f52e9cd7
d0f399f8641359cab8c9297551cd622f77da56c867fd096e749143376a8eb2d7
GET /wp-content/themes/themify-ultra-child/style.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-133"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928811,VS0,VE8
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 218
X-Firefox-Spdy: h2
busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
151.101.130.159200 OK 5.5 kB URL HTTP/2 busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (15660)
Hash 17db16eba9de064a60b18a592b36634a
82fc955209623803111e48d5be3cf345315be6f5
1144901adf4e1d54838e6e04a2b75314f3b95518ee654d8c1742af50e355b433
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-48b9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.936510,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5515
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3
151.101.130.159200 OK 694 B URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (522)
Hash 7c02cc9d233597d530f8135fa67e8dca
4b9c6c7d2985fa383ebcaebde77b6ecf6ca024cf
6facda2fd778875595e70d7388d9797f95f57788f0ff583deeda20d3bfc400fc
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-693"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.938265,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 694
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3
151.101.130.159200 OK 14 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3
IP 151.101.130.159:0
File type ASCII text, with very long lines (800)
Hash 8ae397fcb69431875f6d4466047c3523
6d9d815538e8e87d8ca44b2ebdd21d23990edfde
6498bff3f0fb8f38844e11ebb98b3716b7a1763348d05cb6a348ba9d8e61ca48
GET /wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:03 GMT
etag: W/"61e85b03-afc3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.938861,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13658
X-Firefox-Spdy: h2
busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4
151.101.130.159200 OK 8.3 kB URL HTTP/2 busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4
IP 151.101.130.159:0
File type ASCII text, with very long lines (27481)
Hash 38502bc1233e351d85fe88fdc64157fd
b5e5bfc8fe53511a3b316b6d3485b53d9dafee02
2faf97a6a3a0a4226dcb589409db64377b4cdf7591c5e15eb17e2bd3eaea3460
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 28 Feb 2022 15:38:17 GMT
etag: W/"621cec69-6b5a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.939716,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8315
X-Firefox-Spdy: h2
busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4
151.101.130.159200 OK 1.9 kB URL HTTP/2 busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP 151.101.130.159:0
File type ASCII text, with very long lines (5477)
Hash fcf12c7d3f5778470877aff26bdb3040
b8cc6b30eb49ef014651e6f22e4a33b74a3fde1e
2b6a1c6d97acd8b8f1460d8e4acbac8f911aa950c482ab794888f40c63fb2d6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.937642,VS0,VE6
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1946
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f62b37b31acd5a1918c3a4453a7b39c5
95ca904e055cb2646e0194e429cf6374213cabe6
94533502a038fc926fb0f25dbf72be12fdf6d868c0e836d855ef195d63d1ecbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive
busshelters.ky/wp-content/uploads/2017/10/Join-50x50.png
151.101.130.159200 OK 6.4 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/Join-50x50.png
IP 151.101.130.159:0
File type PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 30511f35cfed41b7edc319e97bc38262
9d3e52dc8d69f2280b3fea2f6cca89732dcbeec2
35ac310b1282c3e1043ed9db5f21d82b8ff92db3ba19c4c584e580c7077613bc
GET /wp-content/uploads/2017/10/Join-50x50.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-18e4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.386340,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6400
X-Firefox-Spdy: h2
busshelters.ky/wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg
151.101.130.159200 OK 1.7 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg
IP 151.101.130.159:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 50x50, components 3\012- data
Hash fd64d3e91964feae75eaad3bfc6eb938
acbbcf021755463da581041f97307c216c636a52
c9985da71d86f73cea7f8ddbfea10b3436a4da9f4199bea9556c2a473b5221a2
GET /wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Wed, 19 Jan 2022 18:40:00 GMT
etag: W/"61e85b00-709"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.386606,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1687
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
busshelters.ky/wp-content/uploads/2017/10/Award-50x50.jpg
151.101.130.159200 OK 9.5 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/Award-50x50.jpg
IP 151.101.130.159:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=540, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], baseline, precision 8, 50x50, components 3\012- data
Hash 2ce0089c0789056bb8b9778978fcc300
df66481a3f4e5eee788b6e40d0db272566395b9e
932e952bfd78a2b509efd215c53e6d03897fb1cf100f26a95b89b7322063c3f5
GET /wp-content/uploads/2017/10/Award-50x50.jpg HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-3678"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.385475,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9452
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://busshelters.ky
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 05:42:51 GMT
expires: Fri, 03 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 134610
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://busshelters.ky
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:40:18 GMT
expires: Fri, 03 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 95163
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bd006407a4ea0fbeec2f1351a71f30bc
d1625420cdc79643e759247b0e9ac89dadfbe956
fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A2gds6rdrlTJCrN3m05Yl3azoOYGCEaCd2OBH8qq21wHR8WgqI3CA==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 00:54:07 GMT
age: 65534
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 76401
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9a763d44e05fa357713a41ab1388974a
d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd
f351b7e90e5435af071892b62af3ac591bc553281b3ea63b1ae067a3d03f572d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7703
x-amzn-requestid: 4f835957-6df6-4001-9c34-ed9749000b46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpFGwoAMF0-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-3f7b7dd36cb07d057b64ec2f;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5_POzz6quaFlv3R4djTMvwuiLWqmvHLCrZ58DtyQPJG8yWQoxV0LjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:11 GMT
etag: "d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd"
content-type: image/jpeg
age: 76390
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3
142.250.74.10200 OK 8.8 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3
IP 142.250.74.10:0
Hash 86678dd9e36db170a6ae70028c734e50
8ad93b6ed9cda8c60de34430555573f3e50cad10
ea78700306362099c7960e24d27868754519a3a45e8915c9106dfa123279cf7c
GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://busshelters.ky/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 04 Nov 2022 19:06:21 GMT
date: Fri, 04 Nov 2022 19:06:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4
151.101.130.159200 OK 3.6 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4
IP 151.101.130.159:0
Hash 3e2c2868516a60c335361ccef89c6090
b71b29860aca017ac124fb4037cec5dc3101474e
3ac5d5410a9d31317c2f31fe3e08cdb188e26bfffce5275b85cce986f2841d22
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-35bf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.937100,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5385
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c472942cb4b85610a3e83edf7527f923
8191eb019b21bed2b9f53c755e1c24d08dc70760
0dc7f9902567b0130c1c34b6e356b8239f8e6c83e1d38ac9b74588270000279c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10810
x-amzn-requestid: 85c9096f-2671-4f0e-94a3-607254d036d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC057E5yIAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364350c-3c93b6e56e6141a63d1285eb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Rr6GO1Bb6pdxYxNFuwmG2Srs9uGM7tOTffgnyWys0zDjGCDrONRxUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "8191eb019b21bed2b9f53c755e1c24d08dc70760"
content-type: image/jpeg
age: 76401
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f62b37b31acd5a1918c3a4453a7b39c5
95ca904e055cb2646e0194e429cf6374213cabe6
94533502a038fc926fb0f25dbf72be12fdf6d868c0e836d855ef195d63d1ecbf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4
151.101.130.159200 OK 7.6 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4
IP 151.101.130.159:0
File type ASCII text, with very long lines (30028)
Hash e23a28b98a8ca84e9991c4def950dc9b
0b8e250e1715f3e1e0963dd5c1266473e993b8bd
7a57c779dfe87513cefdc471e0d2a018cc3d88f2fbacfc323323eaca8f96f4c3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-75ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667588781.483460,VS0,VE127
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7643
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4
151.101.130.159200 OK 3.1 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4
IP 151.101.130.159:0
File type ASCII text, with very long lines (13799)
Hash c9184174f207d4b1cf549c34c9541865
5c4b15f3907805c077deae6e06142f2c862daa5d
15ef7bf82acd01ac614928e8e58b14105e9037862961ac9d1471285b32d73805
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:09 GMT
etag: W/"61e85b09-35e8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.634579,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3136
X-Firefox-Spdy: h2
busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
151.101.130.159200 OK 77 kB URL HTTP/2 busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 151.101.130.159:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: "61e85b06-12d68"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.649016,VS0,VE3
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 77160
X-Firefox-Spdy: h2
busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png
151.101.130.159200 OK 1.5 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png
IP 151.101.130.159:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash ee88fa12d7c3d8b77cdb204721245008
2cbdf809abc6ff549a1a74f4e4b61fb06d6c8a7f
bb21820646f93ef6976c2096d49d99aaeec437b5901fedfa4016dba0ce78112c
GET /wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-847"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.811701,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1472
X-Firefox-Spdy: h2
busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png
151.101.130.159200 OK 17 kB URL HTTP/2 busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png
IP 151.101.130.159:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a1ab31c9dae8127dbceba5f3f5c891e5
b0febcf950578aecd2c4a246a7c567b48a23d1f3
95f9031fa070b69c9d31f6b7ead512742c083105c1b7247244773d6c894de1d3
GET /wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-41cf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.811722,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 16840
X-Firefox-Spdy: h2
rotarycentralcayman.volum3tric.com/wp-content/uploads/2017/10/Walking.jpg
64.111.120.181200 OK 137 kB URL HTTP/1.1 rotarycentralcayman.volum3tric.com/wp-content/uploads/2017/10/Walking.jpg
IP 64.111.120.181:0
File type JPEG image data, progressive, precision 8, 960x960, components 3\012- data
Size 137 kB (137013 bytes)
Hash fc7104e884f8b4909e79eecb3790bca8
f769406aad6d278aee3f0f0652a40dc2ad1a62b4
29d07844278fecdc76fc7549914f247d6d1227c2a600dc87f3d08c22827cb138
GET /wp-content/uploads/2017/10/Walking.jpg HTTP/1.1
Host: rotarycentralcayman.volum3tric.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 19:06:21 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 30 Oct 2017 21:57:29 GMT
ETag: "21735-55ccab9882510"
Accept-Ranges: bytes
Content-Length: 137013
Cache-Control: max-age=2592000
Expires: Sun, 04 Dec 2022 19:06:21 GMT
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Content-Type: image/jpeg