Report - heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

Report Overview

Submitted URL
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2022-12-09 20:34:00
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	21 kB	142.250.74.46
region1.analytics.google.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	827 B	569 B	216.239.32.36
l.sharethis.com	4794	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	873 B	407 B	3.121.117.121
www.clarity.ms	1404	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	774 B	1.2 kB	13.107.246.53
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	11 kB	216.58.211.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	784 B	112 kB	142.250.74.168
www.heavenlybhutan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	23 kB	468 kB	103.50.162.157
s.w.org	748	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	46 kB	192.0.77.48
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	433 B	746 B	142.250.74.106
c.bing.com	247	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	478 B	795 B	13.107.21.200
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.189.35.180
buttons-config.sharethis.com	6006	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	1.3 kB	54.230.111.117
count-server.sharethis.com	11699	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	506 B	688 B	54.230.111.73
platform-cdn.sharethis.com	11841	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.7 kB	54.230.111.57
heavenlybhutan.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	888 B	1.6 kB	103.50.162.157
code.jquery.com	634	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	34 kB	69.16.175.42
www.jscache.com	16218	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	490 B	731 B	151.101.2.83
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	1.5 kB	142.250.74.131
static.tacdn.com	10336	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	38 kB	151.101.2.83
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	510 B	46 kB	216.58.207.227
lh3.googleusercontent.com	66	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	469 B	959 B	216.58.207.225
googleads.g.doubleclick.net	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	2.8 kB	142.250.74.34
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	1.2 kB	142.250.74.132
b.clarity.ms	3462	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	873 B	20.75.32.255
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	34 kB	216.58.207.202
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	876 B	92 kB	157.240.221.16
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	944 B	143.204.42.165
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	498 B	569 B	108.177.14.156
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	983 B	216.58.211.3
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.77.32
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	54 kB	34.120.237.76
www.tripadvisor.com	8786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	9.7 kB	151.101.130.40
c.clarity.ms	803	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	555 B	20.234.93.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2022-12-09	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2022-12-09	medium	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (44)

	URL	Size	First Seen	Last Seen
	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 4662b9c41cf3a3d3fc8ffd3a0dc8d6a9 50efef9f56112d839fe841609494861472584f94 d06527470fc193f40457743b08f34ed48d404954ffcb3f020fd19ffaed8e850e Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=81582bdb254a94e4464424087c6479a8	37 kB	2023-03-07	2024-04-19
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-19 15:34:19 Times Seen34425 Hash c5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=81582bdb254a94e4464424087c6479a8	227 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash a7eea7059e6ec3dae416af8218628242 1ca4158594ff05a67170f5ab76e90b9fbb3cff75 6eece3fbdb4769f95c3c71e43696b32302db6418dcb778686edd7e332fd56743 Loading...

	www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c	221 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash e9eab53f202df6024e7d48d59a6b2a18 29d28463a4fc3f8e66726e52befc635dd5c5515d ffefe4b05273929e015e30e1c181fc7d2a61f34840ba694bd5fa41e92c70b62c Loading...

	static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js	15 kB	2023-03-07	2024-04-12
Pretty URL static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js IP 151.101.2.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:03:25 Last Seen2024-04-12 16:12:01 Times Seen702 Hash 9d1a046b5d9f975765a5adc3c8f2722e fd964609d091c301d408e879aa431a2a52e74a2c e94e0140ad5ee0dd772ad05d9ba5cc4cf3e2a1f5d420ea5cb783edbdbdda9f10 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	317 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 285677233354e6bc3314aa801b153906 08843186aa460a56ccd0bc935f5d25e59b0a48df 84add2e891aa85cf5778686e3c10c3d892d13c74bade98d89e9a2c8ad1b3fbb8 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	2.2 kB	2023-03-08	2023-03-26
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-03-26 09:01:05 Times Seen2 Hash 2d21848a2dc20dde0a0926605589706c 7cedd7bad3e68adeb83ed08386251893024b2689 9616cb58d32af952fd54c8b5444914bb501004a94685c23a4d87078ebd227119 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash a3a0fe1caf653a01f75cba9c8ab9c67c 5ac9e624f11b78fdd4597a61d336428b7069db20 1c5611fe8aab1bdaf27a0e019282f713589cfcf541d347dfa9b95aa170e1bd6c Loading...

	www.googletagmanager.com/gtag/js?id=AW-10952182701	182 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10952182701 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 253894eca3147cf60007de1f9b54ec4c c5a5347ad221276738775fbd4204566a56e1755c 381394cc94213fc3c82c26042d26d88c1234f6f0434d6e6a8f67274caeb0f75a Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=81582bdb254a94e4464424087c6479a8	3.4 kB	2023-03-07	2023-10-24
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2023-10-24 11:59:07 Times Seen23 Hash 7fc0f2a754835e99a8ffbd26b6d7de97 a33477eda851e548dcff03014a5f9e92f1ae88b1 74e96d956bb5697d88ac6c4f715bee9c9bc79c34e466cbadae6be2111eb92cd9 Loading...

	connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022	3.1 kB	2023-03-09	2023-03-09
Pretty URL connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 3582d06760def8fe6337594fc743f684 181b5bb5d04671b2abc08176ba90df84f58d71b6 da5f39dec2ceda73f23c9b8c098bdab227b7db2e3b8909dcc40db0525e292165 Loading...

	www.clarity.ms/tag/80x2itprfu?ref=bwt	1.4 kB	2023-03-09	2023-03-09
Pretty URL www.clarity.ms/tag/80x2itprfu?ref=bwt IP 13.107.246.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 0c3eaa4559a6b202d525a15116c42fb9 0ce51e43ff6ad1b7528daa4aa8dcc50d76ab3ce7 5828d41903c5923dcb57f0d6f3ae89e6f8c0df9a1c6999b9bfd3903701ebadf5 Loading...

	code.jquery.com/jquery-1.12.0.min.js	97 kB	2023-03-07	2024-04-19
Pretty URL code.jquery.com/jquery-1.12.0.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:02 Last Seen2024-04-19 15:34:19 Times Seen4922 Hash cbb11b58473b2d672f4ed53abbb67336 66f47b885d587aa9a6c453ae3f2c9a382e5c7ec7 5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	158 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:08:29 Last Seen2023-05-13 11:06:47 Times Seen5 Hash aebf4930ad6b1b89e384f946c6a519f4 d9e8db4ee405495358914048b1a6454a1927f183 7ef3b8c3d5640112ebe93f49829cbd3893ba355e6cf6498eebf849a33dbe2553 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	440 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 0130183c1c138771b5e140b838f02d45 6d18d592e74f9d192127fe24777409b9162bb8de 41fea4019aab929879874fc4a82257e127891888d6e60afc5b9e0006de4feb18 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	290 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 11f2283e1c750c1da6332c37c228e260 9d4737fb37702cbb878de00420775c26ff050646 781566367ad976baa8969ad6bf9e0da9b7dba96e31d9fb598bdf85a6696eb178 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	161 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash d077e03a82bf86d21b930cbf5f61f946 77d7fbaa3f829cb17bddacc17ae80a700320eaf6 d9247e8f2539f5ae91de2ee01e6583da39012112f3c3201f7319920bb5a39d82 Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=81582bdb254a94e4464424087c6479a8	16 kB	2023-03-07	2024-04-16
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:33 Last Seen2024-04-16 20:21:02 Times Seen1527 Hash da941a6e1e1df098744318f6d25ba13a 15f441d0df5a01efc674d62b88c0c95bf233656a 2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967 Loading...

	www.googletagmanager.com/gtag/js?id=UA-233581752-1	112 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtag/js?id=UA-233581752-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 7ffcae88c13337743dbc554088700778 f795938bd134ecccb16870ef114e17722eebab35 9353ce65f6ed48276823b5066449906834039e62a51fb1b29998a281ec6f3812 Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=81582bdb254a94e4464424087c6479a8	9.4 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen7 Hash d09a2fa35d2925f8c00c657ec546d882 0448e16938b5ced39d61476c9f9a8f1ba611ef56 f2b70decc8610045eb84a80cbf669c3a1e52b2435e7c6fe3703893649001b38a Loading...

	www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US	15 kB	2023-03-09	2023-03-09
Pretty URL www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 46be5a1708293dea12a4921bf50f2464 e5797652d1d6fa9fa9c8c24d3a45336077c6e2ba 0d1f6dbb8b66b1563f53c5df1b39be5bd5ba6c6bab3d9c86631ab2d1ff257443 Loading...

	www.google.com/pagead/1p-conversion/10952182701/?random=1670618033152&cv=11&fst=1670618033152&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=427529449.1670618033&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-08
Pretty URL www.google.com/pagead/1p-conversion/10952182701/?random=1670618033152&cv=11&fst=1670618033152&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=427529449.1670618033&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-08 20:17:10 Times Seen63935 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js	763 B	2023-03-08	2023-04-23
Pretty URL buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js IP 54.230.111.117 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash d561e09722a4e9a9aab1f41b2c7f9be7 050d4da83989f4a5a65e5293ed8ca2cfaaf91502 c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js	93 kB	2023-03-07	2024-04-16
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:06 Last Seen2024-04-16 14:06:13 Times Seen649 Hash e7155ee7c8c9898b6d4f2a9a12a1288e d1b0ac46b41cbde7a4608fb270745929902bac7c fc184f96dd18794e204c41075a00923be7e8e568744231d74f2fdf8921f78d29 Loading...

	www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=81582bdb254a94e4464424087c6479a8	19 kB	2023-03-07	2024-04-19
Pretty URL www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-19 20:39:52 Times Seen37996 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	307 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 24c9615b420990184e85d339ce329af0 64b833a695004bc86e4a760480b382206af5427f f8586d7463fb771d4a2dff579bf79770e6bb84c26d7d8b9c09d6af171ed52412 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	112 B	2023-03-08	2023-12-16
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-12-16 12:31:38 Times Seen31 Hash 19c3937333be96ebffcd5efb99f9c031 3ed57d8bb8aa7658ff6a30994e41cb9f31d5a9bc 0c5c780d572dca2e1cf3dc126075151a6e8df0d09f8d78fc99019c54b2ca05d6 Loading...

	www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2	307 B	2023-03-08	2023-05-13
Pretty URL www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 IP 151.101.2.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash 309f508854c65cd4aba2417165dd9231 90676003edc377e88e6695efd87e492aaf25d1e4 01e85ac42ac2db3eaa19e9a392c9a30acca1e17e76e68da2a73bf00cf852e723 Loading...

	count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe	176 B	2023-03-08	2023-04-23
Pretty URL count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe IP 54.230.111.73 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash b658a5a578c8434f6f5dd7dea671c0fe c126e491ef71e7c0565501d8d6f615e8cbfc2b74 52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	76 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash c6049ee23733acab27282589c2f68aea 0fbb9f5997cbdab7882dd04cd1fc4ee2da6b670d b8917247009ebb885de89942ea8da2e67290c780ee3329725cd62fa5a97a85bd Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=81582bdb254a94e4464424087c6479a8	5.2 kB	2023-03-07	2024-04-19
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=81582bdb254a94e4464424087c6479a8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:36:09 Last Seen2024-04-19 12:44:12 Times Seen755 Hash 44701cfb0078345ec1d432f661e33709 0b31dabace05042ee29f5989b0191e7e4072a88f 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	325 B	2023-03-08	2023-04-05
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-05 02:11:52 Times Seen3 Hash b7a25b8919d62bbb07ca33682a1ed053 2e9e58d8a038393d88dc1ee39920624069454921 6c2c31f52cb8a456975fcbd98f17b12ef7f2ed8ada6f853e6f56fe89d76f844c Loading...

	platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop	197 kB	2023-03-08	2023-03-13
Pretty URL platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:38 Last Seen2023-03-13 03:12:01 Times Seen1 Hash c8bc939471ef6dab0c390710d339b448 e11ff1d6671b1d8a0df09e4bf1e3b577d36ffea6 f2543598ef1f4ead06a604ac151e0466dd405bd6fcce02c9074567066eb89085 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	314 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 7d2264c623db9f85c7026ded89332ce1 8b0581df9c85e9eee272d2359cd00fd49615d9f0 6a82739904bc8ba680c1ecb8e7fa96e35d3806b7bc8f75575bb75cdcdd00fa4c Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8	23 kB	2023-03-07	2024-03-25
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2024-03-25 18:21:41 Times Seen12 Hash 6568b156990a9cc281edbcfd520e1144 0ad0d5bcf640f88cd1ce75b339757c21b5ee3e65 0df1f7d62263a13e19684a322a0cf45889033f7a83fc6ace824f7be093de95ec Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	84 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash fecf798e33f7abf83dcb48aa3f0b8f15 14db8bfc490d48ed6eb4e33a6bb13d39f8e62e2b dcbf0f78627a3697478f393225667707b718cb880c1620d988a598f5ebd07e36 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	136 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 8cf5394d9049dd6e25ee686f24fa2dfa a4ba0ce28631767912f8e095d283830e135cff8c 17e99ef63fefcec20cf375cfe02410cbc64e9623748efc336bb50d424bb49969 Loading...

	connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0	3.1 kB	2023-03-09	2023-03-09
Pretty URL connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 9d4419452e4b8dcceacbe7ead44bb72d c8834ed06095d5f02de0fb7f6a65e4967bbe02b0 0fd8c27efd7664d8136378c824cdaf4b461a1288af1834a0fdd3702262a3662b Loading...

	connect.facebook.net/en_US/sdk.js?hash=0c26e5a3d8c4323618e36736995baf43	313 kB	2023-03-09	2023-03-09
Pretty URL connect.facebook.net/en_US/sdk.js?hash=0c26e5a3d8c4323618e36736995baf43 IP 157.240.221.16 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:22:47 Last Seen2023-03-09 00:27:10 Times Seen1 Hash 28318b97d102c937f1cadd661b7cb3eb e4caf2ff1c2d6cf2249d92c2ed6ea7576402047d 86ad48d6f812ae1c1ce5e0ee2f19279ef07439679a2ba36455af2c77aeaa4920 Loading...

	www.google.com/recaptcha/api.js	850 B	2023-03-08	2023-03-17
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash a6d9f11246866ef6247a51ae9116cf53 1ba0ec4e57dd5d3845edb729fea44e6f709c7aca 60eac53947f6a289ca775891e56b3a4a1084cb8763fe2bf4220b759a58761f1d Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MMC9V55	96 kB	2023-03-09	2023-03-09
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MMC9V55 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 9c6088badc69403ce7ebc9fadd0c7771 3001d314a7abb4d3ff34a29f7c76ab0930a8332d 779c910c529b9ed9bb39daa64201c4790c99ba9ff8269195ba1f0993a6d84a67 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033144&cv=11&fst=1670618033144&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=427529449.1670618033&data=event%3Dgtag.config&rfmt=3&fmt=4	2.1 kB	2023-03-09	2023-03-09
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033144&cv=11&fst=1670618033144&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=427529449.1670618033&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 142.250.74.34 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:25 Last Seen2023-03-09 00:26:25 Times Seen1 Hash 01c75d0994df63249be52cc09abe5812 01384bf2198b4cf559bc3eb83d8df12506fe757b 10d5a47577dda4ff9e216a363c61a1eb2956666b7d2727f4a9758a3c5b603ed3 Loading...

	www.clarity.ms/eus2/s/0.6.43/clarity.js	55 kB	2023-03-08	2023-10-23
Pretty URL www.clarity.ms/eus2/s/0.6.43/clarity.js IP 13.107.246.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:44 Last Seen2023-10-23 15:37:18 Times Seen9 Hash 441723b72633b1ac9757ad7c63168005 806166ca9ebb5839dd90a5e5c9335e3e0b18c169 cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11 Loading...

HTTP Transactions (127)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18199
Expires: Sat, 10 Dec 2022 01:37:08 GMT
Date: Fri, 09 Dec 2022 20:33:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4212
Expires: Fri, 09 Dec 2022 21:44:01 GMT
Date: Fri, 09 Dec 2022 20:33:49 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13086
Expires: Sat, 10 Dec 2022 00:11:55 GMT
Date: Fri, 09 Dec 2022 20:33:49 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 20:08:20 GMT
content-type: application/json
age: 1529
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 00gq2tiqKlGuNvJqac+bdlzE0or1fjIDPar0GeiIa8mHxoCEP8bmK3HGanNgMIdasD2XAJm+jAg=
x-amz-request-id: NCDA4J2HG3ZKQ79X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 19:50:23 GMT
age: 2606
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 20:33:49 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

280 B

URL HTTP/1.1
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
280 B (280 bytes)
Hash
023ac1b25303dd2b521ec25e1274e490
c44bc2238f7227be4cc63f75c0eee098bc01cd66
634cebac5c21890cbed71111b2342cc5792fe987a2b41bd75c9a6866cbec06e9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 20:33:49 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Cache-Control: max-age=0
Expires: Fri, 09 Dec 2022 20:33:49 GMT
Content-Length: 280
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 20:07:55 GMT
age: 1555
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4288
Cache-Control: max-age=135873
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:50 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:18:23 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4OHRnTDFYxYmQJhSCLxX/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: j3fOY5iywylZE+sDXMxD1SSJSQ8=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
236995a6c34524e5098bff899130a47a
8f2a771f8ab55e72cc2db8d3837f9d087dc5b0e0
f80282490e8ef9ddf4ae149aa7c5aa99482fb9123e64b120b811a2ff11240d54

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F80282490E8EF9DDF4AE149AA7C5AA99482FB9123E64B120B811A2FF11240D54"
Last-Modified: Wed, 07 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 10 Dec 2022 02:33:50 GMT
Date: Fri, 09 Dec 2022 20:33:50 GMT
Connection: keep-alive

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

0 B

URL HTTP/2
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
expires: Fri, 09 Dec 2022 21:33:51 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
x-content-type-options: nosniff
location: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 20:33:51 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14878
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 20:33:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14878
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 20:33:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14878
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 20:33:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14878
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 20:33:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14878
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 20:33:52 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 59205
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7801 bytes)
Hash
8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 17:48:23 GMT
age: 9929
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 60726
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 16:56:53 GMT
age: 13019
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 46163
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 61165
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

code.jquery.com/jquery-1.12.0.min.js

69.16.175.42

200 OK

34 kB

URL HTTP/2
code.jquery.com/jquery-1.12.0.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32060)
Size
34 kB (33820 bytes)
Hash
e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337

HTTP Headers

GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 20:33:52 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1670618032.dop002.sk1.t,1670618032.cds248.sk1.hn,1670618032.cds229.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a49ab5ecc317aa7e4724050053737549
3ffff77715bf8c5dbcbb5e17abbbc2c683c36f60
844f25237f9906c3fb977d58259e132c41dacbbe546adc8b45e9992e6ee711c0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js

216.58.207.202

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (65479)
Size
33 kB (33396 bytes)
Hash
a1dbc2376faed4d6de4f5918c679a3d5
a9deb320a96ac3ddd24bb431b2854ff64f789e5e
6c96b4087484f1793973c8bb673eae22e7798be772392a0eed8f5f9252a472d8

HTTP Headers

GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 20:01:12 GMT
expires: Mon, 04 Dec 2023 20:01:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 433960
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

553 B

URL HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
553 B (553 bytes)
Hash
1309ff133720d219cc98090d66a051ed
b96fc5a893e42be16d687d7abdecdb13d348a019
358683c66634ea5ee3021c93111d8621d583880bcbbfadf3ec2ff87a15ea1038

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 09 Dec 2022 20:33:52 GMT
date: Fri, 09 Dec 2022 20:33:52 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 553
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-233581752-1

142.250.74.168

200 OK

44 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-233581752-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
44 kB (43663 bytes)
Hash
4c90e8da9398badc26755f79edafbcdc
9e5f31d475b3e77a901068963d19697a3556a994
51339f709d3614dcc3a1445ce993eb4cf66931c4b9c0ee04af7cf21ed080a46d

HTTP Headers

GET /gtag/js?id=UA-233581752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 20:33:52 GMT
expires: Fri, 09 Dec 2022 20:33:52 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43663
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-10952182701

142.250.74.168

200 OK

67 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-10952182701
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2919)
Size
67 kB (67087 bytes)
Hash
7892146837ae5e34bfd5d696dd098f71
0d913400f14da026136fb4e37caac445bf404b46
e2607ae05024b97f56563906a62b324d2d6ac8716431872f739a6ce9f0e4670c

HTTP Headers

GET /gtag/js?id=AW-10952182701 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 20:33:52 GMT
expires: Fri, 09 Dec 2022 20:33:52 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67087
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5496e18a30e039b44989d9a0e932d4bc
c5bfb1b9ce711e38d69e78486017f07cc47fe04a
26a3ad286e479cdabfcbb5a9d3fada211c73650628a35c80944b0e7e8aad27e0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

151.101.2.83

301 Moved Permanently

0 B

URL HTTP/2
www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
151.101.2.83:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.jscache.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: envoy
location: https://www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
expires: 0
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
timing-allow-origin: https://www.tripadvisor.com
content-type: text/plain; charset=utf-8
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:53 GMT
via: 1.1 varnish
x-served-by: cache-bma1629-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670618033.852780,VS0,VE148
content-length: 0
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1

103.50.162.157

200 OK

189 B

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
189 B (189 bytes)
Hash
5a18e16eb01cbaa862eb32e6b77bedb2
3abf9b913cc9f558f02cba7c9b822f8d1812cb96
d2b5af913332941d5ae7786d1fa70e0d009315c4ede6ad5b80d0f663bb54521f

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 02 Nov 2022 12:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 189
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1

103.50.162.157

200 OK

4.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (21597)
Size
4.5 kB (4487 bytes)
Hash
7f01d3c2dd8fdc231241f6a3b10def8c
76646b14e9ce97d384b9adb20c622f09c7ecd140
999c4a983cd4b5a1a7652aa436630a18c1a6dbf91de090c903ab507b07df536a

HTTP Headers

GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 27 Oct 2022 00:19:31 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4487
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1269 bytes)
Hash
967924886f14c2bf9ea1d320dc4c6c4e
7adfd48f7d7215535dfd7db7a025999ad6bab52d
9d7b368e9ea3c04bf17f94c8080202d0a9ab1fee6e5143840fa5bf0617d133bc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 27 Mar 2018 06:42:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1269
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

1.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.1 kB (1102 bytes)
Hash
6fe412ab00fa602fbdff1ebc56c0122f
30a1a170684805d401207dc3c29bbbc16ed5795a
86158384e8fce089c0b8ec4d2cca88be20511262a175da582df15465e464caba

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 31 Mar 2021 04:15:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1102
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

5.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
5.2 kB (5195 bytes)
Hash
0a8bd7341207a9042050c53b5e7bac6d
e21aa6bed02c4b6ee4cdc76c2870a737b27add14
6787293b487d3e4dd641e3e0b60b49d508a419979910abceeabac53601865cec

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sun, 03 Dec 2017 13:28:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5195
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8

103.50.162.157

200 OK

1.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6095), with no line terminators
Size
1.7 kB (1699 bytes)
Hash
807a495302e6eb0e3d2ab42f64c02887
564ea424819ad6206fcc7a5a5467fd0dbd41fed1
c91eef585a2f5367b79656186abeeefe032770a34518a8963e7590cee6f5d0ec

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 04:47:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1699
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

6.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (28996), with CRLF line terminators
Size
6.7 kB (6743 bytes)
Hash
7213a021dbfa18b6ab789d989851a85d
71b427dfe5f56d60224aec1701d6f28f1443b18e
e917493cb9c90fd02626a3e4762d6ae81ebdb7a2d7c4ee58f1ccc970c72c301f

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2017 12:33:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6743
content-type: text/css
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1270 bytes)
Hash
236b893cd98b54dcb08404e1528e0b1f
1d37376aa3654fbdc995bdb3364f514623fb1860
865643694d61d92f91d3a361cb2a74da85a5e04869ae789ab583e2d81e8c1bf6

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 07:24:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1270
content-type: text/css
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8

103.50.162.157

200 OK

2.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (5151)
Size
2.5 kB (2542 bytes)
Hash
fd9c26ea2ed860f8ad3c2b5c5acde541
f5e4ed76ae73cca96cbdb5c022e4dd818c14933c
81795e3474e0377e81da01f5e3f1261cf2ec7563cec0e842dfd0ade2acf7042c

HTTP Headers

GET /wp-content/tablepress-combined.min.css?ver=8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 10:11:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2542
content-type: text/css
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

5.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (15660)
Size
5.3 kB (5321 bytes)
Hash
710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 25 May 2022 00:19:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3

103.50.162.157

200 OK

3.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (11263), with no line terminators
Size
3.1 kB (3051 bytes)
Hash
51c75ba5a9163d96efde16b2702385e1
a7562e7da4ccca3b2a3788eb96e3d962aa2eace7
13167fe3f53391caa833d40793f29d744e995a09990722c71627de0d91de8bdd

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 27 Mar 2021 05:10:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3051
content-type: text/css
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8

103.50.162.157

200 OK

4.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (566)
Size
4.2 kB (4235 bytes)
Hash
2cd208e374b2cfe6ef4a6b635763f557
213b7d514e751ec2dd0732943d5329c559f7945d
658a4d4dda5ecb6f50e80dc35818551fcdc895d771b1ca33df0ca5ba2d791250

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4235
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

9.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (484), with CRLF line terminators
Size
9.4 kB (9390 bytes)
Hash
1a00aae64e3669cbb6f7f4da1b2093f4
3dd8365cc3010850be912c02402a6a1a6cdc316b
8a1696e586703108bcf0b7d5e4b29a4dc44f560db077aca88e4105a2dc3d6844

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2016 13:57:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9390
content-type: text/css
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

7.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with very long lines (14856)
Size
7.1 kB (7080 bytes)
Hash
25ff635e4eac54a25b43a6678c0ac374
dca3ba9f3acfe4641ff899e00777f8ce21a47353
9f0a810379d2839d367899bffce144a24f2e0401f5ee036a8ff9d235ab8d0abc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2016 13:12:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 7080
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png

103.50.162.157

200 OK

2.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 144 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2194 bytes)
Hash
fd24547c88cf7fa5f1c58c0dfad6d4b7
e07b978e1e901c9ee6c6b8799f541f68a7ae7753
323e547899c863adfb3f0ae96d7e6c7ccf147a425653d29a7b6c68132798b5a0

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 09:42:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2194
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1453 bytes)
Hash
9f96c4202ffbe12fb4d7bd331cd76ec1
3bdd87b1bd0f76c7443f5e423956408eed3a3860
f7ffe7691ac1cf2ef7d64a5ad72d632e39d5b54ece90f2e5051d09de6a9d6476

HTTP Headers

GET /wp-content/uploads/2019/11/facebook-review-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:25:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1453
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1462 bytes)
Hash
00995660effd64403d80003b82cb91f4
a3e2d1b5751946e79f0deaa51e46d4a9cf2d7d53
1c08cf5a927fc42729c530e44ff2fe003ec0ad2f757f9d7fa1c169e3b65f92ce

HTTP Headers

GET /wp-content/uploads/2021/02/google-review-ico.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 20 Feb 2021 05:56:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1462
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png

103.50.162.157

200 OK

1.6 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.6 kB (1641 bytes)
Hash
e876c7268acd72c8475b7d0c2534162c
83cac186c0ebc22bbd94e4258d3b9f89bfdd93e0
6f0b5cf3682fa65fa3abc8de286e2cc8a2335b4f13b617ecc8e7e1b4c78bc697

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/img/avatar.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:23:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1641
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 351672
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

67 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
67 kB (66812 bytes)
Hash
90b7fe4a30c62c9ac146cd71e1a2a9db
66fb6220f25f8e61073a1b993a21680b272d8092
bf83daea22652cda4b9bcbb1458f60d36c5ff5d58b6af97eed6ccd5f723ec396

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 28 Jun 2018 10:17:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

2.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (4991)
Size
2.1 kB (2142 bytes)
Hash
7709d149d74f9f8672bc2634ae80854e
7c47e83c1c8a31fb4cdef3a045960801bbc09f9a
f6c020cfd458ba4f998e07401853518cf27d27e9841de43d4bfd78e6b59bcafa

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2142
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1530 bytes)
Hash
812a8ca3bfaf6470c1df6440236656a3
e9834f19e6680485977881875c5f56a27f81f415
a56e486cba71dd18706fb0616851a458d044b6e779b8e8d29b4ce6f134d0163e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 10:55:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1530
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1338 bytes)
Hash
051b85ffbfbffb06086f46ee3d10d64f
2c482cbf5506b08adfb85e3eac90efc92c1f4bda
c5ca6532d1dd7294a3745bf288c552474bb264bc1e2d913af09f26405cdd69e1

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1338
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

1.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.8 kB (1845 bytes)
Hash
d0681317b0b8f966b7285bdc2aeae277
a6240b58e048482b676e00e2d7ef33c2f9ea4145
efcc620e18e485ac4c40d4bc54d7927a5d2a901dcd43d452fff0b67f18a7650e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/main.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 May 2020 07:16:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1845
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png

103.50.162.157

200 OK

3.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.4 kB (3442 bytes)
Hash
64d8e2b9d3c9a5d91014879ac7e19b1b
4511e9bea60d232d0a25cb120708764aeac63284
28e7b2c026d1adc94d152b8e50dedca32245d43476a70bdc26e679e2b162948d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3442
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

151.101.130.40

200 OK

3.4 kB

URL HTTP/2
www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
151.101.130.40:0
ASN
#54113 FASTLY

File type
data
Size
3.4 kB (3354 bytes)
Hash
a4f504cf07e5343db8ca19b5e47a9423
3f563bcd8481a6e6795ffcf6ed8c5702adb40257
b45731e484510f640ec1d6712887e4b3108b9ba56c19cadae4ff706628eaee7a

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
set-cookie: TADCID=vNk-3SC9Pt50gMooABQCFdpBzzOuRA-9xvCxaMyI13IV_gRosiUqMFtMRSUUKo2H1qXoOTFR4ipM7q3D2_B1xVKNp7igN8McbKU; Domain=www.tripadvisor.com; Expires=Mon, 06-Dec-2032 20:33:53 GMT; Path=/; Secure; HttpOnly
__vt=tbXOjfSpu8ULx6bwABQCIf6-ytF7QiW7ovfhqc-AvSHzngTtIfJ6vMd0mfVhvhvWlrkJAwaPvvx6aeGbcoRf1RqJ4PQWlh9Dfa-ObO4UUrvjukcWySX-O9utD2Z6HvIt4Tp71lgP_j0ovKgDSAEehx1-gg; Domain=www.tripadvisor.com; Expires=Fri, 09-Dec-2022 21:33:53 GMT; Path=/; Secure; HttpOnly
timing-allow-origin: https://www.tripadvisor.com
content-type: application/x-javascript;charset=UTF-8
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:53 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670618033.029923,VS0,VE131
vary: Accept-Encoding
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

14 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (32003)
Size
14 kB (14315 bytes)
Hash
90b602e96dc8686ce38d4716c58e7284
701fb82d49244c5ebc04414adee026021f3a251e
d390d1917f2110b49e28e8f78523b3d72c333ef332f4759501e37d1113e92625

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2015 19:34:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 14315
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png

103.50.162.157

200 OK

3.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3770 bytes)
Hash
9eb77fc94de44ca81098297eafa71267
e5f706259e39b76cf62aa9f0e4f8c928cc31173b
72cb50ae5802da4c1ae2b84eec4e6930405d132e676b0b6597d24b413804ff4e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3770
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png

103.50.162.157

200 OK

4.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4728 bytes)
Hash
0ff5cfc35d1d8041d820059e9fa17d10
83cf1c59fc31fec116c65d0ac5c1058415cb87fd
f5e95693cd8f040b5d1af4d6f3b22d4718f9dc1ab1f89d514e18514dc925b12d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4728
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png

103.50.162.157

200 OK

2.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2702 bytes)
Hash
e036f9dbd0e59aaf0f1d0d86d599a3b7
3908447e6f5e97b3775073f0fec276f13c484f56
8ca083d7f6a3b34b391ad095b185e99c6cfaa07ce6219aea09d504ecab0202c8

HTTP Headers

GET /wp-content/uploads/2022/07/site-icon-e1658727344127.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 05:35:44 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2702
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3

103.50.162.157

200 OK

72 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393\012- data
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=81582bdb254a94e4464424087c6479a8
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 13 May 2016 11:44:26 GMT
accept-ranges: bytes
content-length: 71896
cache-control: max-age=0
expires: Fri, 09 Dec 2022 20:33:54 GMT
vary: Accept-Encoding
content-type: font/woff2
date: Fri, 09 Dec 2022 20:33:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Fri, 09 Dec 2022 20:33:54 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/2764.svg

192.0.77.48

200 OK

368 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/2764.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (368), with no line terminators
Size
368 B (368 bytes)
Hash
0483f2b648dcc986d01385062052ae1c
61bd815f1497863265a76d92623042835e5e7fe2
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

HTTP Headers

GET /images/core/emoji/14.0.0/svg/2764.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 20:33:54 GMT
content-type: image/svg+xml
content-length: 368
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 19:34:02 GMT
expires: Fri, 09 Dec 2022 21:34:02 GMT
cache-control: public, max-age=7200
age: 3592
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b658d05e796c732572cbbb288f9dbd7a
66c489a55cdfda30f31c88dd4fbedf1ee138229f
f34d9a993edb309ed27889ac25679317ac691d7ca129aaf0732033013478df0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg

192.0.77.48

200 OK

45 kB

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (941), with no line terminators
Size
45 kB (44939 bytes)
Hash
fd37b0b728126fdcdb56bc3fef7ee010
76e4ac178cb94c3c3b4a40545eadee6ac5c164f8
9819e1ee6ae4768f4bc1952eb573be52e1645ab78bf9dc92f33d387adb3efa88

HTTP Headers

GET /images/core/emoji/14.0.0/svg/1f60d.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 20:33:54 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6c33a1d5d0fc5fe73ec55ac938817ea4
bfc100af7973feb3a7c3501dda66589f08bc6bde
668f1beac80500f1748643c27de6e413b0676a2fa94b0fbb7ef94b1cbab16e50

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg

216.58.207.225

200 OK

338 B

URL HTTP/2
lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
IP
216.58.207.225:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
338 B (338 bytes)
Hash
36f4c583b5b07b9a2dc6ff8475c01140
aec7344593dd0eb2720ea38e8f4e8c1ebbb14a6b
91f5ccaee89c9e29a27400e61f0ca916976b92bb63ba3f4c894e1a24c7095cfe

HTTP Headers

GET /-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename=""
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 338
x-xss-protection: 0
date: Fri, 09 Dec 2022 16:48:21 GMT
expires: Sat, 10 Dec 2022 16:48:21 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
age: 13533
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033144&cv=11&fst=1670618033144&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=427529449.1670618033&data=event%3Dgtag.config&rfmt=3&fmt=4

142.250.74.34

200 OK

973 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033144&cv=11&fst=1670618033144&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=427529449.1670618033&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2131), with no line terminators
Size
973 B (973 bytes)
Hash
2060d3140909ea004e15169335f9bfa8
0f5e3852ca13c9aa48426d9cd8ec962e861105e5
e349de31715659628967488566be4db68e0411c2b0174047511e36a213286464

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1670618033144&cv=11&fst=1670618033144&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=427529449.1670618033&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 973
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 20:48:54 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033152&cv=11&fst=1670618033152&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=427529449.1670618033&data=event%3Dconversion&gcp=1&ct_cookie_present=1

142.250.74.34

200 OK

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1670618033152&cv=11&fst=1670618033152&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=427529449.1670618033&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP
142.250.74.34:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1670618033152&cv=11&fst=1670618033152&fmt=3&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=427529449.1670618033&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 20:48:54 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1&z=1518749610

142.250.74.131

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1&z=1518749610
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1&z=1518749610 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

connect.facebook.net/en_US/sdk.js

157.240.221.16

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1687 bytes)
Hash
374489afe66715710695ba53df979128
52bdf635b891b5c557231f41da0b46d298999de1
105dcc6d0b99f48b9b48c7efb4881e81cca7b57c3dc32be2463e964de55941d8

HTTP Headers

GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9d4419452e4b8dcceacbe7ead44bb72d
etag: "99605757d0233366d83ca9f4f375ad0d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 09 Dec 2022 20:38:12 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: N0SJr+ZnFXEGlbpT35eRKA==
x-fb-debug: CW5A7Woscqt5CfZQvXzaBnMEUxydh3SevYC//hHzp4An8eKOx58VtsRMM143B4ZV3DAqsr3rtc4W2KAtdBkxaw==
content-length: 1687
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 20:33:54 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

84 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (10114)
Size
84 kB (84102 bytes)
Hash
c64416442de7a54f206938faa171ed8d
785cbd81d7d6ee04d2c4c44d39f139ad8551cb04
565a3011ae8a80a31477779504b0958e05240cb6faa5a801d560448101b8abd4

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 27 May 2020 07:53:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js

151.101.2.83

200 OK

4.6 kB

URL HTTP/2
static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
IP
151.101.2.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (13794)
Size
4.6 kB (4647 bytes)
Hash
08ebca29872d38bac5db15e89842ce54
1aa1db2be2f0d6538ca2d5aa8696391256eda62a
b1637b545eb89a5142710dacaf4e0b9c7e8af380acccbc9fe1678d26b4074ff0

HTTP Headers

GET /js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 17 Nov 2023 23:42:26 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/x-javascript
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:54 GMT
via: 1.1 varnish
age: 1889488
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 16624
x-timer: S1670618035.622892,VS0,VE0
vary: Accept-Encoding
content-length: 4647
X-Firefox-Spdy: h2

static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css

151.101.2.83

200 OK

5.1 kB

URL HTTP/2
static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
IP
151.101.2.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (26406)
Size
5.1 kB (5137 bytes)
Hash
0161b3d4a3adb9245e5ac72965dc125d
f19742a7ddbd8145d2a89bd58e1417c7acad59fa
d8405c798647de03dd223c06c49f8c97d3b6e96f1ba44461cd6e60b78660f5cb

HTTP Headers

GET /css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Thu, 25 Aug 2022 11:31:45 GMT
cache-control: max-age=31536000, immutable
expires: Thu, 07 Sep 2023 00:49:56 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: text/css
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:54 GMT
via: 1.1 varnish
age: 8106238
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 7116
x-timer: S1670618035.622540,VS0,VE0
vary: Accept-Encoding
content-length: 5137
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8105b33e4e3af998e9d016e156205c22
dfa2f5cecd72be8ec63d5f833b82cd993a5ce8b9
4a682a72e5d599d48706927cbc0852df5ac36dbb57747681cc2ee91c719c7ccf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b658d05e796c732572cbbb288f9dbd7a
66c489a55cdfda30f31c88dd4fbedf1ee138229f
f34d9a993edb309ed27889ac25679317ac691d7ca129aaf0732033013478df0c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

404 Not Found

39 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
39 kB (39134 bytes)
Hash
a9ab5c6d9a45a43644b2169eecc5699e
d79a549ea6ccae41127630e8dfb4120b9e99be01
ab9f9712b83e159df30ed1d306574ed0ce8d209610597584bc4894c13c2c8df8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/10952182701/?random=1670618033144&cv=11&fst=1670616000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3645548666&rmt_tld=1&ipr=y

142.250.74.131

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10952182701/?random=1670618033144&cv=11&fst=1670616000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3645548666&rmt_tld=1&ipr=y
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10952182701/?random=1670618033144&cv=11&fst=1670616000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1280&u_h=1024&frm=0&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3645548666&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png

103.50.162.157

200 OK

61 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 789 x 816, 8-bit/color RGBA, non-interlaced\012- data
Size
61 kB (61443 bytes)
Hash
8ef4768b9dddfba5e60bab8a3198c7ba
0217fda4639eb3b3c526006b5b3c1918264e0b32
1afdbde748a556076a2748b6f9a55523424a94432f3892dbc160f8195b91455a

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:13:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
101b88a5a141e4659cc3150b7ca565b6
898ea48b6bb3c316e651cb4bc6451be06c050ab9
5ae54f788fa6724f16af03528f24db2ecbbefd8e5fc9af7fb2a79551911ca09f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5011
Cache-Control: max-age=162144
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 20:33:54 GMT
Etag: "63935e7f-1d7"
Expires: Sun, 11 Dec 2022 17:36:18 GMT
Last-Modified: Fri, 09 Dec 2022 16:12:47 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/sdk.js?hash=0c26e5a3d8c4323618e36736995baf43

157.240.221.16

200 OK

88 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=0c26e5a3d8c4323618e36736995baf43
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
88 kB (88457 bytes)
Hash
868fe2e5d3c795f990215d0ba242b0b3
f4e462733d1b883dff11b380a4d6a2b78420a520
7eaaa77acc449521c8afb05bf8afd367019d9c5cb2e2209533ad6df6400e73b2

HTTP Headers

GET /en_US/sdk.js?hash=0c26e5a3d8c4323618e36736995baf43 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 28318b97d102c937f1cadd661b7cb3eb
etag: "4a81a2bb110d0991535a6f04369af6d0"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Dec 2023 18:46:15 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: ho/i5dPHlfmQIV0LokKwsw==
x-fb-debug: LZwNdkQNdTLOSQSEblpFK8w7Th8/l9F33fXCbNVm3pVfzednHFsP9UCkwMIJx+JHmuDj9jkVlFtghxIOyfo0fg==
priority: u=3,i
content-length: 88457
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 20:33:54 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png

103.50.162.157

200 OK

1.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1373 bytes)
Hash
66bca48be9ab9ade409124603161521b
e7302b18db5561118e775c33943be87b774e45f2
301f6b6efef20378c0c2f98586c9f73a05bfb0db528a4e4c41c6fd239a74da5c

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-32x32.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.427529449.1670618033; _ga_KLTY4E3YBY=GS1.1.1670618033.1.0.1670618033.60.0.0; _ga=GA1.1.1885999038.1670618033
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:54 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1373
content-type: image/png
date: Fri, 09 Dec 2022 20:33:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png

103.50.162.157

200 OK

11 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11430 bytes)
Hash
e10502927cb3f23b202e7cb82fc07796
64454b2191829153b92a11424ab3765832d63f0c
73bed124aa35379906624895beca4c6853d2c3933ab334dc04ff958c4bcaf16a

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-192x192.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.427529449.1670618033; _ga_KLTY4E3YBY=GS1.1.1670618033.1.0.1670618033.60.0.0; _ga=GA1.1.1885999038.1670618033
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:54 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11430
content-type: image/png
date: Fri, 09 Dec 2022 20:33:54 GMT
server: Apache
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oebu0&_p=1803757369&_gaz=1&gdid=dZTNiMT&cid=1885999038.1670618033&ul=en-us&sr=1280x1024&_s=1&sid=1670618033&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oebu0&_p=1803757369&_gaz=1&gdid=dZTNiMT&cid=1885999038.1670618033&ul=en-us&sr=1280x1024&_s=1&sid=1670618033&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&gtm=2oebu0&_p=1803757369&_gaz=1&gdid=dZTNiMT&cid=1885999038.1670618033&ul=en-us&sr=1280x1024&_s=1&sid=1670618033&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1

108.177.14.156

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1
IP
108.177.14.156:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&cid=1885999038.1670618033&gtm=2oebu0&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Fri, 09 Dec 2022 20:33:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b63242440e9688d4da130d5a5f513328
a76e351d6c0f6cdabb9f12a2f821434d7bb316ed
a817c7bef822eb9ec4c45deffd0274704ac9106743ed33da2a25a76c8e9f2551

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 09 Dec 2022 20:33:54 GMT
Last-Modified: Fri, 09 Dec 2022 19:40:33 GMT
Server: ECS (bsa/EB20)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p2A8kU0VUF7Le70RQObFEkfPi4bPwZWsKTUDmBCaJicDPI0cSERxeA==
Age: 3201

l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en

3.121.117.121

204 No Content

0 B

URL HTTP/1.1
l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
IP
3.121.117.121:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Fri, 09 Dec 2022 20:33:54 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive

buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js

54.230.111.117

200 OK

763 B

URL HTTP/2
buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
IP
54.230.111.117:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (763), with no line terminators
Size
763 B (763 bytes)
Hash
d561e09722a4e9a9aab1f41b2c7f9be7
050d4da83989f4a5a65e5293ed8ca2cfaaf91502
c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9

HTTP Headers

GET /js/5a3603310c3a12001239de22.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 763
last-modified: Mon, 18 Dec 2017 11:52:59 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 20:33:56 GMT
cache-control: max-age=60,public
etag: "d561e09722a4e9a9aab1f41b2c7f9be7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rpMpyM0vHM6jCQfwKZfTKhCY-koMWAgcsSBFYGEKauGUHHJ6q5jLrQ==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023

151.101.2.83

200 OK

26 kB

URL HTTP/2
static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
IP
151.101.2.83:0
ASN
#54113 FASTLY

File type
Web Open Font Format (Version 2), TrueType, length 26252, version 1.0\012- data
Size
26 kB (26252 bytes)
Hash
2d0c909fe09ed8ef77056363d8963d2e
f81b7dc1acf5a2c25e46a893be5fe09622716d70
b182c7fce760e8851d7e91095237ff86a4f7036c78ddf4107ead869ff2f3502a

HTTP Headers

GET /css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023 HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://static.tacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Sun, 13 Nov 2022 12:30:06 GMT
cache-control: max-age=2592000, immutable
expires: Thu, 22 Dec 2022 00:44:30 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff2
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:55 GMT
via: 1.1 varnish
age: 1540165
x-served-by: cache-bma1629-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1670618035.257143,VS0,VE1
vary: Accept-Encoding
content-length: 26252
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 785
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Fri, 09 Dec 2022 20:33:54 GMT
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/facebook.svg

54.230.111.57

200 OK

301 B

URL HTTP/2
platform-cdn.sharethis.com/img/facebook.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
301 B (301 bytes)
Hash
c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

HTTP Headers

GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Dec 2022 03:05:07 GMT
cache-control: public, max-age=2592000
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sE8o6zBGc4ra3TAcL0_2UNQdmNDfKvlj66gcmOavbuoYJXiSld5m-A==
age: 145195
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/twitter.svg

54.230.111.57

200 OK

731 B

URL HTTP/2
platform-cdn.sharethis.com/img/twitter.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (575)
Size
731 B (731 bytes)
Hash
0af2fb38987598376c99e21af17ade45
bfbdfd0b1a2dcef714e347928bd11b8410dc7ca2
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

HTTP Headers

GET /img/twitter.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 731
date: Sun, 13 Nov 2022 03:02:50 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "0af2fb38987598376c99e21af17ade45"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ngTQwUHmSH594mW3kdEUKOcunAXp8K35QieoF5NRI_7TQp1iRoA-dA==
age: 2309466
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/pinterest.svg

54.230.111.57

200 OK

771 B

URL HTTP/2
platform-cdn.sharethis.com/img/pinterest.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Size
771 B (771 bytes)
Hash
2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

HTTP Headers

GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
date: Mon, 28 Nov 2022 01:10:18 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KlxKEj5O1CYXkY2Xps2v7ft6YnidqcR8FSS8fsqt7wnyLLnw7QibXg==
age: 1020218
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/email.svg

54.230.111.57

200 OK

343 B

URL HTTP/2
platform-cdn.sharethis.com/img/email.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
343 B (343 bytes)
Hash
5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

HTTP Headers

GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
date: Tue, 29 Nov 2022 16:56:04 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qAMgM1Zb8E4De11INTJGb7ghFBRhs74ssx010PW47qdnx7g1kNgu_g==
age: 877071
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

18 kB

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
18 kB (18232 bytes)
Hash
8fc978f5765826688e68a1b0865dcb10
158f78589a5f82439e4c90ed2d5c3175276aa710
9bf13665f1c53dad2fad52a86d8cfd1c71d101f33877e64b689071fcf312915a

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 16 Nov 2022 00:19:54 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/arrow_left.svg

54.230.111.57

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_left.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

HTTP Headers

GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
date: Thu, 08 Dec 2022 02:05:38 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "b55d8d2b9321e381a3c38a4bddb74037"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wdpBWxg7zhtftjETk7h-KaOc-7wgyVJlqnM6osgOxi8k4IPbiUdihg==
age: 152898
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg

151.101.130.40

200 OK

2.3 kB

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
IP
151.101.130.40:0
ASN
#54113 FASTLY

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.3 kB (2315 bytes)
Hash
bf29758e41903e1fabdc4a19c89bac9b
1ff70aca18e5d207268b7888d56ab2a897909ff8
6936f35bf6375797c7d4a526dd6bfdf2a5f3d0dfb4e4d1e9e292ce31bc45702c

HTTP Headers

GET /img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Sat, 10 Dec 2022 08:33:55 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
set-cookie: TADCID=qfVli2DWuNoCGi0SABQCFdpBzzOuRA-9xvCxaMyI13IV_s8iNQ8JTAGdJIxroQYEwWirgX6FIlOvE2mFywv0epgFi4Gf7DJH12I; Domain=www.tripadvisor.com; Expires=Mon, 06-Dec-2032 20:33:55 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A7zweuZcTl2fk7nWhzVPS6shGd0grv0wJPDdOQuHs%2Fpk2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Sun, 08-Dec-2024 20:33:55 GMT; Path=/; HttpOnly
__vt=8e3bzoyEt0D0OL3BABQCIf6-ytF7QiW7ovfhqc-AvSHznozU1qFYe9vWwzexHmWWvh-SiECGOc4qrN3lMVrRot1kuNpeDpbQXda5W0yfrXeMQHEpZ4AIYfQ6i1IQdezBef7DaGz4jljcV0OsGe77RdU2Yw; Domain=www.tripadvisor.com; Expires=Fri, 09-Dec-2022 21:33:55 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.647D4997405C9E8E7F23704B0F2CC70E*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=T; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-12-09; Domain=.tripadvisor.com; Expires=Tue, 07-Feb-2023 20:33:55 GMT; Path=/
timing-allow-origin: https://www.tripadvisor.com
content-type: image/svg+xml
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:55 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670618035.207431,VS0,VE119
vary: Accept-Encoding
X-Firefox-Spdy: h2

count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe

54.230.111.73

200 OK

176 B

URL HTTP/2
count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
IP
54.230.111.73:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
176 B (176 bytes)
Hash
b658a5a578c8434f6f5dd7dea671c0fe
c126e491ef71e7c0565501d8d6f615e8cbfc2b74
52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34

HTTP Headers

GET /v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe HTTP/1.1
Host: count-server.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 176
date: Fri, 09 Dec 2022 20:33:55 GMT
cache-control: no-cache, no-store, must-revalidate
etag: b658a5a578c8434f6f5dd7dea671c0fe
apigw-requestid: c5VEEhroIAMESNA=
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XWDE_QBBguqm3sGNst7uEUuaNogCpgaoTDrmzqq3-_F47FsJoJazKw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

c.bing.com/c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&RedC=c.clarity.ms&MXFR=0457AEA436B469AC3565BCD132B46704

13.107.21.200

302 Found

0 B

URL HTTP/2
c.bing.com/c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&RedC=c.clarity.ms&MXFR=0457AEA436B469AC3565BCD132B46704
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&RedC=c.clarity.ms&MXFR=0457AEA436B469AC3565BCD132B46704 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&MUID=26D0E5370F5061AD3BD4F7420E07602D
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=26D0E5370F5061AD3BD4F7420E07602D; domain=c.bing.com; expires=Wed, 03-Jan-2024 20:33:55 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 31730641FC3643DA9DD2EC25083E84F4 Ref B: OSL30EDGE0321 Ref C: 2022-12-09T20:33:55Z
date: Fri, 09 Dec 2022 20:33:54 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&MUID=26D0E5370F5061AD3BD4F7420E07602D

20.234.93.27

200 OK

42 B

URL HTTP/2
c.clarity.ms/c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&MUID=26D0E5370F5061AD3BD4F7420E07602D
IP
20.234.93.27:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?CtsSyncId=20BEEA975C1743E7A44A017A3D996D57&MUID=26D0E5370F5061AD3BD4F7420E07602D HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Fri, 09-Dec-2022 20:43:55 GMT; path=/; SameSite=None; Secure;
date: Fri, 09 Dec 2022 20:33:55 GMT
content-length: 42
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 114383
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Fri, 09 Dec 2022 20:33:55 GMT
X-Firefox-Spdy: h2

b.clarity.ms/collect

20.75.32.255

204 No Content

0 B

URL HTTP/2
b.clarity.ms/collect
IP
20.75.32.255:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2956
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.heavenlybhutan.com
access-control-allow-credentials: true
date: Fri, 09 Dec 2022 20:33:57 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=81582bdb254a94e4464424087c6479a8

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=81582bdb254a94e4464424087c6479a8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/main.css?ver=81582bdb254a94e4464424087c6479a8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 04:28:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:52 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 09 Dec 2022 20:33:52 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

216.58.211.3

200 OK

0 B

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 197632
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.clarity.ms/tag/80x2itprfu?ref=bwt

13.107.246.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/tag/80x2itprfu?ref=bwt
IP
13.107.246.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag/80x2itprfu?ref=bwt HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=920b5e59f0c047d8b2fbc00da4ce3901.20221209.20231209; expires=Sat, 09 Dec 2023 20:33:54 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
x-cache: CONFIG_NOCACHE
x-azure-ref: 0spuTYwAAAAC+cz2njbYLQ5p6TIEjudnuU1ZHMjBFREdFMDYxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 09 Dec 2022 20:33:54 GMT
X-Firefox-Spdy: h2

www.clarity.ms/eus2/s/0.6.43/clarity.js

13.107.246.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/eus2/s/0.6.43/clarity.js
IP
13.107.246.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public,max-age=86400
content-type: application/javascript;charset=utf-8
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d90b0402dd6f4c"
server: Microsoft-IIS/10.0
x-cache: TCP_HIT
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-azure-ref-originshield: 0i2CTYwAAAABpeeOky75NSKCJG0nVOL32QU1TMDRFREdFMTgxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-azure-ref: 0spuTYwAAAACcgmfx8eHwRLy/GgGkRLhMU1ZHMjBFREdFMDYxOQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 09 Dec 2022 20:33:54 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/pokhara-large.jpg HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 20:33:54 GMT
server: Apache
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png

151.101.130.40

200 OK

0 B

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
IP
151.101.130.40:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Sat, 10 Dec 2022 08:33:52 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
set-cookie: TADCID=6my_QMK3O13QnJUiABQCFdpBzzOuRA-9xvCxaMyI13IV_uGdwbYV1LcSANcs9y6J7dt646fEtRdKad1kgHvCKSv-FxmqwDddON0; Domain=www.tripadvisor.com; Expires=Mon, 06-Dec-2032 20:33:52 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3ANCwvj5pjOh7k7nWhzVPS6shGd0grv0wJBOwmr52cdTQ2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Sun, 08-Dec-2024 20:33:52 GMT; Path=/; HttpOnly
__vt=sDf49CtvfUbBX2dkABQCIf6-ytF7QiW7ovfhqc-AvSHzni5hC951xKB9coMc3wtnVsXofJEZVrYE9hkVXnZcpLry8u0s5l2bTx7fuwlVwiWIc1i0EcI5JW9_ViPVaKiK6tCr1_tKjr6dv6ZDW-hTrCRI8Q; Domain=www.tripadvisor.com; Expires=Fri, 09-Dec-2022 21:33:52 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.33CE113A012548D0C475BBD5DE2C954A*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=X; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2022-12-09; Domain=.tripadvisor.com; Expires=Tue, 07-Feb-2023 20:33:52 GMT; Path=/
timing-allow-origin: https://www.tripadvisor.com
content-type: image/png
accept-ranges: bytes
date: Fri, 09 Dec 2022 20:33:53 GMT
via: 1.1 varnish
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1670618033.929321,VS0,VE129
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:400,600,700|Raleway:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 20:33:53 GMT
date: Fri, 09 Dec 2022 20:33:53 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/hello123/sw.js HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/2021/08/WhatsApp-Logo.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 10:40:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 09 Dec 2023 20:33:53 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Fri, 09 Dec 2022 20:33:53 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (44)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations