Report - busshelters.ky/files/BASICDATA.exe

Report Overview

Submitted URL
busshelters.ky/files/BASICDATA.exe
IP
151.101.130.159
ASN
#54113 FASTLY
Submitted
2022-11-04 19:06:30
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-10T12:25:49Z	712 B	9.5 kB	142.250.74.10
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.0 kB	2.4 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	364 B	1.5 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
busshelters.ky	unknown	2019-01-30T17:00:59Z	2023-02-27T22:56:01Z	13 kB	316 kB	151.101.130.159
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.161.6.128
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-10T05:11:10Z	1.7 kB	3.5 kB	142.250.74.35
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.0 kB	5.3 kB	23.36.76.226
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	2.2 kB	40 kB	34.120.237.76
rotarycentralcayman.volum3tric.com	unknown	2019-01-30T17:00:27Z	2022-11-04T20:06:21Z	314 B	137 kB	64.111.120.181
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-10T14:37:36Z	1.0 kB	78 kB	216.58.207.195

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-04	medium	busshelters.ky/files/BASICDATA.exe	Phishing
2022-11-04	medium	busshelters.ky/files/BASICDATA.exe	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3	Phishing
2022-11-04	medium	busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Phishing
2022-11-04	medium	busshelters.ky/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/style.min.css?ver=6.0.3	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3	Phishing
2022-11-04	medium	busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4	Phishing
2022-11-04	medium	busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4	Phishing
2022-11-04	medium	busshelters.ky/wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4	28 kB	2023-03-07	2024-04-26
Pretty URL busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:50 Last Seen2024-04-26 01:56:03 Times Seen118 Hash d00da0f8f53375d09100d10f456eba9e 5199ca51fd4b933aeea497c8c28c29fdfab9fe4e e2f593a70e96ce43902c23e6b15b42b2b2222f98ffd06a3dbe58be0324270887 Loading...

	busshelters.ky/files/BASICDATA.exe	1.9 kB	2023-03-10	2023-03-10
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-03-10 20:15:55 Times Seen1 Hash 8cda41fcf42bae10033a68cca7ddf23f 1be3a0e199d22441e7d46da81260f6b1ae8de0e6 1376cba846923fb43ec1bb9621058cda3f711ebb62dd7ca87097ddae67f0bca7 Loading...

	busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3	45 kB	2023-03-10	2023-10-13
Pretty URL busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-10-13 10:51:32 Times Seen3 Hash 2bf6d690529bbbb64a0226e46acba52a c83d0d780a89a2b2e2df59cbb850b7b9060e409c 0529d019b353b67ebaa28a659320333b3e4409c4f19ab95a274554d8bf0c9f9f Loading...

	busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4	5.6 kB	2023-03-07	2024-04-26
Pretty URL busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:40 Last Seen2024-04-26 15:37:45 Times Seen30983 Hash 3a56752b736635bf69cb069b8818cbfd 42e0951fe74bb3f56a30f51291823bcd4a84d76e ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869 Loading...

	busshelters.ky/files/BASICDATA.exe	45 B	2023-03-07	2023-11-02
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:21:37 Last Seen2023-11-02 13:04:42 Times Seen16 Hash 95dc6c9eccdd4ec59d82e0279332c623 6c18f4541a51435f5148da525ac15564691bdd2b d9b425a45f3daffc7b18bf99055b821a40e674af2aefa25cd09289b9a4f5773a Loading...

	busshelters.ky/files/BASICDATA.exe	68 B	2023-03-10	2023-03-10
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-03-10 20:15:55 Times Seen1 Hash d13e18e86de461f2a1d47458e7ea69e3 64bdb9df963d16e085e7b6a29e31c83017d57b5d c47b8d89e578a43b06401b9443bddeb41e43684ea38608a2e2236f0abdca2284 Loading...

	busshelters.ky/files/BASICDATA.exe	2.2 kB	2023-03-10	2023-03-10
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-03-10 20:15:55 Times Seen1 Hash e45f341b03154358259354cb17422413 916264d22cdda947b1f39a5ab403995e84323882 134030e5a8e21123d48bfb8da385c49c6d0388a56b7a8ae4410c29389a903dd3 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 16:14:19 Times Seen37095398 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3	19 kB	2023-03-07	2024-04-26
Pretty URL busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 16:08:31 Times Seen38067 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4	14 kB	2023-03-10	2023-11-24
Pretty URL busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-11-24 03:56:46 Times Seen5 Hash 54ac0ef1a2d182e02525cbef1782cead 628cbee996709f0ac7f77c377521efff0410156b f4ec9799797c90b5d35ca4bcbfec2e89c3863b5daad9fef9801234dfe66912cc Loading...

	busshelters.ky/files/BASICDATA.exe	461 B	2023-03-07	2024-01-27
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:34 Last Seen2024-01-27 21:29:39 Times Seen9 Hash b3db1ba36924df66ba2af6f0938e8839 e1b1594adf7a7de933adf78dd94f13f3590c3068 8e7825436f1e73d1831a8f35d37d8c7d643381d73bae108a8b2d4b070c641ad8 Loading...

	busshelters.ky/files/BASICDATA.exe	334 B	2023-03-10	2023-03-10
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-03-10 20:15:55 Times Seen1 Hash 2c72a516e2b21557deada483f3d142bf 06ae3f8d0fc898dac3b45d13b1b0aca96e6f6220 888f96d6d96196809077bc17c9bab7830ba946e852b7ff9d88851d57dd5a48af Loading...

	busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-26
Pretty URL busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 16:08:31 Times Seen68676 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	busshelters.ky/files/BASICDATA.exe	2.4 kB	2023-03-10	2023-03-10
Pretty URL busshelters.ky/files/BASICDATA.exe IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 20:15:55 Last Seen2023-03-10 20:15:55 Times Seen1 Hash be945be85e27caea32c907173855ae23 9346ffbc2a65c88cffef7bc11226f222a0534346 58d665671963466a3090c8094b63706dc307d24e0ca13380957af40cdff32d54 Loading...

	busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3	1.7 kB	2023-03-07	2024-01-27
Pretty URL busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3 IP 151.101.130.159 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:40:41 Last Seen2024-01-27 21:29:39 Times Seen32 Hash 29095d9507a0d3f5a5a4cd98bc6dc45c ec8b6a41b582de4442f5ab65a8b84a89bc27b29d c8c7bec2d01fa7a753c5400fa3088833b5333489c282e30f1a76ae6881f07712 Loading...

HTTP Transactions (55)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7be8442ec1e518ccc80739495f6d047
7a9d24b9d4046262c7753c49afaf9c19f4840626
b93410a9d62da3f219796d753b61a0f730cc272c13596724aa9d20efba298b44

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B93410A9D62DA3F219796D753B61A0F730CC272C13596724AA9D20EFBA298B44"
Last-Modified: Thu, 03 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5157
Expires: Fri, 04 Nov 2022 20:32:16 GMT
Date: Fri, 04 Nov 2022 19:06:19 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5469
Cache-Control: max-age=143755
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 11:02:14 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cd02b32dbc8416dcb10b468af2166c33
503a9c4cabdb19dfde769f5e2d3ef919c818c364
46ca638514d9d4cf252762fdac37a5e7b1da550fcc9911070b0b26a6aa6150a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4542
Cache-Control: max-age=142828
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364dbd9-1d7"
Expires: Sun, 06 Nov 2022 10:46:47 GMT
Last-Modified: Fri, 04 Nov 2022 09:31:05 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 04 Nov 2022 18:43:02 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1397
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15417
Expires: Fri, 04 Nov 2022 23:23:16 GMT
Date: Fri, 04 Nov 2022 19:06:19 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Q7NLLSiubaSgtNtQHFB8X9h9sWaUryD6CKHXU9sEWdw+mu7WFa3O6YxZaGdbVCYOxKGJDgoVMDg=
x-amz-request-id: A78M2JC5QTXMYXKV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 04 Nov 2022 18:09:41 GMT
age: 3398
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 04 Nov 2022 19:06:19 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

busshelters.ky/files/BASICDATA.exe

151.101.130.159

301 Moved Permanently

162 B

URL HTTP/1.1
busshelters.ky/files/BASICDATA.exe
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /files/BASICDATA.exe HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Location: https://busshelters.ky/files/BASICDATA.exe
X-XSS-Protection: 1
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
X-FW-Server: Flywheel/5.1.0
X-FW-Hash: 1r7n9qtuoz
X-FW-Version: 5.0.0
Server: Flywheel/5.1.0
Accept-Ranges: bytes
Date: Fri, 04 Nov 2022 19:06:19 GMT
X-Served-By: cache-bma1666-BMA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1667588779.998897,VS0,VE483
Vary: Authorization
X-FW-Serve: TRUE
X-FW-Static: NO
X-FW-Type: VISIT

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
42a0adacced30df52cf7cad3e200036d
f7b4114defc61f806dbb74fd228bca155d52362a
e4928481739a2a75dce86c03b355c6dff507426e8d851cba5ca8537b1be87c20

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2645
Cache-Control: max-age=135873
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:19 GMT
Etag: "6364c817-1d7"
Expires: Sun, 06 Nov 2022 08:50:52 GMT
Last-Modified: Fri, 04 Nov 2022 08:06:47 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.161.6.128

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.6.128:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BX9kATPA99l+rO4j2x7lLQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tGoaNjKZCAgGfYQSycNdKIg38pU=

busshelters.ky/files/BASICDATA.exe

151.101.130.159

404 Not Found

9.0 kB

URL HTTP/2
busshelters.ky/files/BASICDATA.exe
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size
9.0 kB (9013 bytes)
Hash
6a2f63312ce110593a4741ef796ab276
7d31e45536a8a22feba73c8159678974590f94fc
39829f913151f101bbe04efadbb699a2a9cf72c58c943a7db76a5d6b8c3fac5d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /files/BASICDATA.exe HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://busshelters.ky/wp-json/>; rel="https://api.w.org/"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-dynamic: TRUE
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: NO:Not Cacheable
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667588780.565259,VS0,VE1264
vary: Accept-Encoding
x-fw-serve: TRUE
x-fw-static: NO
x-fw-type: VISIT
content-length: 9013
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3

151.101.130.159

200 OK

828 B

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (2443)
Size
828 B (828 bytes)
Hash
a39903a72c7ec1a81ad439c84ee04047
8e28eb36cdd9f0ebb38284a86bfab05332b9581b
0e2c303ded7fc03c7cd52e7f95365a9d5aa22dcb01390b7c40655d25f5c56144

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/styles/header-horizontal.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-98c"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928847,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 828
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3

151.101.130.159

200 OK

1.6 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (4844)
Size
1.6 kB (1574 bytes)
Hash
4ae404fc4b362d777af5da6ebdc40694
5d02cdd54b988eecb7f04e54d68f02f367106f4c
948ffc672834fcd865b6a55b52e631d003d2ad7449bc2cf06abea454eb92b882

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/css/themify.common.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-12ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.929015,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1574
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3

151.101.130.159

200 OK

4.8 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (23292)
Size
4.8 kB (4799 bytes)
Hash
61a9dcc018aaa78af97d2528a212d8b0
4e86a7786791f8330d449978094679b27259dc1d
57d1220b393f2f66c79f4f21d5cb0c65329eaaaaad2c27177fcc04c18ccbdbd8

HTTP Headers

GET /wp-content/themes/themify-ultra/media-queries.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-5afd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928915,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4799
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3

151.101.130.159

200 OK

104 B

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text
Size
104 B (104 bytes)
Hash
aa39eb90d1abb956a8b45a0722fe80da
17c626a3269ee7873b80e61ce144833df6f599f1
31de1fcfddbbfdcf83e2a395b892637c5fb64fcdf50beba135e25854e69be333

HTTP Headers

GET /wp-content/themes/themify-ultra/styles/theme-font-sans-serif.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-7b"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928858,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 104
X-Firefox-Spdy: h2

busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

151.101.130.159

200 OK

4.4 kB

URL HTTP/2
busshelters.ky/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (11126)
Size
4.4 kB (4405 bytes)
Hash
24957bc8161f979c6e661f46fdc3974f
fa1237ffe8b3745baa78ac481239038e133fcc17
46acf87c90961d413ac24eace25b77a8d5236daf38799fec2daf0bc350cc6ebe

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-2bd8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928748,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 4405
X-Firefox-Spdy: h2

busshelters.ky/wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45

151.101.130.159

200 OK

1.1 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text
Size
1.1 kB (1126 bytes)
Hash
48216e139f99573cb19da51228580c6b
2d1647aefd14ed826f745846188aa7278774cda7
ecd0a4ebda0974422afbb554cce6e51dcb5a4b9f6c19dd37be18a90e45bde42e

HTTP Headers

GET /wp-content/uploads/themify-customizer.css?ver=19.02.07.11.48.45 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:39:57 GMT
etag: W/"61e85afd-ea6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928792,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1126
X-Firefox-Spdy: h2

busshelters.ky/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3

151.101.130.159

200 OK

14 kB

URL HTTP/2
busshelters.ky/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (43771)
Size
14 kB (13906 bytes)
Hash
1047dd6779111ec73736abd71a40fef9
e08643922ce9a1a488f2a72c0341807f59f7528e
d85287eacda4e97356cf1b53ec765e34c8913558d6fb485b334debf78c89a3bf

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15b64"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928999,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13906
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/style.css?ver=6.0.3

151.101.130.159

200 OK

29 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/style.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
HTML document, ASCII text, with very long lines (5358)
Size
29 kB (28772 bytes)
Hash
5003c0ccad2b17d689004afc1c20a2c1
fe2d832146fdc8a39fc24b03d6ed0026a327acfd
ef8c326c2c55db70a5c0feff710937da27817fe989bc98d8295f443ed8a1185c

HTTP Headers

GET /wp-content/themes/themify-ultra/style.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-1ce21"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928975,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 28772
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/style.min.css?ver=6.0.3

151.101.130.159

200 OK

23 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/style.min.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65536), with no line terminators
Size
23 kB (23012 bytes)
Hash
bda7e18203dbebf5323cbbf60f4b9120
87094ec83ddc0725ea1eafab900e9e9ab28c8135
4a11e4cba8d7e0ab3b78196f2c4fb1c4030c3164d98716d25301e66f3d6c1a01

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/style.min.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-165a6"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928927,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 23012
X-Firefox-Spdy: h2

busshelters.ky/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

151.101.130.159

200 OK

34 kB

URL HTTP/2
busshelters.ky/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65447)
Size
34 kB (34060 bytes)
Hash
22b0253c0ecce70e41e296d176b0d972
a161c363d2092739db21bfeb2cf23c980ec71580
181967b7928e133789c8edbb8bdcb73d44a0328d884b613f8ebfb182b4c3c52e

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15db1"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928771,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 34060
X-Firefox-Spdy: h2

busshelters.ky/wp-content/uploads/2017/10/Logo_Small_60.png

151.101.130.159

200 OK

13 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/Logo_Small_60.png
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
PNG image data, 226 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12603 bytes)
Hash
5acaa78f412409556fc5b8e16e2751d5
93160ca31b984bed679c61dc2cc4fd5dd1353688
b58a314be084220bb1a6dfe603a313cdba28f94be7c68c6c94b865a9e3dc234c

HTTP Headers

GET /wp-content/uploads/2017/10/Logo_Small_60.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:00 GMT
etag: W/"61e85b00-6a75"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928709,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 12603
X-Firefox-Spdy: h2

busshelters.ky/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4

151.101.130.159

200 OK

4.0 kB

URL HTTP/2
busshelters.ky/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (24504)
Size
4.0 kB (3973 bytes)
Hash
e8c6499e6117936791d44721a6bd8bca
f2b8cc02c7e314f0bcb2846a7d20ca4b067068cf
24e530c4235a6d912d5752e9a34d803eca3fe1af09a0d80db0d48a89cf839d19

HTTP Headers

GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.0.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 28 Feb 2022 15:38:16 GMT
etag: W/"621cec68-5fb9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.929035,VS0,VE4
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3973
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

busshelters.ky/wp-content/themes/themify-ultra-child/style.css?ver=6.0.3

151.101.130.159

200 OK

218 B

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra-child/style.css?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text
Size
218 B (218 bytes)
Hash
271b35395ffa443720faceeb74510411
fcb5b31064cbe01dcf3ea7167a723c82f52e9cd7
d0f399f8641359cab8c9297551cd622f77da56c867fd096e749143376a8eb2d7

HTTP Headers

GET /wp-content/themes/themify-ultra-child/style.css?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-133"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.928811,VS0,VE8
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 218
X-Firefox-Spdy: h2

busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3

151.101.130.159

200 OK

5.5 kB

URL HTTP/2
busshelters.ky/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (15660)
Size
5.5 kB (5515 bytes)
Hash
17db16eba9de064a60b18a592b36634a
82fc955209623803111e48d5be3cf345315be6f5
1144901adf4e1d54838e6e04a2b75314f3b95518ee654d8c1742af50e355b433

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-48b9"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.936510,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5515
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3

151.101.130.159

200 OK

694 B

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (522)
Size
694 B (694 bytes)
Hash
7c02cc9d233597d530f8135fa67e8dca
4b9c6c7d2985fa383ebcaebde77b6ecf6ca024cf
6facda2fd778875595e70d7388d9797f95f57788f0ff583deeda20d3bfc400fc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/js/themify.sidemenu.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-693"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.938265,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 694
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3

151.101.130.159

200 OK

14 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (800)
Size
14 kB (13658 bytes)
Hash
8ae397fcb69431875f6d4466047c3523
6d9d815538e8e87d8ca44b2ebdd21d23990edfde
6498bff3f0fb8f38844e11ebb98b3716b7a1763348d05cb6a348ba9d8e61ca48

HTTP Headers

GET /wp-content/themes/themify-ultra/js/themify.script.min.js?ver=6.0.3 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:03 GMT
etag: W/"61e85b03-afc3"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.938861,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 13658
X-Firefox-Spdy: h2

busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4

151.101.130.159

200 OK

8.3 kB

URL HTTP/2
busshelters.ky/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (27481)
Size
8.3 kB (8315 bytes)
Hash
38502bc1233e351d85fe88fdc64157fd
b5e5bfc8fe53511a3b316b6d3485b53d9dafee02
2faf97a6a3a0a4226dcb589409db64377b4cdf7591c5e15eb17e2bd3eaea3460

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=6.0.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 28 Feb 2022 15:38:17 GMT
etag: W/"621cec69-6b5a"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.939716,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 8315
X-Firefox-Spdy: h2

busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4

151.101.130.159

200 OK

1.9 kB

URL HTTP/2
busshelters.ky/wp-includes/js/imagesloaded.min.js?ver=4.1.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (5477)
Size
1.9 kB (1946 bytes)
Hash
fcf12c7d3f5778470877aff26bdb3040
b8cc6b30eb49ef014651e6f22e4a33b74a3fde1e
2b6a1c6d97acd8b8f1460d8e4acbac8f911aa950c482ab794888f40c63fb2d6f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-includes/js/imagesloaded.min.js?ver=4.1.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 08:13:20 GMT
etag: W/"634e6020-15fd"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
cache-control: public, max-age=31536000
x-fw-hash: 1r7n9qtuoz
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.937642,VS0,VE6
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1946
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b88610b42bd507f0ac1700d26db03fbb
073bcc479dfbe62a2691dbdfc3c87a99bcdc2fc4
4e544dd8861a1438b1667462866044f8646dfefb42f3bc6cbac2de324de4b568

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f62b37b31acd5a1918c3a4453a7b39c5
95ca904e055cb2646e0194e429cf6374213cabe6
94533502a038fc926fb0f25dbf72be12fdf6d868c0e836d855ef195d63d1ecbf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6ae0db60213bfddbf2ad71a9fb116bf
915d2895adc3f022c28cc628aeb6e441cbb09d47
ac94f3fd00f0f8f8617d15a3816b07d25d3774e91b287ac181e5efb4ebf95e22

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AC94F3FD00F0F8F8617D15A3816B07D25D3774E91B287AC181E5EFB4EBF95E22"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2334
Expires: Fri, 04 Nov 2022 19:45:15 GMT
Date: Fri, 04 Nov 2022 19:06:21 GMT
Connection: keep-alive

busshelters.ky/wp-content/uploads/2017/10/Join-50x50.png

151.101.130.159

200 OK

6.4 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/Join-50x50.png
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
6.4 kB (6400 bytes)
Hash
30511f35cfed41b7edc319e97bc38262
9d3e52dc8d69f2280b3fea2f6cca89732dcbeec2
35ac310b1282c3e1043ed9db5f21d82b8ff92db3ba19c4c584e580c7077613bc

HTTP Headers

GET /wp-content/uploads/2017/10/Join-50x50.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-18e4"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.386340,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 6400
X-Firefox-Spdy: h2

busshelters.ky/wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg

151.101.130.159

200 OK

1.7 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 50x50, components 3\012- data
Size
1.7 kB (1687 bytes)
Hash
fd64d3e91964feae75eaad3bfc6eb938
acbbcf021755463da581041f97307c216c636a52
c9985da71d86f73cea7f8ddbfea10b3436a4da9f4199bea9556c2a473b5221a2

HTTP Headers

GET /wp-content/uploads/2017/10/cropped-20543694_1503389523078182_4529504524555458292_o-1-1024x450-50x50.jpg HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
last-modified: Wed, 19 Jan 2022 18:40:00 GMT
etag: W/"61e85b00-709"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.386606,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1687
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
656a355c6cb333c5554fa65748d3d165
15e6dc206e412e258ca49e2eec46e67b831ea4a6
3bdcb16737f73a6985f7cfe3b221882d91b27ab3ec6f940f14477f94a0e40720

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

busshelters.ky/wp-content/uploads/2017/10/Award-50x50.jpg

151.101.130.159

200 OK

9.5 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/Award-50x50.jpg
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=12, height=540, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=960], baseline, precision 8, 50x50, components 3\012- data
Size
9.5 kB (9452 bytes)
Hash
2ce0089c0789056bb8b9778978fcc300
df66481a3f4e5eee788b6e40d0db272566395b9e
932e952bfd78a2b509efd215c53e6d03897fb1cf100f26a95b89b7322063c3f5

HTTP Headers

GET /wp-content/uploads/2017/10/Award-50x50.jpg HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-3678"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.385475,VS0,VE3
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 9452
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://busshelters.ky
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 05:42:51 GMT
expires: Fri, 03 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 134610
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.195

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://busshelters.ky
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:40:18 GMT
expires: Fri, 03 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 95163
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10527 bytes)
Hash
bd006407a4ea0fbeec2f1351a71f30bc
d1625420cdc79643e759247b0e9ac89dadfbe956
fd461665ee463fad26300630684a11e3c520485e3b001c2f08439d50589ddbb7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4f483454-b074-4576-b487-76a14ccb2059.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10527
x-amzn-requestid: 1b709c25-8424-49d8-bc0e-dac3fbc154ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNEzH5ZoAMFWdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-3fb0703f27b571cf7f85e59e;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 9A2gds6rdrlTJCrN3m05Yl3azoOYGCEaCd2OBH8qq21wHR8WgqI3CA==
via: 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 04 Nov 2022 00:54:07 GMT
age: 65534
etag: "d1625420cdc79643e759247b0e9ac89dadfbe956"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6557 bytes)
Hash
ca6c7517d7015fbc35fa290c1c2d6afd
594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c
a746b36be50209915a0e5657abd219aab382eee4b7556142aa1316daf3a9f5a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d05e3a2-b178-419f-90de-a1985765ff09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: f2e39db1-fb8a-4a9b-8a1d-ee08000ddeb6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC1VyFHuIAMF5Eg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636435be-7a03ef677f8dbd680f72de90;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: I6mALhsUwtQqMP_p_HxFaiCyfRDTtVzPIJjeDrKSEq7Tc_d5EcNw3Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
age: 76401
etag: "594e5a82ce82fb4cd76548b6d2d6b4cc419b7e4c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7703 bytes)
Hash
9a763d44e05fa357713a41ab1388974a
d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd
f351b7e90e5435af071892b62af3ac591bc553281b3ea63b1ae067a3d03f572d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08eaa5d0-649d-4568-ac8b-ca60d91ab718.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7703
x-amzn-requestid: 4f835957-6df6-4001-9c34-ed9749000b46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC0RpFGwoAMF0-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364340a-3f7b7dd36cb07d057b64ec2f;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:35:06 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5_POzz6quaFlv3R4djTMvwuiLWqmvHLCrZ58DtyQPJG8yWQoxV0LjQ==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:11 GMT
etag: "d4d2ee1aa9beb5bbd19aaaf590c8a0832fb180cd"
content-type: image/jpeg
age: 76390
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3

142.250.74.10

200 OK

8.8 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
8.8 kB (8800 bytes)
Hash
86678dd9e36db170a6ae70028c734e50
8ad93b6ed9cda8c60de34430555573f3e50cad10
ea78700306362099c7960e24d27868754519a3a45e8915c9106dfa123279cf7c

HTTP Headers

GET /css?family=Open+Sans%3A300%2C400%2C400i%2C600%2C700%7CCormorant+Garamond%3A400%2C600%2C700%7COpen+Sans%7CMontserrat%3Anormal%2Cbold%7COpen+Sans%3Anormal%2C600%7COpen+Sans%3Anormal%2C300%7COpen+Sans%3Anormal%2C800%7COpen+Sans%3Anormal%2Cbold%7COpen+Sans%7CMontserrat%7CMontserrat%7CMontserrat%7CMontserrat%3Anormal%2Cbold&subset=latin&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://busshelters.ky/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 04 Nov 2022 19:06:21 GMT
date: Fri, 04 Nov 2022 19:06:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4

151.101.130.159

200 OK

3.6 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
data
Size
3.6 kB (3559 bytes)
Hash
3e2c2868516a60c335361ccef89c6090
b71b29860aca017ac124fb4037cec5dc3101474e
3ac5d5410a9d31317c2f31fe3e08cdb188e26bfffce5275b85cce986f2841d22

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/js/main.min.js?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: W/"61e85b06-35bf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:20 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588781.937100,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 5385
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10810 bytes)
Hash
c472942cb4b85610a3e83edf7527f923
8191eb019b21bed2b9f53c755e1c24d08dc70760
0dc7f9902567b0130c1c34b6e356b8239f8e6c83e1d38ac9b74588270000279c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98808735-da09-4166-b898-eee474b2aed2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10810
x-amzn-requestid: 85c9096f-2671-4f0e-94a3-607254d036d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bC057E5yIAMFcXw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364350c-3c93b6e56e6141a63d1285eb;Sampled=0
x-amzn-remapped-date: Thu, 03 Nov 2022 21:39:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Rr6GO1Bb6pdxYxNFuwmG2Srs9uGM7tOTffgnyWys0zDjGCDrONRxUA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 03 Nov 2022 21:53:00 GMT
etag: "8191eb019b21bed2b9f53c755e1c24d08dc70760"
content-type: image/jpeg
age: 76401
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f62b37b31acd5a1918c3a4453a7b39c5
95ca904e055cb2646e0194e429cf6374213cabe6
94533502a038fc926fb0f25dbf72be12fdf6d868c0e836d855ef195d63d1ecbf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2022 19:06:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4

151.101.130.159

200 OK

7.6 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (30028)
Size
7.6 kB (7643 bytes)
Hash
e23a28b98a8ca84e9991c4def950dc9b
0b8e250e1715f3e1e0963dd5c1266473e993b8bd
7a57c779dfe87513cefdc471e0d2a018cc3d88f2fbacfc323323eaca8f96f4c3

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:05 GMT
etag: W/"61e85b05-75ed"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1667588781.483460,VS0,VE127
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 7643
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4

151.101.130.159

200 OK

3.1 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (13799)
Size
3.1 kB (3136 bytes)
Hash
c9184174f207d4b1cf549c34c9541865
5c4b15f3907805c077deae6e06142f2c862daa5d
15ef7bf82acd01ac614928e8e58b14105e9037862961ac9d1471285b32d73805

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/themify-icons/themify-icons.min.css?ver=4.2.4 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 19 Jan 2022 18:40:09 GMT
etag: W/"61e85b09-35e8"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.634579,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 3136
X-Firefox-Spdy: h2

busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

151.101.130.159

200 OK

77 kB

URL HTTP/2
busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /wp-content/themes/themify-ultra/themify/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://busshelters.ky/wp-content/themes/themify-ultra/themify/fontawesome/css/font-awesome.min.css?ver=4.2.4
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Wed, 19 Jan 2022 18:40:06 GMT
etag: "61e85b06-12d68"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.649016,VS0,VE3
vary: Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 77160
X-Firefox-Spdy: h2

busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png

151.101.130.159

200 OK

1.5 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1472 bytes)
Hash
ee88fa12d7c3d8b77cdb204721245008
2cbdf809abc6ff549a1a74f4e4b61fb06d6c8a7f
bb21820646f93ef6976c2096d49d99aaeec437b5901fedfa4016dba0ce78112c

HTTP Headers

GET /wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-32x32.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:02 GMT
etag: W/"61e85b02-847"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.811701,VS0,VE1
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 1472
X-Firefox-Spdy: h2

busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png

151.101.130.159

200 OK

17 kB

URL HTTP/2
busshelters.ky/wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png
IP
151.101.130.159:0
ASN
#54113 FASTLY

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16840 bytes)
Hash
a1ab31c9dae8127dbceba5f3f5c891e5
b0febcf950578aecd2c4a246a7c567b48a23d1f3
95f9031fa070b69c9d31f6b7ead512742c083105c1b7247244773d6c894de1d3

HTTP Headers

GET /wp-content/uploads/2017/10/cropped-Favicon-Simplified-1-192x192.png HTTP/1.1
Host: busshelters.ky
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://busshelters.ky/files/BASICDATA.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
last-modified: Wed, 19 Jan 2022 18:40:01 GMT
etag: W/"61e85b01-41cf"
x-xss-protection: 1
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-fw-server: Flywheel/5.1.0
x-fw-hash: 1r7n9qtuoz
cache-control: public, max-age=31536000
content-encoding: gzip
x-fw-version: 5.0.0
server: Flywheel/5.1.0
x-cacheable: YES
fastly-restarts: 1
accept-ranges: bytes
date: Fri, 04 Nov 2022 19:06:21 GMT
x-served-by: cache-bma1656-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1667588782.811722,VS0,VE2
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
x-fw-static: YES
x-fw-type: VISIT
content-length: 16840
X-Firefox-Spdy: h2

rotarycentralcayman.volum3tric.com/wp-content/uploads/2017/10/Walking.jpg

64.111.120.181

200 OK

137 kB

URL HTTP/1.1
rotarycentralcayman.volum3tric.com/wp-content/uploads/2017/10/Walking.jpg
IP
64.111.120.181:0
ASN
#26347 DREAMHOST-AS

File type
JPEG image data, progressive, precision 8, 960x960, components 3\012- data
Size
137 kB (137013 bytes)
Hash
fc7104e884f8b4909e79eecb3790bca8
f769406aad6d278aee3f0f0652a40dc2ad1a62b4
29d07844278fecdc76fc7549914f247d6d1227c2a600dc87f3d08c22827cb138

HTTP Headers

GET /wp-content/uploads/2017/10/Walking.jpg HTTP/1.1
Host: rotarycentralcayman.volum3tric.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Date: Fri, 04 Nov 2022 19:06:21 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Last-Modified: Mon, 30 Oct 2017 21:57:29 GMT
ETag: "21735-55ccab9882510"
Accept-Ranges: bytes
Content-Length: 137013
Cache-Control: max-age=2592000
Expires: Sun, 04 Dec 2022 19:06:21 GMT
Vary: User-Agent
Keep-Alive: timeout=5, max=100
Content-Type: image/jpeg

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP