r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7664
Expires: Tue, 22 Nov 2022 18:03:17 GMT
Date: Tue, 22 Nov 2022 15:55:33 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5664
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:33 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 12:05:39 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8a6c553d89cb6fd1de4787fee2a0e0dc
b974e022ea8675c0a09f58864cc99df05b5b1241
a62ecedcb0953814f982237818a3d902fdca501f82b675629d28b5d476e0fbfa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A62ECEDCB0953814F982237818A3D902FDCA501F82B675629D28B5D476E0FBFA"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2414
Expires: Tue, 22 Nov 2022 16:35:47 GMT
Date: Tue, 22 Nov 2022 15:55:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 15:09:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2770
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZldPA3kQ8KI0wzMAyHIH4t9bSdKPBCC2WZuxOciPRPxAZutSMZUQYUtV/CKp5ohVOMPU6x6pVNs=
x-amz-request-id: 7ZX7BPR4JW2TX006
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 15:42:37 GMT
age: 776
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157301 Moved Permanently 280 B URL HTTP/1.1 heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 023ac1b25303dd2b521ec25e1274e490
c44bc2238f7227be4cc63f75c0eee098bc01cd66
634cebac5c21890cbed71111b2342cc5792fe987a2b41bd75c9a6866cbec06e9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Nov 2022 15:55:33 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Cache-Control: max-age=0
Expires: Tue, 22 Nov 2022 15:55:33 GMT
Content-Length: 280
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 15:11:10 GMT
cache-control: public,max-age=3600
age: 2664
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 59957e786f627cdde1c66e63f070f64a
9cd55c0c70fa1c65781c61335161178244d1de1f
1d8f0d89f0f4a30168e576a8e2f79274b5afbb39346a88e3bd2d0340162ca3bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D8F0D89F0F4A30168E576A8E2F79274B5AFBB39346A88E3BD2D0340162CA3BD"
Last-Modified: Mon, 21 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1183
Expires: Tue, 22 Nov 2022 16:15:17 GMT
Date: Tue, 22 Nov 2022 15:55:34 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1753
Cache-Control: max-age=150034
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:34 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 09:36:08 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.160.51.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.51.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FCSL25xZ5Sw8fCqSlxSMuA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jTXQEdDpLAOpwEb77H61YbO/0k4=
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157301 Moved Permanently 0 B URL HTTP/2 heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
expires: Tue, 22 Nov 2022 16:55:34 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
x-content-type-options: nosniff
location: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:34 GMT
server: Apache
X-Firefox-Spdy: h2
code.jquery.com/jquery-1.12.0.min.js
69.16.175.42200 OK 34 kB URL HTTP/2 code.jquery.com/jquery-1.12.0.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (32060)
Hash e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337
GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 22 Nov 2022 15:55:35 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669132535.dop218.sk1.t,1669132535.cds264.sk1.hn,1669132535.cds229.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
142.250.74.164200 OK 553 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 22 Nov 2022 15:55:35 GMT
date: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
142.250.74.138200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
IP 142.250.74.138:0
File type Unicode text, UTF-8 text, with very long lines (65479)
Hash a1dbc2376faed4d6de4f5918c679a3d5
a9deb320a96ac3ddd24bb431b2854ff64f789e5e
6c96b4087484f1793973c8bb673eae22e7798be772392a0eed8f5f9252a472d8
GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Nov 2022 20:01:08 GMT
expires: Mon, 20 Nov 2023 20:01:08 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 158067
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-233581752-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-233581752-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash f73446710f8f5ccfef699711a4bd464f
41c2186258c5184ac8cea6a8157dcc426f40aecb
d0c23f7514479c085845ce5a0d5087067ade17fe333253c5ca6a1c350895492b
GET /gtag/js?id=UA-233581752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 15:55:35 GMT
expires: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10952182701
142.250.74.168200 OK 67 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10952182701
IP 142.250.74.168:0
File type ASCII text, with very long lines (2919)
Hash ad7779a3ad805fc3ac1b27073fa263e8
0e60032dde10effce8ce5a207af5e0cc35bea007
6c1b0e90edcc5285d9f366b1e9e8ab6a703c5f4da1b9652bf396c842350307d1
GET /gtag/js?id=AW-10952182701 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 15:55:35 GMT
expires: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66991
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 9ef11a2d1e232b4b45e40ff0c29fa8b0
0966963f13e3b149e3e3c8c2c81e7986d1d8a07b
9ce8b9ab5f1dfdc0686d1660ed64c6eff5cc3d1492d82aa769ac58e3a159dd1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
151.101.86.83301 Moved Permanently 0 B URL HTTP/2 www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP 151.101.86.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.jscache.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: envoy
location: https://www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
expires: 0
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
timing-allow-origin: https://www.tripadvisor.com
content-type: text/plain; charset=utf-8
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669132536.559481,VS0,VE143
content-length: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive
www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1
103.50.162.157200 OK 189 B URL HTTP/2 www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 02 Nov 2022 12:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 189
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
103.50.162.157200 OK 1.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (6095), with no line terminators
Hash 807a495302e6eb0e3d2ab42f64c02887
564ea424819ad6206fcc7a5a5467fd0dbd41fed1
c91eef585a2f5367b79656186abeeefe032770a34518a8963e7590cee6f5d0ec
GET /wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 04:47:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1699
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive
www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
103.50.162.157200 OK 4.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (21597)
Hash 7f01d3c2dd8fdc231241f6a3b10def8c
76646b14e9ce97d384b9adb20c622f09c7ecd140
999c4a983cd4b5a1a7652aa436630a18c1a6dbf91de090c903ab507b07df536a
GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 27 Oct 2022 00:19:31 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4487
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1
103.50.162.157200 OK 1.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 6fe412ab00fa602fbdff1ebc56c0122f
30a1a170684805d401207dc3c29bbbc16ed5795a
86158384e8fce089c0b8ec4d2cca88be20511262a175da582df15465e464caba
GET /wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 31 Mar 2021 04:15:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1102
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 967924886f14c2bf9ea1d320dc4c6c4e
7adfd48f7d7215535dfd7db7a025999ad6bab52d
9d7b368e9ea3c04bf17f94c8080202d0a9ab1fee6e5143840fa5bf0617d133bc
GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 27 Mar 2018 06:42:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1269
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1
103.50.162.157200 OK 5.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 0a8bd7341207a9042050c53b5e7bac6d
e21aa6bed02c4b6ee4cdc76c2870a737b27add14
6787293b487d3e4dd641e3e0b60b49d508a419979910abceeabac53601865cec
GET /wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sun, 03 Dec 2017 13:28:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5195
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VabInML1mfcQLIp29OWRNsixwfSWt0Wv9l7I-Ak7TdUHlNt2ZEVtPg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:21:36 GMT
age: 2039
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nwXP5jm9A2Cl3_-Lm194ycXkeClig1L9hwgUgE8i8NF-Vv2gNfj_4Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:03:51 GMT
age: 3104
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ed6b76d15fc8d6295acdb6fb47461d3
b8c928f93a8d82b48491448d811a95ad99dc6aef
de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:58:29 GMT
age: 64626
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 472ceca597feefba355fbd65998977b7
f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a
e201f706ba38f04ef07d74a67eec187ad8b882027b96b0e4e700162f96da422f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7751
x-amzn-requestid: 577947ab-4fbe-4b07-944a-2b65cf5ed6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b4UE9GJ9IAMFVtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63799a1f-1a26961e20c88cd54a613ddb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QB2RJo7NR7FMDRC7fC9eLMW99KR7andopIeu4qi0yp_tihE0vtpkXw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 04:49:03 GMT
age: 39992
etag: "f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ab62c5a7c3296600de924eb0b283bc1
bc4a2dc43898e3fb78ba7301d8b09b280991d221
f2a4c0829a4fb9a585113ed358832d16470ec391035a302a8f3c4666172f02bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10556
x-amzn-requestid: d2426c6d-5e78-496c-8649-0496a872b380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-Iq0GPVoAMF9bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee45-1ee6dc09394731cc4dbfc38a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sBNLrVAl4G6pJ-OBZ6aJZC64MrkkGQdsuZKITQwcqgYgP6-GJiblfA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:59:20 GMT
age: 64575
etag: "bc4a2dc43898e3fb78ba7301d8b09b280991d221"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dafd9e17dc0023e71ae513c6025e4b80
12e2654db1f384bb04f5c5042848b25dda86b710
e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bmrDryUp_4bvIikGkppa36e9isEfvK0gjunV6xmU5ApJtxlLR_GYkA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:05:18 GMT
age: 64217
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
23.38.201.85200 OK 270 B URL HTTP/2 www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP 23.38.201.85:0
File type ASCII text, with very long lines (306)
Hash 9cf5ca2c431300e3dd89ebd84b3a9659
4f3ee56b429dc14ea1178e68dc876f3300c9c9b7
861c3fe1bdfcc31ba857b0fa0daa64c0d9d6cda2b50ac27ed18286c6abade227
GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
vary: Accept-Encoding
content-type: application/x-javascript;charset=UTF-8
content-encoding: gzip
content-length: 270
date: Tue, 22 Nov 2022 15:55:35 GMT
set-cookie: TADCID=Ex5v4kd6NIUHQJJqABQCFdpBzzOuRA-9xvCxaMyI13G1SJvCu93ngiFlNq6dwIqtpEz0UIzq2A8C8Idso09G3djHnBCfdJIkRIQ; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:35 GMT; Path=/; Secure; HttpOnly
__vt=kPRf5VdGMb2Ik2kjABQCIf6-ytF7QiW7ovfhqc-AvSGS6Ou3jAoQB0svJXY70lKg9YqRyURSHwo4CzAPg0Chr1CJfIem-ZgbD5yCjCcu9Xk0ewkBeBR8j8OOSqmbxnschFTQwU5nBsKLWM1QNWOrd4CFig; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:35 GMT; Path=/; Secure; HttpOnly
_abck=D6248C0604DC870C591D97A1EED54DF5~-1~YAAQBk8kF8zQVXuEAQAAQUgNoAjDFQLEduMP616XVaaxIB9uF9sVSJLYpTcxRuZlRDesuFmtuJO/RoMBsWg2IQmF1nTFE8WdX/36+hgU8WwNhQKNSyla5A0Z2CcTam54IuGBSQrolrryZ/+zXbhao9mjbRXzZ78vmz7EPVKrGTir5CpqCYAvrTJYXn3WW5ihWO0ZU+rCw4UXHzdztGc/MWowJuqIZZfpXJ+jajQS4t14cw2m7MGFSqJzZyc522Fq0ktLWxcBQSplSxN862gGdM74+Gwl9bsoT6hTwvczzkAAuMJaBv7Qc0jb+bV3/5WfgWI0y8r0vMyh6GLgjDuA9UTLGgoJpVuGMutUE6eXsLlsS0G3SwVodWEJbQ93a9u/x4c=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 22 Nov 2023 15:55:35 GMT; Max-Age=31536000; Secure
bm_sz=B024DDB20E536E71B94D6A9506DDF4D0~YAAQBk8kF83QVXuEAQAAQUgNoBHzk1yUVDDlmOk7N1bH6HvmpIXwq2MqHemphvHoYvH2JMpRnSmzU2rce1HFI5v0tLPywk74fF8SU+eWoUnhmnvAwjr9pc1/sIhIVRgKbru2T/mw6RyoDBaMoXLzPrsAYQl3Rgn9vLZMIeXxMOUFZMXiAeVt7jpoV8EPeRGdiCjC3WpCzQmFfSpx6GoNuLF6D477NFqjWf9F51MHhcqaRas+PtXoVLNJZ2NsBSX78NU9UtVC3tT3ItyQxE7FGWtSaWSfy0u1zK5pIXSZicZSiDQyrGJkwQ==~3621937~3616823; Domain=.tripadvisor.com; Path=/; Expires=Tue, 22 Nov 2022 19:55:35 GMT; Max-Age=14400
X-Firefox-Spdy: h2
www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
23.38.201.85200 OK 6.7 kB URL HTTP/2 www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
IP 23.38.201.85:0
File type PNG image data, 336 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 94e8c1fd1a7fc695af3d4e0ee15999d2
687f1c33739b9b64832a90876b7fcfed46f5c529
5e3adb4d54bcbc57e019efdf0a413ee8631470c53a2a23e7cf276fbe1bdef6c6
GET /img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 23 Nov 2022 03:55:35 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/png
content-length: 6689
date: Tue, 22 Nov 2022 15:55:35 GMT
set-cookie: TADCID=lwc1iD_UArneTgEuABQCFdpBzzOuRA-9xvCxaMyI13G1SHGWDoo8IMX3tRd96zixudQSAGNz1-uCOLNgjLWid5ZuqJpCjfwsudY; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:35 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A4GpBN2qRxork7nWhzVPS6shGd0grv0wJq8z7TEDb%2FeA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:35 GMT; Path=/; HttpOnly
__vt=6KPqQFvvegPDLglTABQCIf6-ytF7QiW7ovfhqc-AvSGS6AVnjJ_i4JZHsLYKg7NskR_IdKZhUlZvAda-BFu6W6J8YJqS2YqBuJD5Vx1kLIQbP7i8rxpiweTFPou3_G6S6-Jh4DeGyecl_KNeKx8_S6_4Qg; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:35 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.0C540DB3F18B024C83668E6CAAA73BFB*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=X; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-11-21; Domain=.tripadvisor.com; Expires=Sat, 21-Jan-2023 15:55:35 GMT; Path=/
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1
103.50.162.157200 OK 6.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (28996), with CRLF line terminators
Hash 7213a021dbfa18b6ab789d989851a85d
71b427dfe5f56d60224aec1701d6f28f1443b18e
e917493cb9c90fd02626a3e4762d6ae81ebdb7a2d7c4ee58f1ccc970c72c301f
GET /wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2017 12:33:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6743
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
103.50.162.157200 OK 3.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11263), with no line terminators
Hash 51c75ba5a9163d96efde16b2702385e1
a7562e7da4ccca3b2a3788eb96e3d962aa2eace7
13167fe3f53391caa833d40793f29d744e995a09990722c71627de0d91de8bdd
GET /wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 27 Mar 2021 05:10:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3051
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
103.50.162.157200 OK 4.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (566)
Hash 2cd208e374b2cfe6ef4a6b635763f557
213b7d514e751ec2dd0732943d5329c559f7945d
658a4d4dda5ecb6f50e80dc35818551fcdc895d771b1ca33df0ca5ba2d791250
GET /wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4235
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 236b893cd98b54dcb08404e1528e0b1f
1d37376aa3654fbdc995bdb3364f514623fb1860
865643694d61d92f91d3a361cb2a74da85a5e04869ae789ab583e2d81e8c1bf6
GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 07:24:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1270
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8
103.50.162.157200 OK 2.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (5151)
Hash fd9c26ea2ed860f8ad3c2b5c5acde541
f5e4ed76ae73cca96cbdb5c022e4dd818c14933c
81795e3474e0377e81da01f5e3f1261cf2ec7563cec0e842dfd0ade2acf7042c
GET /wp-content/tablepress-combined.min.css?ver=8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 10:11:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2542
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1
103.50.162.157200 OK 9.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (484), with CRLF line terminators
Hash 1a00aae64e3669cbb6f7f4da1b2093f4
3dd8365cc3010850be912c02402a6a1a6cdc316b
8a1696e586703108bcf0b7d5e4b29a4dc44f560db077aca88e4105a2dc3d6844
GET /wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2016 13:57:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9390
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
103.50.162.157200 OK 5.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 25 May 2022 00:19:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
103.50.162.157200 OK 2.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 144 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash fd24547c88cf7fa5f1c58c0dfad6d4b7
e07b978e1e901c9ee6c6b8799f541f68a7ae7753
323e547899c863adfb3f0ae96d7e6c7ccf147a425653d29a7b6c68132798b5a0
GET /wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 09:42:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2194
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
103.50.162.157200 OK 1.6 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash e876c7268acd72c8475b7d0c2534162c
83cac186c0ebc22bbd94e4258d3b9f89bfdd93e0
6f0b5cf3682fa65fa3abc8de286e2cc8a2335b4f13b617ecc8e7e1b4c78bc697
GET /wp-content/plugins/fb-reviews-widget/static/img/avatar.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:23:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1641
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1
103.50.162.157200 OK 7.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with very long lines (14856)
Hash 25ff635e4eac54a25b43a6678c0ac374
dca3ba9f3acfe4641ff899e00777f8ce21a47353
9f0a810379d2839d367899bffce144a24f2e0401f5ee036a8ff9d235ab8d0abc
GET /wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2016 13:12:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 7080
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 00995660effd64403d80003b82cb91f4
a3e2d1b5751946e79f0deaa51e46d4a9cf2d7d53
1c08cf5a927fc42729c530e44ff2fe003ec0ad2f757f9d7fa1c169e3b65f92ce
GET /wp-content/uploads/2021/02/google-review-ico.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 20 Feb 2021 05:56:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1462
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 9f96c4202ffbe12fb4d7bd331cd76ec1
3bdd87b1bd0f76c7443f5e423956408eed3a3860
f7ffe7691ac1cf2ef7d64a5ad72d632e39d5b54ece90f2e5051d09de6a9d6476
GET /wp-content/uploads/2019/11/facebook-review-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:25:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1453
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 812a8ca3bfaf6470c1df6440236656a3
e9834f19e6680485977881875c5f56a27f81f415
a56e486cba71dd18706fb0616851a458d044b6e779b8e8d29b4ce6f134d0163e
GET /wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 10:55:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1530
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
103.50.162.157200 OK 4.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ff5cfc35d1d8041d820059e9fa17d10
83cf1c59fc31fec116c65d0ac5c1058415cb87fd
f5e95693cd8f040b5d1af4d6f3b22d4718f9dc1ab1f89d514e18514dc925b12d
GET /wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4728
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1
103.50.162.157200 OK 14 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (32003)
Hash 90b602e96dc8686ce38d4716c58e7284
701fb82d49244c5ebc04414adee026021f3a251e
d390d1917f2110b49e28e8f78523b3d72c333ef332f4759501e37d1113e92625
GET /wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2015 19:34:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 14315
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1
103.50.162.157200 OK 1.8 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d0681317b0b8f966b7285bdc2aeae277
a6240b58e048482b676e00e2d7ef33c2f9ea4145
efcc620e18e485ac4c40d4bc54d7927a5d2a901dcd43d452fff0b67f18a7650e
GET /wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 May 2020 07:16:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1845
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
103.50.162.157200 OK 3.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 3001ee7b4b2e6d4f72a8c15e833dc94e
7a4e50c47588cd3dbcb0dc37493ffea19048ca19
3f1f1f4cc42a985635913435111a836e7d35773ac94b8308c8a92018ef6b01b0
GET /wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3084
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 051b85ffbfbffb06086f46ee3d10d64f
2c482cbf5506b08adfb85e3eac90efc92c1f4bda
c5ca6532d1dd7294a3745bf288c552474bb264bc1e2d913af09f26405cdd69e1
GET /wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1338
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1
103.50.162.157200 OK 2.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (4991)
Hash 7709d149d74f9f8672bc2634ae80854e
7c47e83c1c8a31fb4cdef3a045960801bbc09f9a
f6c020cfd458ba4f998e07401853518cf27d27e9841de43d4bfd78e6b59bcafa
GET /wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2142
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
103.50.162.157200 OK 3.8 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 9eb77fc94de44ca81098297eafa71267
e5f706259e39b76cf62aa9f0e4f8c928cc31173b
72cb50ae5802da4c1ae2b84eec4e6930405d132e676b0b6597d24b413804ff4e
GET /wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3770
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
103.50.162.157200 OK 3.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 64d8e2b9d3c9a5d91014879ac7e19b1b
4511e9bea60d232d0a25cb120708764aeac63284
28e7b2c026d1adc94d152b8e50dedca32245d43476a70bdc26e679e2b162948d
GET /wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3442
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
103.50.162.157200 OK 2.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash e036f9dbd0e59aaf0f1d0d86d599a3b7
3908447e6f5e97b3775073f0fec276f13c484f56
8ca083d7f6a3b34b391ad095b185e99c6cfaa07ce6219aea09d504ecab0202c8
GET /wp-content/uploads/2022/07/site-icon-e1658727344127.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 05:35:44 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2702
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 05:42:51 GMT
expires: Fri, 17 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 468765
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
23.38.201.85200 OK 3.6 kB URL HTTP/2 www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
IP 23.38.201.85:0
Hash 52dcb4a0b018bccaa7dc2b2efedd45f9
6e33f1a5296e17d965273c2f5d5c835b74a8335d
51ddb24490cee70682ccf5c8130bbe5e0d3f41c197f41f0e036468aa48dcbfdf
GET /WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
vary: User-Agent,Accept-Encoding
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
content-length: 3563
date: Tue, 22 Nov 2022 15:55:36 GMT
set-cookie: TADCID=POORvB4Jthn0yy-HABQCFdpBzzOuRA-9xvCxaMyI13G1SI6ofQiNdmZMI2lme2fQZ-9UDKKy6q-PGHLW2V7-O6aGVbzWehg-HR4; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:36 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A1kPry8eFFZLk7nWhzVPS6shGd0grv0wJOO17WNttDTA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:36 GMT; Path=/; HttpOnly
__vt=LEbfO6FkEhLsQVe2ABQCIf6-ytF7QiW7ovfhqc-AvSGS6B_V_AYRbNyKBos0GQNXqpQ-59KnftFKp7xKGQ2hJ21x3JTqQh9nruPILuqekXMmaTORJbjsvpIrIWrmfIRRJ1L1ydDM8ASsz1GhToyJ8rk2W9U; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:36 GMT; Path=/; Secure; HttpOnly
TASSK=enc%3AADiOBIouCEe7XStxJ2y8R%2Fpd4NUuSf62lSlD2hGz0NkftRcnuZyrqf4iPfbG%2Bs9ChJ2HOwgRc7DHxLNS%2BWEwE0fmqcMX7x8ZRPxfskkn8JB5xD4A5qWzPYQltN5dei%2FfeA%3D%3D; Domain=www.tripadvisor.com; Expires=Sun, 21-May-2023 15:55:36 GMT; Path=/; HttpOnly
TASession=V2ID.167CD1086E8C4E2DB29E1E93E4E5475A*SQ.1*LS.WidgetEmbed-cdsratingsonlywide*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*DF.0*TRA.true; Domain=.tripadvisor.com; Path=/
SRT=TART_SYNC; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:25:36 GMT; Path=/
ServerPool=X; Domain=.tripadvisor.com; Path=/
PMC=V2*MS.50*MD.20221122*LD.20221122; Domain=www.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:36 GMT; Path=/; Secure; HttpOnly
TART=%1%enc%3A5O51oc1T0uq7r9cpQKTo2WnnXKXWQMO7m4Rh133BbMiLabzC3aqBUUlg1NvHsbj04ieoPdYMDDY%3D; Domain=www.tripadvisor.com; Expires=Sun, 27-Nov-2022 15:55:36 GMT; Path=/; HttpOnly
TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3*RS.1; Domain=.tripadvisor.com; Expires=Tue, 06-Dec-2022 15:55:36 GMT; Path=/
TAUD=RDD-1669132536810-2022_11_22; Domain=.tripadvisor.com; Expires=Tue, 06-Dec-2022 15:55:36 GMT; Path=/
TASID=167CD1086E8C4E2DB29E1E93E4E5475A; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:25:36 GMT; Path=/; Secure
_abck=8B98959F2C824CFE81AAD69E2FB30498~-1~YAAQBk8kFwrRVXuEAQAAP0wNoAjpecIMbKZ6Ywuf/H6FkxytZ+mv1fkfeXQnnJfAexc9ISxLMxZqZCjeLDf28OaLDuwUyYiQLdg18nTMkTGgpXxAmNMEG87IBvF+MzywLU9zKRXCi7h1Jn5EujULCCQPKsfBPEoG+AFXAW/Kj/2hTyIL37IXtsaIMr6nVYuqJ8fs4Vwg/Tdz454McU5Y6sxkmtdv3jJeEUrnK4XkOiNdAc8CKC7BQ7bgxLQGexsMXEdOy+VoMX3OP7frddGFxA2pg7lwE2hqhB6PmS5j6NpT0c9LZIJ8SIiexXHWsMkc8AwGM8WY284bNIloQkeMha/zS+p5ap4LYvTIBxvznY1AQ8FSnO4g3JCcPP16OQTrnVI=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 22 Nov 2023 15:55:36 GMT; Max-Age=31536000; Secure
bm_sz=755E05C371677F8E4FE85FB499F04413~YAAQBk8kFwvRVXuEAQAAP0wNoBHMuWiS0ch5c528k/GGvcVu9xlTv85unF0O87TnYIrLMR9A6yd/vs0qXLm/9du2x56EM63/2iDUv9Got/CKAhLWpHnxEDIMYJ3oKwdr0mYKebtHmIK2wnq+MDaNt30i8F/8w7+Mq8YMBppgmMFUqASUuT+OIfqxigbHSUPaYG5+4yz1GR7NypILlw41MnFndyOLt+kqr9wq5rgW9XU3nEfBx5vp6DrwwdVrtHfnNCdXgCINXF+VHRS31hzDy7crcbtvyTRyVnzmG7Fb/vYCJAL7HqiGcw==~3422260~3621940; Domain=.tripadvisor.com; Path=/; Expires=Tue, 22 Nov 2022 19:55:36 GMT; Max-Age=14400
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/2764.svg
192.0.77.48200 OK 368 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/2764.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (368), with no line terminators
Hash 0483f2b648dcc986d01385062052ae1c
61bd815f1497863265a76d92623042835e5e7fe2
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
GET /images/core/emoji/14.0.0/svg/2764.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:36 GMT
content-type: image/svg+xml
content-length: 368
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
192.0.77.48200 OK 941 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (941), with no line terminators
Hash e55f552bd0b1cf368b466422408c8401
bff73dd8aa8fef9a186be5834886f86e39e63cb3
e17d4d0339ce34ba1ee3274fdc98a1bd5ca4a8f309861b63b746970a609d7d63
GET /images/core/emoji/14.0.0/svg/1f60d.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:36 GMT
content-type: image/svg+xml
content-length: 941
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157404 Not Found 111 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Size 111 kB (110925 bytes)
Hash d062e2cf6f035ba043a7fd582d9f4b00
f085c5a86e9630a740163cd8acb029b22e00a7c9
d74b56c513677ed0251aedd3dea5ebbecd56de5c22ae6f5d7d3db7dd92b79971
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
151.101.86.83200 OK 5.1 kB URL HTTP/2 static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
IP 151.101.86.83:0
File type ASCII text, with very long lines (26406)
Hash 0161b3d4a3adb9245e5ac72965dc125d
f19742a7ddbd8145d2a89bd58e1417c7acad59fa
d8405c798647de03dd223c06c49f8c97d3b6e96f1ba44461cd6e60b78660f5cb
GET /css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Thu, 25 Aug 2022 11:31:45 GMT
cache-control: max-age=31536000, immutable
expires: Thu, 07 Sep 2023 00:49:56 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: text/css
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 6620740
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 1065
x-timer: S1669132537.085558,VS0,VE0
vary: Accept-Encoding
content-length: 5137
X-Firefox-Spdy: h2
static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
151.101.86.83200 OK 4.6 kB URL HTTP/2 static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
IP 151.101.86.83:0
File type ASCII text, with very long lines (13794)
Hash 08ebca29872d38bac5db15e89842ce54
1aa1db2be2f0d6538ca2d5aa8696391256eda62a
b1637b545eb89a5142710dacaf4e0b9c7e8af380acccbc9fe1678d26b4074ff0
GET /js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 17 Nov 2023 23:42:26 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/x-javascript
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 403990
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 3687
x-timer: S1669132537.085936,VS0,VE0
vary: Accept-Encoding
content-length: 4647
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0a5ad626d1ba8ddd7c0d24d20b7a0eab
2a098b38e5c91e4b3e6e92a567d36aa1c136ed39
f8e0672f400ed58bf505419f3b5b0ce9f78ae8087c905319d8830be950e1931b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 22 Nov 2022 14:41:08 GMT
expires: Tue, 22 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4469
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 05:54:54 GMT
expires: Wed, 22 Nov 2023 05:54:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 36043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72d50acad831beb6384250b4be217004
4c63b5d7120df90dce65d1d9a449e0779916cd86
948ea04f802c71a04d3a7f3e5a056b195b99d7e4b346b1b2e8afb53fd537b642
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=120690
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Etag: "637c0fe4-1d7"
Expires: Thu, 24 Nov 2022 01:27:07 GMT
Last-Modified: Mon, 21 Nov 2022 23:55:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
142.250.74.33200 OK 338 B URL HTTP/2 lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
IP 142.250.74.33:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 36f4c583b5b07b9a2dc6ff8475c01140
aec7344593dd0eb2720ea38e8f4e8c1ebbb14a6b
91f5ccaee89c9e29a27400e61f0ca916976b92bb63ba3f4c894e1a24c7095cfe
GET /-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename=""
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 338
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:56:18 GMT
expires: Wed, 23 Nov 2022 14:56:18 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
age: 3559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash a6b2f70df30f8909e81614d1258008dd
bd82488f8c8c2c478907dd4524deb12f81c3eaa5
df66f47fd44cc140265ce8fcf07d54aeca6908733751439b61f31c1231a2a976
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 299de1edb23311b9c4f5f92417686bcb
etag: "79bf67d8c311ba34adfc243e7d17eea9"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 22 Nov 2022 16:08:34 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: prL3DfMPiQnoFhTRJYAI3Q==
x-fb-debug: R96eawi5Jk8byV2+ivmofB5t5S9aafAIpv+WYksf54MbITI6OFHg+P0Bgkie4QmsHhFbmfMLD1/V2VKhCmfP4w==
priority: u=3,i
content-length: 1685
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4
142.250.74.2200 OK 970 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 142.250.74.2:0
File type ASCII text, with very long lines (2131), with no line terminators
Hash 8adb091a776a167adbc6b0f76019336a
1a35726c9792fd4697bfbedba2327e4350607135
aa4ff7c985eb6563c56774a0ef4809929728569e593c4761cfe1fc2308985508
GET /pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 970
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 16:10:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1
142.250.74.2200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP 142.250.74.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 16:10:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_GB/sdk.js
157.240.200.14200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_GB/sdk.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (1957)
Hash f01ed6335c3f88336d365393c6a2bd2a
96acec5449c01eb76ee8e2714f8137346519b386
8a248fdb7be092ae95c4b08a92ea5b5a2e1c5a8b9dfe6a51d0e52ff059efc3cd
GET /en_GB/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6c95143c980a350ba38643e3d8e0fa41
etag: "bbe0b5e84c0aab025daac2ab6853f798"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 22 Nov 2022 16:03:40 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 8B7WM1w/iDNtNlOTxqK9Kg==
x-fb-debug: A5VtVOR6OotXX2+ibAg8zVy+ZWUnrr4L1ycwgVyr7UyU6bks1OISASnbovMtMkYFvxO3ZaJZ9kHibCdBuhczdQ==
priority: u=3,i
content-length: 1686
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 0a5ad626d1ba8ddd7c0d24d20b7a0eab
2a098b38e5c91e4b3e6e92a567d36aa1c136ed39
f8e0672f400ed58bf505419f3b5b0ce9f78ae8087c905319d8830be950e1931b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1&z=1505278010
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1&z=1505278010
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1&z=1505278010 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72d50acad831beb6384250b4be217004
4c63b5d7120df90dce65d1d9a449e0779916cd86
948ea04f802c71a04d3a7f3e5a056b195b99d7e4b346b1b2e8afb53fd537b642
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=120690
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Etag: "637c0fe4-1d7"
Expires: Thu, 24 Nov 2022 01:27:07 GMT
Last-Modified: Mon, 21 Nov 2022 23:55:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
www.google.no/pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.35200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.35:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1>m=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.clarity.ms/eus2/s/0.6.43/clarity.js
13.107.227.53200 OK 55 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.43/clarity.js
IP 13.107.227.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (55029)
Hash 441723b72633b1ac9757ad7c63168005
806166ca9ebb5839dd90a5e5c9335e3e0b18c169
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 55116
content-type: application/javascript;charset=utf-8
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8fceb15c2864c"
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+fB8YwAAAAAbEG33kRNOS7PpNUVjmnLWT1NMMjMxMDUwMjA0MDA3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Tue, 22 Nov 2022 15:55:36 GMT
X-Firefox-Spdy: h2
connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9
157.240.200.14200 OK 88 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9
IP 157.240.200.14:0
File type ASCII text, with very long lines (18530)
Hash 521af6e8e497a101cdce0ab633a5ef9d
9a86cde9bc4411584cd0aaebe702503897e67064
6c1ae888d87e652553e8013068cf7272e14d9ab49e6a6aa8edd5c61c6860d92e
GET /en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 716687a6098218ca2dde368f4255e3cc
etag: "8769844141bcb0e280eb2ab9e0bfe8b8"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 22 Nov 2023 13:33:53 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Uhr26OSXoQHNzgq2M6XvnQ==
x-fb-debug: ezTv7HqR0+WSmuuZ9AyWzz9m5vlErMcZxfrNxQBK0u09SKR0Fm7GnYU8ywFZduUGVzE9W4TIAFiWO+SJ6s6+Wg==
content-length: 88359
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 32a447aac604d3442ba188530013eaa2
0f4427ede986e900318c3d4027f53d3616ee9039
2757d808ed6469910604a8688b9eb624213f2d6917fbdb64d99fb845623c2624
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 22 Nov 2022 15:55:37 GMT
Last-Modified: Tue, 22 Nov 2022 14:36:09 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NZPfndMYslZqbBE-NrZL2Fn5xTsJWrK3_GvVDMhchemUv3tyxkcttA==
Age: 4768
l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
18.193.55.12204 No Content 0 B URL HTTP/1.1 l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
IP 18.193.55.12:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 22 Nov 2022 15:55:37 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
54.230.111.117200 OK 763 B URL HTTP/2 buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
IP 54.230.111.117:0
File type ASCII text, with very long lines (763), with no line terminators
Hash d561e09722a4e9a9aab1f41b2c7f9be7
050d4da83989f4a5a65e5293ed8ca2cfaaf91502
c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9
GET /js/5a3603310c3a12001239de22.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 763
last-modified: Mon, 18 Dec 2017 11:52:59 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 22 Nov 2022 15:55:38 GMT
cache-control: max-age=60,public
etag: "d561e09722a4e9a9aab1f41b2c7f9be7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Wu3i3lJ_YvsBgRKfNV3CYQ3rsVRTI1OJNBS8K7kJ0YVze95r1DjzLw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
151.101.86.83200 OK 26 kB URL HTTP/2 static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
IP 151.101.86.83:0
File type Web Open Font Format (Version 2), TrueType, length 26252, version 1.0\012- data
Hash 2d0c909fe09ed8ef77056363d8963d2e
f81b7dc1acf5a2c25e46a893be5fe09622716d70
b182c7fce760e8851d7e91095237ff86a4f7036c78ddf4107ead869ff2f3502a
GET /css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023 HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://static.tacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=2592000, immutable
expires: Thu, 22 Dec 2022 00:44:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff2
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 54668
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1669132538.760063,VS0,VE0
vary: Accept-Encoding
content-length: 26252
X-Firefox-Spdy: h2
region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY>m=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY>m=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KLTY4E3YBY>m=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1
142.251.1.154204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1
IP 142.251.1.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537>m=2oeb90&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
103.50.162.157200 OK 58 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash b98a259e7ff77c66f450295ebb5e0797
21f52b10db38256d365902c7c3c86a7427abef17
2cf3476b669e2274a11b9d2e0c174fbbf4dc212d795f7e01ba95d492bdef79dd
GET /wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:13:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/email.svg
54.230.111.19200 OK 343 B URL HTTP/2 platform-cdn.sharethis.com/img/email.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 24 Oct 2022 02:44:38 GMT
cache-control: public, max-age=2592000
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iSkRUuUA7KCsQYIARBvy_tGbovBQNEZabZWTB-euLw3o3C6DUihm4g==
age: 2553060
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/pinterest.svg
54.230.111.19200 OK 771 B URL HTTP/2 platform-cdn.sharethis.com/img/pinterest.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Hash 2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d
GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
date: Sat, 29 Oct 2022 01:10:18 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ToqgJGoxkd02wk8-Vi8mMryn6D7DmLNB5J6B9F_xhfJmVG-zybUjJg==
age: 2126720
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
103.50.162.157404 Not Found 40 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 84f08245b615693aaea80b18ec92401c
1abc3d4f703ee94e47f06d1c4d63943f822b131e
4a75085ccc7e0a84fe2a62b7ff3f24eb698518b33e0d5978c23e6f997a4b48de
GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/arrow_left.svg
54.230.111.19200 OK 565 B URL HTTP/2 platform-cdn.sharethis.com/img/arrow_left.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Hash b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 25 Oct 2022 10:31:58 GMT
cache-control: public, max-age=2592000
etag: "b55d8d2b9321e381a3c38a4bddb74037"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LmMpD3TiWclznhvCzFhed_RshboijwtqD2ZeLN7Rm1j1emdatmxT0Q==
age: 2438620
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/facebook.svg
54.230.111.19200 OK 301 B URL HTTP/2 platform-cdn.sharethis.com/img/facebook.svg
IP 54.230.111.19:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 03 Nov 2022 15:33:17 GMT
cache-control: public, max-age=2592000
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uTfrnfB4zzkAYpu6uAb_wggKUNWTRdWDUr9HXVqSgvA0uC9lpopteQ==
age: 1642940
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=2956AA964078686D0E6DB8F24478665B; domain=.clarity.ms; expires=Sun, 17-Dec-2023 15:55:38 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 0
X-Firefox-Spdy: h2
www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
23.38.201.85200 OK 2.3 kB URL HTTP/2 www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
IP 23.38.201.85:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash bf29758e41903e1fabdc4a19c89bac9b
1ff70aca18e5d207268b7888d56ab2a897909ff8
6936f35bf6375797c7d4a526dd6bfdf2a5f3d0dfb4e4d1e9e292ce31bc45702c
GET /img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 23 Nov 2022 03:55:37 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/svg+xml
content-encoding: gzip
vary: Accept-Encoding
content-length: 2315
date: Tue, 22 Nov 2022 15:55:38 GMT
set-cookie: TADCID=csXMTIqll09-A4_AABQCFdpBzzOuRA-9xvCxaMyI13G1SAKs-Qsgbk3QLKufuUAr_497mVa3LaWqwqO4GvAYL17QrCObv1_FRXc; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:37 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A3eo7X2C%2Ft9Tk7nWhzVPS6shGd0grv0wJiuXZBL4OvrE2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:37 GMT; Path=/; HttpOnly
__vt=ICDBsh-BMFq0lnDPABQCIf6-ytF7QiW7ovfhqc-AvSGS6MIhNddj6MW75MKdc51dKD2siZ3NklPYhv0dr9XyU8DXIh27tTnuTGAOrpAKsc1AS4qUu8SdcKGSTThQ2WMGfsRBFdgSNHg_f7AgRVbgP9d-KQ; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:37 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.BC6A938353F8481F478AEF85161EE4D5*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=A; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-11-22; Domain=.tripadvisor.com; Expires=Sat, 21-Jan-2023 15:55:37 GMT; Path=/
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 808
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:37 GMT
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
103.50.162.157200 OK 11 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e10502927cb3f23b202e7cb82fc07796
64454b2191829153b92a11424ab3765832d63f0c
73bed124aa35379906624895beca4c6853d2c3933ab334dc04ff958c4bcaf16a
GET /wp-content/uploads/2022/07/cropped-site-icon-192x192.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.2017814777.1669132537; _ga_KLTY4E3YBY=GS1.1.1669132536.1.0.1669132537.59.0.0; _ga=GA1.2.2134576247.1669132537; _gid=GA1.2.108769051.1669132537; _gat_gtag_UA_233581752_1=1; _clck=1jqgblx|1|f6s|0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:38 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11430
content-type: image/png
date: Tue, 22 Nov 2022 15:55:38 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
103.50.162.157200 OK 1.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 66bca48be9ab9ade409124603161521b
e7302b18db5561118e775c33943be87b774e45f2
301f6b6efef20378c0c2f98586c9f73a05bfb0db528a4e4c41c6fd239a74da5c
GET /wp-content/uploads/2022/07/cropped-site-icon-32x32.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.2017814777.1669132537; _ga_KLTY4E3YBY=GS1.1.1669132536.1.0.1669132537.59.0.0; _ga=GA1.2.2134576247.1669132537; _gid=GA1.2.108769051.1669132537; _gat_gtag_UA_233581752_1=1; _clck=1jqgblx|1|f6s|0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:38 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1373
content-type: image/png
date: Tue, 22 Nov 2022 15:55:38 GMT
server: Apache
X-Firefox-Spdy: h2
count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
54.230.111.84200 OK 176 B URL HTTP/2 count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
IP 54.230.111.84:0
File type ASCII text, with no line terminators
Hash b658a5a578c8434f6f5dd7dea671c0fe
c126e491ef71e7c0565501d8d6f615e8cbfc2b74
52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34
GET /v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe HTTP/1.1
Host: count-server.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 176
date: Tue, 22 Nov 2022 15:55:38 GMT
etag: b658a5a578c8434f6f5dd7dea671c0fe
cache-control: no-cache, no-store, must-revalidate
apigw-requestid: cAqXFgjZIAMEc0g=
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 487ctJFrkODurK0drb-TPLWdx5iQmlbixjsyCHSEV0_xwiXAQehx7Q==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=15039833ED8D6F741FBB8A57EC786E1B; domain=c.bing.com; expires=Sun, 17-Dec-2023 15:55:38 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D73B4AA39CAF4ADAB87B3772E8854DA1 Ref B: OSL30EDGE0522 Ref C: 2022-11-22T15:55:38Z
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Tue, 22-Nov-2022 16:05:38 GMT; path=/; SameSite=None; Secure;
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 114245
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:38 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1054
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:40 GMT
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 16 Nov 2022 00:19:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 27 May 2020 07:53:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/hello123/apple-touch-icon.png
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/hello123/apple-touch-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/plugins/hello123/apple-touch-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:37 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/06/Favicon.png
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/06/Favicon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/uploads/2022/06/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:09:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:37 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:37 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:36 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/plugins/hello123/sw.js HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 28 Jun 2018 10:17:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
platform-api.sharethis.com/js/sharethis.js
143.204.55.106200 OK 0 B URL HTTP/2 platform-api.sharethis.com/js/sharethis.js
IP 143.204.55.106:0
GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Tue, 22 Nov 2022 15:50:20 GMT
cache-control: max-age=600, public
etag: W/"30217-4R/x1mcbHYoN8J5L8eO1d9Nv/qY"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e3yc6d-8rf_FUrkX4zPn3KkAj5k8L2sSgzwufboj32KJ6tKkJ11WAw==
age: 317
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 04:28:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
IP 142.250.74.10:0
GET /css?family=Open+Sans:400,600,700|Raleway:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Nov 2022 15:55:36 GMT
date: Tue, 22 Nov 2022 15:55:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.clarity.ms/tag/80x2itprfu?ref=bwt
13.107.227.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/80x2itprfu?ref=bwt
IP 13.107.227.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/80x2itprfu?ref=bwt HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=8ac7aced6e0542ea955852736805fc3d.20221122.20231122; expires=Wed, 22 Nov 2023 15:55:37 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+fB8YwAAAABO4Eol3iOxS4mtjpTJZfXDT1NMMjMxMDUwMjA0MDA3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Tue, 22 Nov 2022 15:55:36 GMT
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/uploads/2021/08/WhatsApp-Logo.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 10:40:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2