Report - heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

Report Overview

Submitted URL
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2022-11-22 15:55:44
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
s.w.org	748	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	2.2 kB	192.0.77.48
static.tacdn.com	10336	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	38 kB	151.101.86.83
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	95 kB	157.240.200.14
www.clarity.ms	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	774 B	56 kB	13.107.227.53
count-server.sharethis.com	11699	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	506 B	688 B	54.230.111.84
www.jscache.com	16218	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	490 B	731 B	151.101.86.83
www.heavenlybhutan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	23 kB	339 kB	103.50.162.157
lh3.googleusercontent.com	66	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	469 B	958 B	142.250.74.33
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	944 B	143.204.42.88
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.2 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	2.3 kB	142.250.74.35
platform-cdn.sharethis.com	11841	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.5 kB	54.230.111.19
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	433 B	746 B	142.250.74.10
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.1 kB	10 kB	142.250.74.35
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	784 B	112 kB	142.250.74.168
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	510 B	46 kB	216.58.207.195
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	2.8 kB	142.250.74.2
l.sharethis.com	4794	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	407 B	18.193.55.12
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
c.clarity.ms	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	857 B	1.2 kB	20.234.93.27
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	21 kB	142.250.74.174
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	34 kB	142.250.74.138
buttons-config.sharethis.com	6006	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	1.3 kB	54.230.111.117
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	498 B	569 B	142.251.1.154
c.bing.com	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478 B	795 B	13.107.21.200
platform-api.sharethis.com	5118	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	596 B	143.204.55.106
heavenlybhutan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	888 B	1.6 kB	103.50.162.157
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	34 kB	69.16.175.42
b.clarity.ms	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	873 B	20.75.32.255
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.160.51.228
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	1.2 kB	142.250.74.164
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	164 kB	142.250.74.163
region1.analytics.google.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	826 B	569 B	216.239.34.36
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
www.tripadvisor.com	8786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	21 kB	23.38.201.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-22	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2022-11-22	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2022-11-22	medium	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (45)

	URL	Size	First Seen	Last Seen
	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	76 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash c6049ee23733acab27282589c2f68aea 0fbb9f5997cbdab7882dd04cd1fc4ee2da6b670d b8917247009ebb885de89942ea8da2e67290c780ee3329725cd62fa5a97a85bd Loading...

	platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop	197 kB	2023-03-08	2023-03-13
Pretty URL platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:38 Last Seen2023-03-13 03:12:01 Times Seen1 Hash c8bc939471ef6dab0c390710d339b448 e11ff1d6671b1d8a0df09e4bf1e3b577d36ffea6 f2543598ef1f4ead06a604ac151e0466dd405bd6fcce02c9074567066eb89085 Loading...

	count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe	176 B	2023-03-08	2023-04-23
Pretty URL count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe IP 54.230.111.84 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash b658a5a578c8434f6f5dd7dea671c0fe c126e491ef71e7c0565501d8d6f615e8cbfc2b74 52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	2.2 kB	2023-03-11	2023-03-11
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 13:38:46 Last Seen2023-03-11 16:30:18 Times Seen1 Hash a10acf84769b1d6a2168582a848cbc02 1a808f58eadf6048b6f651e22df9b3ff7b341e25 2c2cdacf222cd2508171fd4773595061b1ed5b15d990b5dc6e692bd8d37f0725 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	84 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash fecf798e33f7abf83dcb48aa3f0b8f15 14db8bfc490d48ed6eb4e33a6bb13d39f8e62e2b dcbf0f78627a3697478f393225667707b718cb880c1620d988a598f5ebd07e36 Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1	37 kB	2023-03-07	2024-04-26
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-26 11:32:45 Times Seen34454 Hash c5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	112 B	2023-03-08	2023-12-16
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-12-16 12:31:38 Times Seen31 Hash 19c3937333be96ebffcd5efb99f9c031 3ed57d8bb8aa7658ff6a30994e41cb9f31d5a9bc 0c5c780d572dca2e1cf3dc126075151a6e8df0d09f8d78fc99019c54b2ca05d6 Loading...

	www.googletagmanager.com/gtag/js?id=UA-233581752-1	112 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=UA-233581752-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash 9eaf9ae39b87e97045844acfa51d2ed5 72a04afc29428b8aeea7bd372aa144e334ff4582 23b160c7d05f66ff1330ccce03d150f1f00e7183bb4496ddca5c9e8a27bd7f53 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	136 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 8cf5394d9049dd6e25ee686f24fa2dfa a4ba0ce28631767912f8e095d283830e135cff8c 17e99ef63fefcec20cf375cfe02410cbc64e9623748efc336bb50d424bb49969 Loading...

	www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US	15 kB	2023-03-11	2023-03-11
Pretty URL www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US IP 23.38.201.85 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash f3eb355a2034004edbd6d5d101928e93 17eb11f0d163ecea1e01b6e89138fcd4f8f64033 c637cc64b6dcd0a86a300cb789ac40787a5eb287172fc371fad688d63dde94aa Loading...

	connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0	3.1 kB	2023-03-11	2023-03-11
Pretty URL connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:25 Times Seen1 Hash 299de1edb23311b9c4f5f92417686bcb 6e258fd2f1cae901e946432827694cf269787801 abbc650b26df1cf35c12d97278a63d3ce726ea67fd146685a10db9c3cb094ef3 Loading...

	www.google.com/recaptcha/api.js	850 B	2023-03-08	2023-03-17
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash a6d9f11246866ef6247a51ae9116cf53 1ba0ec4e57dd5d3845edb729fea44e6f709c7aca 60eac53947f6a289ca775891e56b3a4a1084cb8763fe2bf4220b759a58761f1d Loading...

	www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-26
Pretty URL www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 16:08:31 Times Seen38067 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.google.com/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-20
Pretty URL www.google.com/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-20 17:48:03 Times Seen63949 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js	763 B	2023-03-08	2023-04-23
Pretty URL buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js IP 54.230.111.117 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash d561e09722a4e9a9aab1f41b2c7f9be7 050d4da83989f4a5a65e5293ed8ca2cfaaf91502 c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9 Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1	9.4 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen7 Hash d09a2fa35d2925f8c00c657ec546d882 0448e16938b5ced39d61476c9f9a8f1ba611ef56 f2b70decc8610045eb84a80cbf669c3a1e52b2435e7c6fe3703893649001b38a Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	307 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 24c9615b420990184e85d339ce329af0 64b833a695004bc86e4a760480b382206af5427f f8586d7463fb771d4a2dff579bf79770e6bb84c26d7d8b9c09d6af171ed52412 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js	93 kB	2023-03-07	2024-04-16
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:06 Last Seen2024-04-16 14:06:13 Times Seen649 Hash e7155ee7c8c9898b6d4f2a9a12a1288e d1b0ac46b41cbde7a4608fb270745929902bac7c fc184f96dd18794e204c41075a00923be7e8e568744231d74f2fdf8921f78d29 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	317 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 285677233354e6bc3314aa801b153906 08843186aa460a56ccd0bc935f5d25e59b0a48df 84add2e891aa85cf5778686e3c10c3d892d13c74bade98d89e9a2c8ad1b3fbb8 Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1	227 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash a7eea7059e6ec3dae416af8218628242 1ca4158594ff05a67170f5ab76e90b9fbb3cff75 6eece3fbdb4769f95c3c71e43696b32302db6418dcb778686edd7e332fd56743 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MMC9V55	96 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MMC9V55 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash c6fa4729bcd2067747154183dbf8f976 df00bfe005c1e2045600eda8db102516ff2a88d2 a54fc120362f427e6a1779f4ad0a6048f45192d199260ac678ecb02b378856a8 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4	2.1 kB	2023-03-11	2023-03-11
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.2 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash 40ac712380f706e46cec634f5b80838c 7851b62d9578f3f6dfe95dc91f469e3ebab48a4c 92070a82767134780006158aadcb65a5b2d2a3315e8b583acbe8f4dd4d0fd780 Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8	23 kB	2023-03-07	2024-03-25
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2024-03-25 18:21:41 Times Seen12 Hash 6568b156990a9cc281edbcfd520e1144 0ad0d5bcf640f88cd1ce75b339757c21b5ee3e65 0df1f7d62263a13e19684a322a0cf45889033f7a83fc6ace824f7be093de95ec Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1	5.2 kB	2023-03-07	2024-04-21
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:36:09 Last Seen2024-04-21 12:31:11 Times Seen757 Hash 44701cfb0078345ec1d432f661e33709 0b31dabace05042ee29f5989b0191e7e4072a88f 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f Loading...

	connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9	313 kB	2023-03-11	2023-03-11
Pretty URL connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9 IP 157.240.200.14 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:25 Times Seen1 Hash 716687a6098218ca2dde368f4255e3cc fdcfde522a06752247623ba2e5c49ab81e42a39c dedb521d2f536debbdfa88162f44f968a46faadb155955bbe436d10c3d606b6e Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 4662b9c41cf3a3d3fc8ffd3a0dc8d6a9 50efef9f56112d839fe841609494861472584f94 d06527470fc193f40457743b08f34ed48d404954ffcb3f020fd19ffaed8e850e Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash a3a0fe1caf653a01f75cba9c8ab9c67c 5ac9e624f11b78fdd4597a61d336428b7069db20 1c5611fe8aab1bdaf27a0e019282f713589cfcf541d347dfa9b95aa170e1bd6c Loading...

	www.googletagmanager.com/gtag/js?id=AW-10952182701	182 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10952182701 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash ad297a52558c378c3eaaf77caea3a632 07394687431637ed1d2ec5df8f1250d419c4012e a40912ead253b523a350ba1f8a4a810b35959530b7f0b98e43dc2041fd533791 Loading...

	www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2	307 B	2023-03-08	2023-05-13
Pretty URL www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 IP 151.101.86.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash 309f508854c65cd4aba2417165dd9231 90676003edc377e88e6695efd87e492aaf25d1e4 01e85ac42ac2db3eaa19e9a392c9a30acca1e17e76e68da2a73bf00cf852e723 Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1	3.4 kB	2023-03-07	2023-10-24
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2023-10-24 11:59:07 Times Seen23 Hash 7fc0f2a754835e99a8ffbd26b6d7de97 a33477eda851e548dcff03014a5f9e92f1ae88b1 74e96d956bb5697d88ac6c4f715bee9c9bc79c34e466cbadae6be2111eb92cd9 Loading...

	static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js	15 kB	2023-03-07	2024-04-25
Pretty URL static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js IP 151.101.86.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:03:25 Last Seen2024-04-25 18:37:12 Times Seen710 Hash 9d1a046b5d9f975765a5adc3c8f2722e fd964609d091c301d408e879aa431a2a52e74a2c e94e0140ad5ee0dd772ad05d9ba5cc4cf3e2a1f5d420ea5cb783edbdbdda9f10 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 19:47:52 Times Seen37099305 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	code.jquery.com/jquery-1.12.0.min.js	97 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-1.12.0.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:02 Last Seen2024-04-26 11:39:40 Times Seen4948 Hash cbb11b58473b2d672f4ed53abbb67336 66f47b885d587aa9a6c453ae3f2c9a382e5c7ec7 5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	314 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 7d2264c623db9f85c7026ded89332ce1 8b0581df9c85e9eee272d2359cd00fd49615d9f0 6a82739904bc8ba680c1ecb8e7fa96e35d3806b7bc8f75575bb75cdcdd00fa4c Loading...

	www.clarity.ms/eus2/s/0.6.43/clarity.js	55 kB	2023-03-08	2023-10-23
Pretty URL www.clarity.ms/eus2/s/0.6.43/clarity.js IP 13.107.227.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:44 Last Seen2023-10-23 15:37:18 Times Seen9 Hash 441723b72633b1ac9757ad7c63168005 806166ca9ebb5839dd90a5e5c9335e3e0b18c169 cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	161 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash d077e03a82bf86d21b930cbf5f61f946 77d7fbaa3f829cb17bddacc17ae80a700320eaf6 d9247e8f2539f5ae91de2ee01e6583da39012112f3c3201f7319920bb5a39d82 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	325 B	2023-03-08	2023-04-05
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-05 02:11:52 Times Seen3 Hash b7a25b8919d62bbb07ca33682a1ed053 2e9e58d8a038393d88dc1ee39920624069454921 6c2c31f52cb8a456975fcbd98f17b12ef7f2ed8ada6f853e6f56fe89d76f844c Loading...

	www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c	219 kB	2023-03-11	2023-03-11
Pretty URL www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash f9ece7bf0664acc7bd5d8d4c7ef70478 350b661ac299d42560f1cc240bfd8346449d4f3c 0abb1ced0021b701cf40cf351653021a963829b4211da50f463437318b43906f Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	158 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:08:29 Last Seen2023-05-13 11:06:47 Times Seen5 Hash aebf4930ad6b1b89e384f946c6a519f4 d9e8db4ee405495358914048b1a6454a1927f183 7ef3b8c3d5640112ebe93f49829cbd3893ba355e6cf6498eebf849a33dbe2553 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	290 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 11f2283e1c750c1da6332c37c228e260 9d4737fb37702cbb878de00420775c26ff050646 781566367ad976baa8969ad6bf9e0da9b7dba96e31d9fb598bdf85a6696eb178 Loading...

	www.clarity.ms/tag/80x2itprfu?ref=bwt	1.3 kB	2023-03-09	2023-03-11
Pretty URL www.clarity.ms/tag/80x2itprfu?ref=bwt IP 13.107.227.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:52:51 Last Seen2023-03-11 21:53:01 Times Seen1 Hash c32ec361d5b93e20f7cf63765f51c095 6c26bfac4d93f100799030d444aee3c4e3d3cd4f d1d90cf0e7549f1b3c56ec1898ee19a8124776ad6611c64e2ba4b198bbdabbcb Loading...

	connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022	3.1 kB	2023-03-11	2023-03-11
Pretty URL connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 15:46:20 Last Seen2023-03-11 15:46:20 Times Seen1 Hash 6c95143c980a350ba38643e3d8e0fa41 a4c741d1cb86655cf6cc120868f1fe28d16fee5d 58ed4efd15d0c5d876cd0d0d0bc9206dda36260d9fdafc0dccb5823adb014c5a Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1	16 kB	2023-03-07	2024-04-25
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:33 Last Seen2024-04-25 01:09:57 Times Seen1531 Hash da941a6e1e1df098744318f6d25ba13a 15f441d0df5a01efc674d62b88c0c95bf233656a 2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	440 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 0130183c1c138771b5e140b838f02d45 6d18d592e74f9d192127fe24777409b9162bb8de 41fea4019aab929879874fc4a82257e127891888d6e60afc5b9e0006de4feb18 Loading...

HTTP Transactions (132)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dfb72f04bd7a4410640c0543bb4bd402
7c63b7e220b337b6a4f39864e11d6aa9e26c38ac
b7f7a4d355ed3b847a5e28f16030d5cbc715d47326aea20f292cd76dcaf59794

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7F7A4D355ED3B847A5E28F16030D5CBC715D47326AEA20F292CD76DCAF59794"
Last-Modified: Mon, 21 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7664
Expires: Tue, 22 Nov 2022 18:03:17 GMT
Date: Tue, 22 Nov 2022 15:55:33 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b59d95402dfb464c176610284ba13f65
1a6c62fb0d48654dd204b66161bb03fefe60f71a
40cfd59b890ec5a3570603d28d90bd7e5c506babd52c2ece93e09f1c7b2a6880

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5664
Cache-Control: max-age=159006
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:33 GMT
Etag: "637ca4f3-1d7"
Expires: Thu, 24 Nov 2022 12:05:39 GMT
Last-Modified: Tue, 22 Nov 2022 10:31:15 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8a6c553d89cb6fd1de4787fee2a0e0dc
b974e022ea8675c0a09f58864cc99df05b5b1241
a62ecedcb0953814f982237818a3d902fdca501f82b675629d28b5d476e0fbfa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A62ECEDCB0953814F982237818A3D902FDCA501F82B675629D28B5D476E0FBFA"
Last-Modified: Mon, 21 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2414
Expires: Tue, 22 Nov 2022 16:35:47 GMT
Date: Tue, 22 Nov 2022 15:55:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 22 Nov 2022 15:09:23 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2770
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ZldPA3kQ8KI0wzMAyHIH4t9bSdKPBCC2WZuxOciPRPxAZutSMZUQYUtV/CKp5ohVOMPU6x6pVNs=
x-amz-request-id: 7ZX7BPR4JW2TX006
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 22 Nov 2022 15:42:37 GMT
age: 776
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

280 B

URL HTTP/1.1
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
280 B (280 bytes)
Hash
023ac1b25303dd2b521ec25e1274e490
c44bc2238f7227be4cc63f75c0eee098bc01cd66
634cebac5c21890cbed71111b2342cc5792fe987a2b41bd75c9a6866cbec06e9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Nov 2022 15:55:33 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Cache-Control: max-age=0
Expires: Tue, 22 Nov 2022 15:55:33 GMT
Content-Length: 280
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:33 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 22 Nov 2022 15:11:10 GMT
cache-control: public,max-age=3600
age: 2664
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
59957e786f627cdde1c66e63f070f64a
9cd55c0c70fa1c65781c61335161178244d1de1f
1d8f0d89f0f4a30168e576a8e2f79274b5afbb39346a88e3bd2d0340162ca3bd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1D8F0D89F0F4A30168E576A8E2F79274B5AFBB39346A88E3BD2D0340162CA3BD"
Last-Modified: Mon, 21 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1183
Expires: Tue, 22 Nov 2022 16:15:17 GMT
Date: Tue, 22 Nov 2022 15:55:34 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8a181d95550cfdf3b1fc4deb71631e40
37866f7293c41fbfb817e321754cae5c5bf59f93
6aa3d2763181cc48d2ad0ce7d227f3cb3324045c3f7858ccdbae675768dcec55

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1753
Cache-Control: max-age=150034
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:34 GMT
Etag: "637c912f-1d7"
Expires: Thu, 24 Nov 2022 09:36:08 GMT
Last-Modified: Tue, 22 Nov 2022 09:06:55 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.160.51.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.160.51.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FCSL25xZ5Sw8fCqSlxSMuA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: jTXQEdDpLAOpwEb77H61YbO/0k4=

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

0 B

URL HTTP/2
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
expires: Tue, 22 Nov 2022 16:55:34 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
x-content-type-options: nosniff
location: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:34 GMT
server: Apache
X-Firefox-Spdy: h2

code.jquery.com/jquery-1.12.0.min.js

69.16.175.42

200 OK

34 kB

URL HTTP/2
code.jquery.com/jquery-1.12.0.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32060)
Size
34 kB (33820 bytes)
Hash
e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337

HTTP Headers

GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 22 Nov 2022 15:55:35 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1669132535.dop218.sk1.t,1669132535.cds264.sk1.hn,1669132535.cds229.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fab2cb3bd48a955d89176110d75459e4
8e642591b32f0095b8302d23b2aa3d4849352c56
71e3ae0dd72335874bd1e42e216d72a6185fb21786e55efbf3012ee0094692a0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js

142.250.74.164

200 OK

553 B

URL HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
553 B (553 bytes)
Hash
1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Tue, 22 Nov 2022 15:55:35 GMT
date: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js

142.250.74.138

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (65479)
Size
33 kB (33396 bytes)
Hash
a1dbc2376faed4d6de4f5918c679a3d5
a9deb320a96ac3ddd24bb431b2854ff64f789e5e
6c96b4087484f1793973c8bb673eae22e7798be772392a0eed8f5f9252a472d8

HTTP Headers

GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 20 Nov 2022 20:01:08 GMT
expires: Mon, 20 Nov 2023 20:01:08 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 158067
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-233581752-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-233581752-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43610 bytes)
Hash
f73446710f8f5ccfef699711a4bd464f
41c2186258c5184ac8cea6a8157dcc426f40aecb
d0c23f7514479c085845ce5a0d5087067ade17fe333253c5ca6a1c350895492b

HTTP Headers

GET /gtag/js?id=UA-233581752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 15:55:35 GMT
expires: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-10952182701

142.250.74.168

200 OK

67 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-10952182701
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2919)
Size
67 kB (66991 bytes)
Hash
ad7779a3ad805fc3ac1b27073fa263e8
0e60032dde10effce8ce5a207af5e0cc35bea007
6c1b0e90edcc5285d9f366b1e9e8ab6a703c5f4da1b9652bf396c842350307d1

HTTP Headers

GET /gtag/js?id=AW-10952182701 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 22 Nov 2022 15:55:35 GMT
expires: Tue, 22 Nov 2022 15:55:35 GMT
cache-control: private, max-age=900
last-modified: Tue, 22 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66991
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eb526d16fc4a304286cf261dc5d8abea
0aed946d28abc21cb11657e6f864b561a0c68fba
551520b0344d58c1b4ddc9dfb452da2acf43080871a7037f4530eec48fb86362

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9ef11a2d1e232b4b45e40ff0c29fa8b0
0966963f13e3b149e3e3c8c2c81e7986d1d8a07b
9ce8b9ab5f1dfdc0686d1660ed64c6eff5cc3d1492d82aa769ac58e3a159dd1b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
585eab785e44953b9e6d7c389024ff3e
57582825e9a285177f38cd2fa868ad3a8eab85d1
f1c62af1e27c8510576adcb62b28be35f290d2ee71e873f7000c194980522e80

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

151.101.86.83

301 Moved Permanently

0 B

URL HTTP/2
www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
151.101.86.83:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.jscache.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: envoy
location: https://www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
expires: 0
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
timing-allow-origin: https://www.tripadvisor.com
content-type: text/plain; charset=utf-8
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:35 GMT
via: 1.1 varnish
x-served-by: cache-bma1675-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669132536.559481,VS0,VE143
content-length: 0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive

www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1

103.50.162.157

200 OK

189 B

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
189 B (189 bytes)
Hash
5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 02 Nov 2022 12:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 189
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8

103.50.162.157

200 OK

1.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6095), with no line terminators
Size
1.7 kB (1699 bytes)
Hash
807a495302e6eb0e3d2ab42f64c02887
564ea424819ad6206fcc7a5a5467fd0dbd41fed1
c91eef585a2f5367b79656186abeeefe032770a34518a8963e7590cee6f5d0ec

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 04:47:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1699
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
611d1eca860866489908506a26bd6a2a
5e8c401f098357cd12889a6e507baf7c8a87772a
e3216e5edd547bc8f6a43780da5a118842b96de96d5cf668af68d8706ceb32e4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E3216E5EDD547BC8F6A43780DA5A118842B96DE96D5CF668AF68D8706CEB32E4"
Last-Modified: Mon, 21 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3465
Expires: Tue, 22 Nov 2022 16:53:20 GMT
Date: Tue, 22 Nov 2022 15:55:35 GMT
Connection: keep-alive

www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1

103.50.162.157

200 OK

4.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (21597)
Size
4.5 kB (4487 bytes)
Hash
7f01d3c2dd8fdc231241f6a3b10def8c
76646b14e9ce97d384b9adb20c622f09c7ecd140
999c4a983cd4b5a1a7652aa436630a18c1a6dbf91de090c903ab507b07df536a

HTTP Headers

GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 27 Oct 2022 00:19:31 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4487
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1

103.50.162.157

200 OK

1.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.1 kB (1102 bytes)
Hash
6fe412ab00fa602fbdff1ebc56c0122f
30a1a170684805d401207dc3c29bbbc16ed5795a
86158384e8fce089c0b8ec4d2cca88be20511262a175da582df15465e464caba

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 31 Mar 2021 04:15:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1102
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1269 bytes)
Hash
967924886f14c2bf9ea1d320dc4c6c4e
7adfd48f7d7215535dfd7db7a025999ad6bab52d
9d7b368e9ea3c04bf17f94c8080202d0a9ab1fee6e5143840fa5bf0617d133bc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 27 Mar 2018 06:42:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1269
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1

103.50.162.157

200 OK

5.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
5.2 kB (5195 bytes)
Hash
0a8bd7341207a9042050c53b5e7bac6d
e21aa6bed02c4b6ee4cdc76c2870a737b27add14
6787293b487d3e4dd641e3e0b60b49d508a419979910abceeabac53601865cec

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sun, 03 Dec 2017 13:28:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5195
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6031 bytes)
Hash
4f3fad7453f45dfa617243c8beac64e1
56414a905340e1b1478a0a40a52b25365a724524
7befcfbedac5652eb04bc675b67f7b642631d4e918f7aaee17b0b594e26854d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9029340f-28c3-4004-9012-9a24977dfd45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6031
x-amzn-requestid: f59b04c5-4955-4847-9a7f-d9d53b47ca52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b3cV0GC-oAMF5hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637940f1-0425b3cf6a4650b60936feba;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 20:47:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: VabInML1mfcQLIp29OWRNsixwfSWt0Wv9l7I-Ak7TdUHlNt2ZEVtPg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:21:36 GMT
age: 2039
etag: "56414a905340e1b1478a0a40a52b25365a724524"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7589 bytes)
Hash
06c6e720bc9900b38e88cd72f739603e
22884cbc78622d6f78c1c3397c9b440946144a99
8675d08e6d8ae5bdedbc7c7ce647f8c6e72cc457917b4ed1856c50b11c2fe88b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F20f7461d-18d1-4343-9ecb-d68d44ce1ee4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7589
x-amzn-requestid: 533d7650-cb21-4090-a50a-e205adad316d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: brr5zH4qoAMF79Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63748d0b-017f7bf4390eb124097af648;Sampled=0
x-amzn-remapped-date: Wed, 16 Nov 2022 07:11:07 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nwXP5jm9A2Cl3_-Lm194ycXkeClig1L9hwgUgE8i8NF-Vv2gNfj_4Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 15:03:51 GMT
age: 3104
etag: "22884cbc78622d6f78c1c3397c9b440946144a99"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8685 bytes)
Hash
2ed6b76d15fc8d6295acdb6fb47461d3
b8c928f93a8d82b48491448d811a95ad99dc6aef
de326836a9de677438b9ae724198e94348b0900c62817ff10de3677ce93fdae0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe35a8d1-e974-48d4-a8b7-1add4aa5d251.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8685
x-amzn-requestid: 66455cc7-83d7-4570-99f9-5fa838da947f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-IrAHwKoAMFUHQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee46-354d65e9609bc05647556a5a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: -9tZPsMl7i5hr0N1rwJdQBLiOImuEO12RDL0pcPNjf6t-LkRbPaN2A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:58:29 GMT
age: 64626
etag: "b8c928f93a8d82b48491448d811a95ad99dc6aef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7751 bytes)
Hash
472ceca597feefba355fbd65998977b7
f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a
e201f706ba38f04ef07d74a67eec187ad8b882027b96b0e4e700162f96da422f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55f882f4-a410-42f1-919d-e59d9058875d.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7751
x-amzn-requestid: 577947ab-4fbe-4b07-944a-2b65cf5ed6d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b4UE9GJ9IAMFVtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63799a1f-1a26961e20c88cd54a613ddb;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 03:08:15 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: QB2RJo7NR7FMDRC7fC9eLMW99KR7andopIeu4qi0yp_tihE0vtpkXw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 22 Nov 2022 04:49:03 GMT
age: 39992
etag: "f3f2e5a8d14e009d0eaa3d7637730c4c525e3a9a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10556 bytes)
Hash
0ab62c5a7c3296600de924eb0b283bc1
bc4a2dc43898e3fb78ba7301d8b09b280991d221
f2a4c0829a4fb9a585113ed358832d16470ec391035a302a8f3c4666172f02bd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d50a0d2-05bc-4c0c-8961-2b8cc49ccc8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10556
x-amzn-requestid: d2426c6d-5e78-496c-8649-0496a872b380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-Iq0GPVoAMF9bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637bee45-1ee6dc09394731cc4dbfc38a;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:31:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sBNLrVAl4G6pJ-OBZ6aJZC64MrkkGQdsuZKITQwcqgYgP6-GJiblfA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 21:59:20 GMT
age: 64575
etag: "bc4a2dc43898e3fb78ba7301d8b09b280991d221"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4639 bytes)
Hash
dafd9e17dc0023e71ae513c6025e4b80
12e2654db1f384bb04f5c5042848b25dda86b710
e9c885a102dc811648cec4ac292db63564e81a48d7a3611cb31fba73b37286dd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c73cec7-245a-480e-8dfe-cc11a12b2656.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4639
x-amzn-requestid: 8a93fa29-158b-4402-aac4-85ad29a74ae1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b-I6oELooAMFWFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637beeaa-5a85509b26d9aeef7ae59b4c;Sampled=0
x-amzn-remapped-date: Mon, 21 Nov 2022 21:33:30 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bmrDryUp_4bvIikGkppa36e9isEfvK0gjunV6xmU5ApJtxlLR_GYkA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 21 Nov 2022 22:05:18 GMT
age: 64217
etag: "12e2654db1f384bb04f5c5042848b25dda86b710"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

23.38.201.85

200 OK

270 B

URL HTTP/2
www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (306)
Size
270 B (270 bytes)
Hash
9cf5ca2c431300e3dd89ebd84b3a9659
4f3ee56b429dc14ea1178e68dc876f3300c9c9b7
861c3fe1bdfcc31ba857b0fa0daa64c0d9d6cda2b50ac27ed18286c6abade227

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
vary: Accept-Encoding
content-type: application/x-javascript;charset=UTF-8
content-encoding: gzip
content-length: 270
date: Tue, 22 Nov 2022 15:55:35 GMT
set-cookie: TADCID=Ex5v4kd6NIUHQJJqABQCFdpBzzOuRA-9xvCxaMyI13G1SJvCu93ngiFlNq6dwIqtpEz0UIzq2A8C8Idso09G3djHnBCfdJIkRIQ; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:35 GMT; Path=/; Secure; HttpOnly
__vt=kPRf5VdGMb2Ik2kjABQCIf6-ytF7QiW7ovfhqc-AvSGS6Ou3jAoQB0svJXY70lKg9YqRyURSHwo4CzAPg0Chr1CJfIem-ZgbD5yCjCcu9Xk0ewkBeBR8j8OOSqmbxnschFTQwU5nBsKLWM1QNWOrd4CFig; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:35 GMT; Path=/; Secure; HttpOnly
_abck=D6248C0604DC870C591D97A1EED54DF5~-1~YAAQBk8kF8zQVXuEAQAAQUgNoAjDFQLEduMP616XVaaxIB9uF9sVSJLYpTcxRuZlRDesuFmtuJO/RoMBsWg2IQmF1nTFE8WdX/36+hgU8WwNhQKNSyla5A0Z2CcTam54IuGBSQrolrryZ/+zXbhao9mjbRXzZ78vmz7EPVKrGTir5CpqCYAvrTJYXn3WW5ihWO0ZU+rCw4UXHzdztGc/MWowJuqIZZfpXJ+jajQS4t14cw2m7MGFSqJzZyc522Fq0ktLWxcBQSplSxN862gGdM74+Gwl9bsoT6hTwvczzkAAuMJaBv7Qc0jb+bV3/5WfgWI0y8r0vMyh6GLgjDuA9UTLGgoJpVuGMutUE6eXsLlsS0G3SwVodWEJbQ93a9u/x4c=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 22 Nov 2023 15:55:35 GMT; Max-Age=31536000; Secure
bm_sz=B024DDB20E536E71B94D6A9506DDF4D0~YAAQBk8kF83QVXuEAQAAQUgNoBHzk1yUVDDlmOk7N1bH6HvmpIXwq2MqHemphvHoYvH2JMpRnSmzU2rce1HFI5v0tLPywk74fF8SU+eWoUnhmnvAwjr9pc1/sIhIVRgKbru2T/mw6RyoDBaMoXLzPrsAYQl3Rgn9vLZMIeXxMOUFZMXiAeVt7jpoV8EPeRGdiCjC3WpCzQmFfSpx6GoNuLF6D477NFqjWf9F51MHhcqaRas+PtXoVLNJZ2NsBSX78NU9UtVC3tT3ItyQxE7FGWtSaWSfy0u1zK5pIXSZicZSiDQyrGJkwQ==~3621937~3616823; Domain=.tripadvisor.com; Path=/; Expires=Tue, 22 Nov 2022 19:55:35 GMT; Max-Age=14400
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png

23.38.201.85

200 OK

6.7 kB

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 336 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
6.7 kB (6689 bytes)
Hash
94e8c1fd1a7fc695af3d4e0ee15999d2
687f1c33739b9b64832a90876b7fcfed46f5c529
5e3adb4d54bcbc57e019efdf0a413ee8631470c53a2a23e7cf276fbe1bdef6c6

HTTP Headers

GET /img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 23 Nov 2022 03:55:35 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/png
content-length: 6689
date: Tue, 22 Nov 2022 15:55:35 GMT
set-cookie: TADCID=lwc1iD_UArneTgEuABQCFdpBzzOuRA-9xvCxaMyI13G1SHGWDoo8IMX3tRd96zixudQSAGNz1-uCOLNgjLWid5ZuqJpCjfwsudY; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:35 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A4GpBN2qRxork7nWhzVPS6shGd0grv0wJq8z7TEDb%2FeA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:35 GMT; Path=/; HttpOnly
__vt=6KPqQFvvegPDLglTABQCIf6-ytF7QiW7ovfhqc-AvSGS6AVnjJ_i4JZHsLYKg7NskR_IdKZhUlZvAda-BFu6W6J8YJqS2YqBuJD5Vx1kLIQbP7i8rxpiweTFPou3_G6S6-Jh4DeGyecl_KNeKx8_S6_4Qg; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:35 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.0C540DB3F18B024C83668E6CAAA73BFB*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=X; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-11-21; Domain=.tripadvisor.com; Expires=Sat, 21-Jan-2023 15:55:35 GMT; Path=/
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1

103.50.162.157

200 OK

6.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (28996), with CRLF line terminators
Size
6.7 kB (6743 bytes)
Hash
7213a021dbfa18b6ab789d989851a85d
71b427dfe5f56d60224aec1701d6f28f1443b18e
e917493cb9c90fd02626a3e4762d6ae81ebdb7a2d7c4ee58f1ccc970c72c301f

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2017 12:33:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6743
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3

103.50.162.157

200 OK

3.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (11263), with no line terminators
Size
3.1 kB (3051 bytes)
Hash
51c75ba5a9163d96efde16b2702385e1
a7562e7da4ccca3b2a3788eb96e3d962aa2eace7
13167fe3f53391caa833d40793f29d744e995a09990722c71627de0d91de8bdd

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 27 Mar 2021 05:10:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3051
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8

103.50.162.157

200 OK

4.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (566)
Size
4.2 kB (4235 bytes)
Hash
2cd208e374b2cfe6ef4a6b635763f557
213b7d514e751ec2dd0732943d5329c559f7945d
658a4d4dda5ecb6f50e80dc35818551fcdc895d771b1ca33df0ca5ba2d791250

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4235
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1270 bytes)
Hash
236b893cd98b54dcb08404e1528e0b1f
1d37376aa3654fbdc995bdb3364f514623fb1860
865643694d61d92f91d3a361cb2a74da85a5e04869ae789ab583e2d81e8c1bf6

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 07:24:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1270
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8

103.50.162.157

200 OK

2.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (5151)
Size
2.5 kB (2542 bytes)
Hash
fd9c26ea2ed860f8ad3c2b5c5acde541
f5e4ed76ae73cca96cbdb5c022e4dd818c14933c
81795e3474e0377e81da01f5e3f1261cf2ec7563cec0e842dfd0ade2acf7042c

HTTP Headers

GET /wp-content/tablepress-combined.min.css?ver=8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 10:11:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2542
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1

103.50.162.157

200 OK

9.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (484), with CRLF line terminators
Size
9.4 kB (9390 bytes)
Hash
1a00aae64e3669cbb6f7f4da1b2093f4
3dd8365cc3010850be912c02402a6a1a6cdc316b
8a1696e586703108bcf0b7d5e4b29a4dc44f560db077aca88e4105a2dc3d6844

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2016 13:57:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9390
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

103.50.162.157

200 OK

5.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (15660)
Size
5.3 kB (5321 bytes)
Hash
710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 25 May 2022 00:19:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png

103.50.162.157

200 OK

2.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 144 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2194 bytes)
Hash
fd24547c88cf7fa5f1c58c0dfad6d4b7
e07b978e1e901c9ee6c6b8799f541f68a7ae7753
323e547899c863adfb3f0ae96d7e6c7ccf147a425653d29a7b6c68132798b5a0

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 09:42:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2194
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png

103.50.162.157

200 OK

1.6 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.6 kB (1641 bytes)
Hash
e876c7268acd72c8475b7d0c2534162c
83cac186c0ebc22bbd94e4258d3b9f89bfdd93e0
6f0b5cf3682fa65fa3abc8de286e2cc8a2335b4f13b617ecc8e7e1b4c78bc697

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/img/avatar.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:23:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1641
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1

103.50.162.157

200 OK

7.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with very long lines (14856)
Size
7.1 kB (7080 bytes)
Hash
25ff635e4eac54a25b43a6678c0ac374
dca3ba9f3acfe4641ff899e00777f8ce21a47353
9f0a810379d2839d367899bffce144a24f2e0401f5ee036a8ff9d235ab8d0abc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2016 13:12:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 7080
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1462 bytes)
Hash
00995660effd64403d80003b82cb91f4
a3e2d1b5751946e79f0deaa51e46d4a9cf2d7d53
1c08cf5a927fc42729c530e44ff2fe003ec0ad2f757f9d7fa1c169e3b65f92ce

HTTP Headers

GET /wp-content/uploads/2021/02/google-review-ico.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 20 Feb 2021 05:56:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1462
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1453 bytes)
Hash
9f96c4202ffbe12fb4d7bd331cd76ec1
3bdd87b1bd0f76c7443f5e423956408eed3a3860
f7ffe7691ac1cf2ef7d64a5ad72d632e39d5b54ece90f2e5051d09de6a9d6476

HTTP Headers

GET /wp-content/uploads/2019/11/facebook-review-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:25:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1453
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1530 bytes)
Hash
812a8ca3bfaf6470c1df6440236656a3
e9834f19e6680485977881875c5f56a27f81f415
a56e486cba71dd18706fb0616851a458d044b6e779b8e8d29b4ce6f134d0163e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 10:55:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1530
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png

103.50.162.157

200 OK

4.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4728 bytes)
Hash
0ff5cfc35d1d8041d820059e9fa17d10
83cf1c59fc31fec116c65d0ac5c1058415cb87fd
f5e95693cd8f040b5d1af4d6f3b22d4718f9dc1ab1f89d514e18514dc925b12d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4728
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1

103.50.162.157

200 OK

14 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (32003)
Size
14 kB (14315 bytes)
Hash
90b602e96dc8686ce38d4716c58e7284
701fb82d49244c5ebc04414adee026021f3a251e
d390d1917f2110b49e28e8f78523b3d72c333ef332f4759501e37d1113e92625

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2015 19:34:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 14315
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1

103.50.162.157

200 OK

1.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.8 kB (1845 bytes)
Hash
d0681317b0b8f966b7285bdc2aeae277
a6240b58e048482b676e00e2d7ef33c2f9ea4145
efcc620e18e485ac4c40d4bc54d7927a5d2a901dcd43d452fff0b67f18a7650e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/main.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 May 2020 07:16:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1845
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png

103.50.162.157

200 OK

3.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3084 bytes)
Hash
3001ee7b4b2e6d4f72a8c15e833dc94e
7a4e50c47588cd3dbcb0dc37493ffea19048ca19
3f1f1f4cc42a985635913435111a836e7d35773ac94b8308c8a92018ef6b01b0

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3084
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1338 bytes)
Hash
051b85ffbfbffb06086f46ee3d10d64f
2c482cbf5506b08adfb85e3eac90efc92c1f4bda
c5ca6532d1dd7294a3745bf288c552474bb264bc1e2d913af09f26405cdd69e1

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1338
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1

103.50.162.157

200 OK

2.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (4991)
Size
2.1 kB (2142 bytes)
Hash
7709d149d74f9f8672bc2634ae80854e
7c47e83c1c8a31fb4cdef3a045960801bbc09f9a
f6c020cfd458ba4f998e07401853518cf27d27e9841de43d4bfd78e6b59bcafa

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2142
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png

103.50.162.157

200 OK

3.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3770 bytes)
Hash
9eb77fc94de44ca81098297eafa71267
e5f706259e39b76cf62aa9f0e4f8c928cc31173b
72cb50ae5802da4c1ae2b84eec4e6930405d132e676b0b6597d24b413804ff4e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3770
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png

103.50.162.157

200 OK

3.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.4 kB (3442 bytes)
Hash
64d8e2b9d3c9a5d91014879ac7e19b1b
4511e9bea60d232d0a25cb120708764aeac63284
28e7b2c026d1adc94d152b8e50dedca32245d43476a70bdc26e679e2b162948d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3442
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png

103.50.162.157

200 OK

2.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2702 bytes)
Hash
e036f9dbd0e59aaf0f1d0d86d599a3b7
3908447e6f5e97b3775073f0fec276f13c484f56
8ca083d7f6a3b34b391ad095b185e99c6cfaa07ce6219aea09d504ecab0202c8

HTTP Headers

GET /wp-content/uploads/2022/07/site-icon-e1658727344127.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 05:35:44 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2702
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.195

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Nov 2022 05:42:51 GMT
expires: Fri, 17 Nov 2023 05:42:51 GMT
cache-control: public, max-age=31536000
age: 468765
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ed3ae8e878b9c8c9c5fc3ab22d8547d6
e4d08dc74fa84a3bcc9d442e225e8f7a6c124822
e135b6fb23500cb2edbf836719ed450cdb6b1e86b7c8491289cb4e1ccbd9ce84

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US

23.38.201.85

200 OK

3.6 kB

URL HTTP/2
www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.6 kB (3563 bytes)
Hash
52dcb4a0b018bccaa7dc2b2efedd45f9
6e33f1a5296e17d965273c2f5d5c835b74a8335d
51ddb24490cee70682ccf5c8130bbe5e0d3f41c197f41f0e036468aa48dcbfdf

HTTP Headers

GET /WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
vary: User-Agent,Accept-Encoding
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
content-type: text/javascript;charset=UTF-8
content-encoding: gzip
content-length: 3563
date: Tue, 22 Nov 2022 15:55:36 GMT
set-cookie: TADCID=POORvB4Jthn0yy-HABQCFdpBzzOuRA-9xvCxaMyI13G1SI6ofQiNdmZMI2lme2fQZ-9UDKKy6q-PGHLW2V7-O6aGVbzWehg-HR4; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:36 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A1kPry8eFFZLk7nWhzVPS6shGd0grv0wJOO17WNttDTA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:36 GMT; Path=/; HttpOnly
__vt=LEbfO6FkEhLsQVe2ABQCIf6-ytF7QiW7ovfhqc-AvSGS6B_V_AYRbNyKBos0GQNXqpQ-59KnftFKp7xKGQ2hJ21x3JTqQh9nruPILuqekXMmaTORJbjsvpIrIWrmfIRRJ1L1ydDM8ASsz1GhToyJ8rk2W9U; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:36 GMT; Path=/; Secure; HttpOnly
TASSK=enc%3AADiOBIouCEe7XStxJ2y8R%2Fpd4NUuSf62lSlD2hGz0NkftRcnuZyrqf4iPfbG%2Bs9ChJ2HOwgRc7DHxLNS%2BWEwE0fmqcMX7x8ZRPxfskkn8JB5xD4A5qWzPYQltN5dei%2FfeA%3D%3D; Domain=www.tripadvisor.com; Expires=Sun, 21-May-2023 15:55:36 GMT; Path=/; HttpOnly
TASession=V2ID.167CD1086E8C4E2DB29E1E93E4E5475A*SQ.1*LS.WidgetEmbed-cdsratingsonlywide*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*DF.0*TRA.true; Domain=.tripadvisor.com; Path=/
SRT=TART_SYNC; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:25:36 GMT; Path=/
ServerPool=X; Domain=.tripadvisor.com; Path=/
PMC=V2*MS.50*MD.20221122*LD.20221122; Domain=www.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:36 GMT; Path=/; Secure; HttpOnly
TART=%1%enc%3A5O51oc1T0uq7r9cpQKTo2WnnXKXWQMO7m4Rh133BbMiLabzC3aqBUUlg1NvHsbj04ieoPdYMDDY%3D; Domain=www.tripadvisor.com; Expires=Sun, 27-Nov-2022 15:55:36 GMT; Path=/; HttpOnly
TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3*RS.1; Domain=.tripadvisor.com; Expires=Tue, 06-Dec-2022 15:55:36 GMT; Path=/
TAUD=RDD-1669132536810-2022_11_22; Domain=.tripadvisor.com; Expires=Tue, 06-Dec-2022 15:55:36 GMT; Path=/
TASID=167CD1086E8C4E2DB29E1E93E4E5475A; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:25:36 GMT; Path=/; Secure
_abck=8B98959F2C824CFE81AAD69E2FB30498~-1~YAAQBk8kFwrRVXuEAQAAP0wNoAjpecIMbKZ6Ywuf/H6FkxytZ+mv1fkfeXQnnJfAexc9ISxLMxZqZCjeLDf28OaLDuwUyYiQLdg18nTMkTGgpXxAmNMEG87IBvF+MzywLU9zKRXCi7h1Jn5EujULCCQPKsfBPEoG+AFXAW/Kj/2hTyIL37IXtsaIMr6nVYuqJ8fs4Vwg/Tdz454McU5Y6sxkmtdv3jJeEUrnK4XkOiNdAc8CKC7BQ7bgxLQGexsMXEdOy+VoMX3OP7frddGFxA2pg7lwE2hqhB6PmS5j6NpT0c9LZIJ8SIiexXHWsMkc8AwGM8WY284bNIloQkeMha/zS+p5ap4LYvTIBxvznY1AQ8FSnO4g3JCcPP16OQTrnVI=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 22 Nov 2023 15:55:36 GMT; Max-Age=31536000; Secure
bm_sz=755E05C371677F8E4FE85FB499F04413~YAAQBk8kFwvRVXuEAQAAP0wNoBHMuWiS0ch5c528k/GGvcVu9xlTv85unF0O87TnYIrLMR9A6yd/vs0qXLm/9du2x56EM63/2iDUv9Got/CKAhLWpHnxEDIMYJ3oKwdr0mYKebtHmIK2wnq+MDaNt30i8F/8w7+Mq8YMBppgmMFUqASUuT+OIfqxigbHSUPaYG5+4yz1GR7NypILlw41MnFndyOLt+kqr9wq5rgW9XU3nEfBx5vp6DrwwdVrtHfnNCdXgCINXF+VHRS31hzDy7crcbtvyTRyVnzmG7Fb/vYCJAL7HqiGcw==~3422260~3621940; Domain=.tripadvisor.com; Path=/; Expires=Tue, 22 Nov 2022 19:55:36 GMT; Max-Age=14400
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/2764.svg

192.0.77.48

200 OK

368 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/2764.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (368), with no line terminators
Size
368 B (368 bytes)
Hash
0483f2b648dcc986d01385062052ae1c
61bd815f1497863265a76d92623042835e5e7fe2
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

HTTP Headers

GET /images/core/emoji/14.0.0/svg/2764.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:36 GMT
content-type: image/svg+xml
content-length: 368
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg

192.0.77.48

200 OK

941 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (941), with no line terminators
Size
941 B (941 bytes)
Hash
e55f552bd0b1cf368b466422408c8401
bff73dd8aa8fef9a186be5834886f86e39e63cb3
e17d4d0339ce34ba1ee3274fdc98a1bd5ca4a8f309861b63b746970a609d7d63

HTTP Headers

GET /images/core/emoji/14.0.0/svg/1f60d.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 22 Nov 2022 15:55:36 GMT
content-type: image/svg+xml
content-length: 941
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

404 Not Found

111 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
111 kB (110925 bytes)
Hash
d062e2cf6f035ba043a7fd582d9f4b00
f085c5a86e9630a740163cd8acb029b22e00a7c9
d74b56c513677ed0251aedd3dea5ebbecd56de5c22ae6f5d7d3db7dd92b79971

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css

151.101.86.83

200 OK

5.1 kB

URL HTTP/2
static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
IP
151.101.86.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (26406)
Size
5.1 kB (5137 bytes)
Hash
0161b3d4a3adb9245e5ac72965dc125d
f19742a7ddbd8145d2a89bd58e1417c7acad59fa
d8405c798647de03dd223c06c49f8c97d3b6e96f1ba44461cd6e60b78660f5cb

HTTP Headers

GET /css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Thu, 25 Aug 2022 11:31:45 GMT
cache-control: max-age=31536000, immutable
expires: Thu, 07 Sep 2023 00:49:56 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: text/css
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 6620740
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 1065
x-timer: S1669132537.085558,VS0,VE0
vary: Accept-Encoding
content-length: 5137
X-Firefox-Spdy: h2

static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js

151.101.86.83

200 OK

4.6 kB

URL HTTP/2
static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
IP
151.101.86.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (13794)
Size
4.6 kB (4647 bytes)
Hash
08ebca29872d38bac5db15e89842ce54
1aa1db2be2f0d6538ca2d5aa8696391256eda62a
b1637b545eb89a5142710dacaf4e0b9c7e8af380acccbc9fe1678d26b4074ff0

HTTP Headers

GET /js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 17 Nov 2023 23:42:26 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/x-javascript
content-encoding: gzip
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 403990
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 3687
x-timer: S1669132537.085936,VS0,VE0
vary: Accept-Encoding
content-length: 4647
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0a5ad626d1ba8ddd7c0d24d20b7a0eab
2a098b38e5c91e4b3e6e92a567d36aa1c136ed39
f8e0672f400ed58bf505419f3b5b0ce9f78ae8087c905319d8830be950e1931b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 22 Nov 2022 14:41:08 GMT
expires: Tue, 22 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4469
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

142.250.74.163

200 OK

163 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (730)
Size
163 kB (162976 bytes)
Hash
79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 22 Nov 2022 05:54:54 GMT
expires: Wed, 22 Nov 2023 05:54:54 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 36043
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72d50acad831beb6384250b4be217004
4c63b5d7120df90dce65d1d9a449e0779916cd86
948ea04f802c71a04d3a7f3e5a056b195b99d7e4b346b1b2e8afb53fd537b642

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=120690
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Etag: "637c0fe4-1d7"
Expires: Thu, 24 Nov 2022 01:27:07 GMT
Last-Modified: Mon, 21 Nov 2022 23:55:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg

142.250.74.33

200 OK

338 B

URL HTTP/2
lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
IP
142.250.74.33:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
338 B (338 bytes)
Hash
36f4c583b5b07b9a2dc6ff8475c01140
aec7344593dd0eb2720ea38e8f4e8c1ebbb14a6b
91f5ccaee89c9e29a27400e61f0ca916976b92bb63ba3f4c894e1a24c7095cfe

HTTP Headers

GET /-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename=""
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 338
x-xss-protection: 0
date: Tue, 22 Nov 2022 14:56:18 GMT
expires: Wed, 23 Nov 2022 14:56:18 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
age: 3559
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/sdk.js

157.240.200.14

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1685 bytes)
Hash
a6b2f70df30f8909e81614d1258008dd
bd82488f8c8c2c478907dd4524deb12f81c3eaa5
df66f47fd44cc140265ce8fcf07d54aeca6908733751439b61f31c1231a2a976

HTTP Headers

GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 299de1edb23311b9c4f5f92417686bcb
etag: "79bf67d8c311ba34adfc243e7d17eea9"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 22 Nov 2022 16:08:34 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: prL3DfMPiQnoFhTRJYAI3Q==
x-fb-debug: R96eawi5Jk8byV2+ivmofB5t5S9aafAIpv+WYksf54MbITI6OFHg+P0Bgkie4QmsHhFbmfMLD1/V2VKhCmfP4w==
priority: u=3,i
content-length: 1685
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.2

200 OK

970 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.2:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2131), with no line terminators
Size
970 B (970 bytes)
Hash
8adb091a776a167adbc6b0f76019336a
1a35726c9792fd4697bfbedba2327e4350607135
aa4ff7c985eb6563c56774a0ef4809929728569e593c4761cfe1fc2308985508

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1669132536913&cv=11&fst=1669132536913&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=2017814777.1669132537&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 970
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 16:10:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1

142.250.74.2

200 OK

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP
142.250.74.2:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 22-Nov-2022 16:10:37 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

connect.facebook.net/en_GB/sdk.js

157.240.200.14

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_GB/sdk.js
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1686 bytes)
Hash
f01ed6335c3f88336d365393c6a2bd2a
96acec5449c01eb76ee8e2714f8137346519b386
8a248fdb7be092ae95c4b08a92ea5b5a2e1c5a8b9dfe6a51d0e52ff059efc3cd

HTTP Headers

GET /en_GB/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6c95143c980a350ba38643e3d8e0fa41
etag: "bbe0b5e84c0aab025daac2ab6853f798"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 22 Nov 2022 16:03:40 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 8B7WM1w/iDNtNlOTxqK9Kg==
x-fb-debug: A5VtVOR6OotXX2+ibAg8zVy+ZWUnrr4L1ycwgVyr7UyU6bks1OISASnbovMtMkYFvxO3ZaJZ9kHibCdBuhczdQ==
priority: u=3,i
content-length: 1686
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0a5ad626d1ba8ddd7c0d24d20b7a0eab
2a098b38e5c91e4b3e6e92a567d36aa1c136ed39
f8e0672f400ed58bf505419f3b5b0ce9f78ae8087c905319d8830be950e1931b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1&z=1505278010

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1&z=1505278010
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1&z=1505278010 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
461760f30678f8aa3ad801eb88dc59d9
7b3c33ec99c429ad19918895014e309ca947f31a
fe8c62f7c90fa17a3d286b4abc0c8d7aa338d26aa4724d0d5dbaaab7b889b382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
72d50acad831beb6384250b4be217004
4c63b5d7120df90dce65d1d9a449e0779916cd86
948ea04f802c71a04d3a7f3e5a056b195b99d7e4b346b1b2e8afb53fd537b642

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5511
Cache-Control: max-age=120690
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Etag: "637c0fe4-1d7"
Expires: Thu, 24 Nov 2022 01:27:07 GMT
Last-Modified: Mon, 21 Nov 2022 23:55:16 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

www.google.no/pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10952182701/?random=1669132536913&cv=11&fst=1669129200000&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2682773683&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0

142.250.74.35

200 OK

63 B

URL HTTP/2
www.google.no/pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/10952182701/?random=1669132536923&cv=11&fst=1669132536923&bg=ffffff&guid=ON&async=1&gtm=2oab90&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=2017814777.1669132537&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
dc18476a17e787dc0700f3ee8dc99bcf
4db3ef7edb2683d8141280b9dd780ce4375e3c0f
4082538731e62eb96bd62690e973875ef9e3048432a3a849d7bedd37872b79ca

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 22 Nov 2022 15:55:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.clarity.ms/eus2/s/0.6.43/clarity.js

13.107.227.53

200 OK

55 kB

URL HTTP/2
www.clarity.ms/eus2/s/0.6.43/clarity.js
IP
13.107.227.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (55029)
Size
55 kB (55116 bytes)
Hash
441723b72633b1ac9757ad7c63168005
806166ca9ebb5839dd90a5e5c9335e3e0b18c169
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

HTTP Headers

GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 55116
content-type: application/javascript;charset=utf-8
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8fceb15c2864c"
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+fB8YwAAAAAbEG33kRNOS7PpNUVjmnLWT1NMMjMxMDUwMjA0MDA3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Tue, 22 Nov 2022 15:55:36 GMT
X-Firefox-Spdy: h2

connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9

157.240.200.14

200 OK

88 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9
IP
157.240.200.14:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
88 kB (88359 bytes)
Hash
521af6e8e497a101cdce0ab633a5ef9d
9a86cde9bc4411584cd0aaebe702503897e67064
6c1ae888d87e652553e8013068cf7272e14d9ab49e6a6aa8edd5c61c6860d92e

HTTP Headers

GET /en_US/sdk.js?hash=0d54bdf24b7f5289ee388cb4ceabf6a9 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 716687a6098218ca2dde368f4255e3cc
etag: "8769844141bcb0e280eb2ab9e0bfe8b8"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 22 Nov 2023 13:33:53 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: Uhr26OSXoQHNzgq2M6XvnQ==
x-fb-debug: ezTv7HqR0+WSmuuZ9AyWzz9m5vlErMcZxfrNxQBK0u09SKR0Fm7GnYU8ywFZduUGVzE9W4TIAFiWO+SJ6s6+Wg==
content-length: 88359
x-fb-trip-id: 1679558926
date: Tue, 22 Nov 2022 15:55:37 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.88

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.88:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
32a447aac604d3442ba188530013eaa2
0f4427ede986e900318c3d4027f53d3616ee9039
2757d808ed6469910604a8688b9eb624213f2d6917fbdb64d99fb845623c2624

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 22 Nov 2022 15:55:37 GMT
Last-Modified: Tue, 22 Nov 2022 14:36:09 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NZPfndMYslZqbBE-NrZL2Fn5xTsJWrK3_GvVDMhchemUv3tyxkcttA==
Age: 4768

l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en

18.193.55.12

204 No Content

0 B

URL HTTP/1.1
l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
IP
18.193.55.12:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 22 Nov 2022 15:55:37 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive

buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js

54.230.111.117

200 OK

763 B

URL HTTP/2
buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
IP
54.230.111.117:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (763), with no line terminators
Size
763 B (763 bytes)
Hash
d561e09722a4e9a9aab1f41b2c7f9be7
050d4da83989f4a5a65e5293ed8ca2cfaaf91502
c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9

HTTP Headers

GET /js/5a3603310c3a12001239de22.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 763
last-modified: Mon, 18 Dec 2017 11:52:59 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 22 Nov 2022 15:55:38 GMT
cache-control: max-age=60,public
etag: "d561e09722a4e9a9aab1f41b2c7f9be7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Wu3i3lJ_YvsBgRKfNV3CYQ3rsVRTI1OJNBS8K7kJ0YVze95r1DjzLw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023

151.101.86.83

200 OK

26 kB

URL HTTP/2
static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
IP
151.101.86.83:0
ASN
#54113 FASTLY

File type
Web Open Font Format (Version 2), TrueType, length 26252, version 1.0\012- data
Size
26 kB (26252 bytes)
Hash
2d0c909fe09ed8ef77056363d8963d2e
f81b7dc1acf5a2c25e46a893be5fe09622716d70
b182c7fce760e8851d7e91095237ff86a4f7036c78ddf4107ead869ff2f3502a

HTTP Headers

GET /css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023 HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://static.tacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=2592000, immutable
expires: Thu, 22 Dec 2022 00:44:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff2
accept-ranges: bytes
date: Tue, 22 Nov 2022 15:55:37 GMT
via: 1.1 varnish
age: 54668
x-served-by: cache-bma1675-BMA
x-cache: HIT
x-cache-hits: 3
x-timer: S1669132538.760063,VS0,VE0
vary: Accept-Encoding
content-length: 26252
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oeb90&_p=628809050&_gaz=1&gdid=dZTNiMT&cid=2134576247.1669132537&ul=en-us&sr=1280x1024&_s=1&sid=1669132536&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1

142.251.1.154

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1
IP
142.251.1.154:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&cid=2134576247.1669132537&gtm=2oeb90&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 22 Nov 2022 15:55:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png

103.50.162.157

200 OK

58 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
58 kB (58382 bytes)
Hash
b98a259e7ff77c66f450295ebb5e0797
21f52b10db38256d365902c7c3c86a7427abef17
2cf3476b669e2274a11b9d2e0c174fbbf4dc212d795f7e01ba95d492bdef79dd

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:13:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/email.svg

54.230.111.19

200 OK

343 B

URL HTTP/2
platform-cdn.sharethis.com/img/email.svg
IP
54.230.111.19:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
343 B (343 bytes)
Hash
5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

HTTP Headers

GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 24 Oct 2022 02:44:38 GMT
cache-control: public, max-age=2592000
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iSkRUuUA7KCsQYIARBvy_tGbovBQNEZabZWTB-euLw3o3C6DUihm4g==
age: 2553060
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/pinterest.svg

54.230.111.19

200 OK

771 B

URL HTTP/2
platform-cdn.sharethis.com/img/pinterest.svg
IP
54.230.111.19:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Size
771 B (771 bytes)
Hash
2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

HTTP Headers

GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
date: Sat, 29 Oct 2022 01:10:18 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ToqgJGoxkd02wk8-Vi8mMryn6D7DmLNB5J6B9F_xhfJmVG-zybUjJg==
age: 2126720
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

103.50.162.157

404 Not Found

40 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
40 kB (39760 bytes)
Hash
84f08245b615693aaea80b18ec92401c
1abc3d4f703ee94e47f06d1c4d63943f822b131e
4a75085ccc7e0a84fe2a62b7ff3f24eb698518b33e0d5978c23e6f997a4b48de

HTTP Headers

GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/arrow_left.svg

54.230.111.19

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_left.svg
IP
54.230.111.19:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

HTTP Headers

GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 25 Oct 2022 10:31:58 GMT
cache-control: public, max-age=2592000
etag: "b55d8d2b9321e381a3c38a4bddb74037"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LmMpD3TiWclznhvCzFhed_RshboijwtqD2ZeLN7Rm1j1emdatmxT0Q==
age: 2438620
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/facebook.svg

54.230.111.19

200 OK

301 B

URL HTTP/2
platform-cdn.sharethis.com/img/facebook.svg
IP
54.230.111.19:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
301 B (301 bytes)
Hash
c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

HTTP Headers

GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 03 Nov 2022 15:33:17 GMT
cache-control: public, max-age=2592000
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uTfrnfB4zzkAYpu6uAb_wggKUNWTRdWDUr9HXVqSgvA0uC9lpopteQ==
age: 1642940
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

20.234.93.27

302 Found

0 B

URL HTTP/2
c.clarity.ms/c.gif
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=2956AA964078686D0E6DB8F24478665B; domain=.clarity.ms; expires=Sun, 17-Dec-2023 15:55:38 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 0
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg

23.38.201.85

200 OK

2.3 kB

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.3 kB (2315 bytes)
Hash
bf29758e41903e1fabdc4a19c89bac9b
1ff70aca18e5d207268b7888d56ab2a897909ff8
6936f35bf6375797c7d4a526dd6bfdf2a5f3d0dfb4e4d1e9e292ce31bc45702c

HTTP Headers

GET /img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 23 Nov 2022 03:55:37 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/svg+xml
content-encoding: gzip
vary: Accept-Encoding
content-length: 2315
date: Tue, 22 Nov 2022 15:55:38 GMT
set-cookie: TADCID=csXMTIqll09-A4_AABQCFdpBzzOuRA-9xvCxaMyI13G1SAKs-Qsgbk3QLKufuUAr_497mVa3LaWqwqO4GvAYL17QrCObv1_FRXc; Domain=www.tripadvisor.com; Expires=Fri, 19-Nov-2032 15:55:37 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A3eo7X2C%2Ft9Tk7nWhzVPS6shGd0grv0wJiuXZBL4OvrE2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 21-Nov-2024 15:55:37 GMT; Path=/; HttpOnly
__vt=ICDBsh-BMFq0lnDPABQCIf6-ytF7QiW7ovfhqc-AvSGS6MIhNddj6MW75MKdc51dKD2siZ3NklPYhv0dr9XyU8DXIh27tTnuTGAOrpAKsc1AS4qUu8SdcKGSTThQ2WMGfsRBFdgSNHg_f7AgRVbgP9d-KQ; Domain=www.tripadvisor.com; Expires=Tue, 22-Nov-2022 16:55:37 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.BC6A938353F8481F478AEF85161EE4D5*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=A; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-11-22; Domain=.tripadvisor.com; Expires=Sat, 21-Jan-2023 15:55:37 GMT; Path=/
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 808
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:37 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png

103.50.162.157

200 OK

11 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11430 bytes)
Hash
e10502927cb3f23b202e7cb82fc07796
64454b2191829153b92a11424ab3765832d63f0c
73bed124aa35379906624895beca4c6853d2c3933ab334dc04ff958c4bcaf16a

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-192x192.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.2017814777.1669132537; _ga_KLTY4E3YBY=GS1.1.1669132536.1.0.1669132537.59.0.0; _ga=GA1.2.2134576247.1669132537; _gid=GA1.2.108769051.1669132537; _gat_gtag_UA_233581752_1=1; _clck=1jqgblx|1|f6s|0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:38 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11430
content-type: image/png
date: Tue, 22 Nov 2022 15:55:38 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png

103.50.162.157

200 OK

1.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1373 bytes)
Hash
66bca48be9ab9ade409124603161521b
e7302b18db5561118e775c33943be87b774e45f2
301f6b6efef20378c0c2f98586c9f73a05bfb0db528a4e4c41c6fd239a74da5c

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-32x32.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.2017814777.1669132537; _ga_KLTY4E3YBY=GS1.1.1669132536.1.0.1669132537.59.0.0; _ga=GA1.2.2134576247.1669132537; _gid=GA1.2.108769051.1669132537; _gat_gtag_UA_233581752_1=1; _clck=1jqgblx|1|f6s|0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:38 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1373
content-type: image/png
date: Tue, 22 Nov 2022 15:55:38 GMT
server: Apache
X-Firefox-Spdy: h2

count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe

54.230.111.84

200 OK

176 B

URL HTTP/2
count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
IP
54.230.111.84:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
176 B (176 bytes)
Hash
b658a5a578c8434f6f5dd7dea671c0fe
c126e491ef71e7c0565501d8d6f615e8cbfc2b74
52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34

HTTP Headers

GET /v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe HTTP/1.1
Host: count-server.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 176
date: Tue, 22 Nov 2022 15:55:38 GMT
etag: b658a5a578c8434f6f5dd7dea671c0fe
cache-control: no-cache, no-store, must-revalidate
apigw-requestid: cAqXFgjZIAMEc0g=
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 487ctJFrkODurK0drb-TPLWdx5iQmlbixjsyCHSEV0_xwiXAQehx7Q==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B

13.107.21.200

302 Found

0 B

URL HTTP/2
c.bing.com/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&RedC=c.clarity.ms&MXFR=2956AA964078686D0E6DB8F24478665B HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=15039833ED8D6F741FBB8A57EC786E1B; domain=c.bing.com; expires=Sun, 17-Dec-2023 15:55:38 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D73B4AA39CAF4ADAB87B3772E8854DA1 Ref B: OSL30EDGE0522 Ref C: 2022-11-22T15:55:38Z
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B

20.234.93.27

200 OK

42 B

URL HTTP/2
c.clarity.ms/c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?CtsSyncId=C64F2F1E29C94FA1B84E883358A15268&MUID=15039833ED8D6F741FBB8A57EC786E1B HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Tue, 22-Nov-2022 16:05:38 GMT; path=/; SameSite=None; Secure;
date: Tue, 22 Nov 2022 15:55:37 GMT
content-length: 42
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 114245
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:38 GMT
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1054
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Tue, 22 Nov 2022 15:55:40 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 16 Nov 2022 00:19:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 27 May 2020 07:53:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/apple-touch-icon.png

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/apple-touch-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/hello123/apple-touch-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:37 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/06/Favicon.png

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/06/Favicon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/2022/06/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:09:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:37 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:37 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:36 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/hello123/sw.js HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 28 Jun 2018 10:17:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

platform-api.sharethis.com/js/sharethis.js

143.204.55.106

200 OK

0 B

URL HTTP/2
platform-api.sharethis.com/js/sharethis.js
IP
143.204.55.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Tue, 22 Nov 2022 15:50:20 GMT
cache-control: max-age=600, public
etag: W/"30217-4R/x1mcbHYoN8J5L8eO1d9Nv/qY"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e3yc6d-8rf_FUrkX4zPn3KkAj5k8L2sSgzwufboj32KJ6tKkJ11WAw==
age: 317
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/main.css?ver=6.1.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 04:28:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:400,600,700|Raleway:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 22 Nov 2022 15:55:36 GMT
date: Tue, 22 Nov 2022 15:55:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.clarity.ms/tag/80x2itprfu?ref=bwt

13.107.227.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/tag/80x2itprfu?ref=bwt
IP
13.107.227.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag/80x2itprfu?ref=bwt HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=8ac7aced6e0542ea955852736805fc3d.20221122.20231122; expires=Wed, 22 Nov 2023 15:55:37 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
x-cache: CONFIG_NOCACHE
x-azure-ref: 0+fB8YwAAAABO4Eol3iOxS4mtjpTJZfXDT1NMMjMxMDUwMjA0MDA3ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
date: Tue, 22 Nov 2022 15:55:36 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/2021/08/WhatsApp-Logo.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 10:40:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 22 Nov 2023 15:55:35 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 22 Nov 2022 15:55:35 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations