r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16568
Expires: Wed, 05 Apr 2023 03:51:56 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11188
Expires: Wed, 05 Apr 2023 02:22:16 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:16:42 GMT
content-type: application/json
age: 3546
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157301 Moved Permanently 280 B URL HTTP/1.1 heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 023ac1b25303dd2b521ec25e1274e490
c44bc2238f7227be4cc63f75c0eee098bc01cd66
634cebac5c21890cbed71111b2342cc5792fe987a2b41bd75c9a6866cbec06e9
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Apr 2023 23:15:48 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Cache-Control: max-age=0
Expires: Tue, 04 Apr 2023 23:15:48 GMT
Content-Length: 280
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20176
Expires: Wed, 05 Apr 2023 04:52:04 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 1345
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 27326a64990c6f698a83600491674790
a6bdb4743ace6be80673f6899605bf9177a75b69
e4a8d3c3016130e47580098183bcea5ae369697b7907eafd65ac3450dc2eb265
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4A8D3C3016130E47580098183BCEA5AE369697B7907EAFD65AC3450DC2EB265"
Last-Modified: Mon, 03 Apr 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4730
Expires: Wed, 05 Apr 2023 00:34:38 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 22:17:29 GMT
age: 3499
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P0F+iIoCFcv52bv5kNyGaw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qvR7qRUsZpI6NuI1jAuQxbJXlXk=
Date: Tue, 04 Apr 2023 23:15:48 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 688c7aa7d0fa9f541fdc9e1a2b95e692
60d139080d4de6dee67ea0213209b0df1c0e8b8d
6d22d562b079ea5bd544a234dd1131243528e7f98a1de051e0da334ec6e70f66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D22D562B079EA5BD544A234DD1131243528E7F98A1DE051E0DA334EC6E70F66"
Last-Modified: Tue, 04 Apr 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Wed, 05 Apr 2023 05:15:26 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157301 Moved Permanently 0 B URL HTTP/2 heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata high ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 301 Moved Permanently
expires: Wed, 05 Apr 2023 00:15:49 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
x-content-type-options: nosniff
location: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:48 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 98437f675562ae2af8df0fdaf1369f43
c4deaf8e798062e62d94f95268b5164ff40ebced
ee9c92d96eb1f6214f6bf42b234bc144d0cada1746fbd94ee8b595d8b765165b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jquery.com/jquery-1.12.0.min.js
69.16.175.10200 OK 34 kB URL HTTP/2 code.jquery.com/jquery-1.12.0.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (32060)
Hash e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337
GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:15:50 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680650150.dop202.sk1.t,1680650150.cds002.sk1.hn,1680650150.cds229.sk1.c
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
103.50.162.157200 OK 1.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (6095), with no line terminators
Hash 807a495302e6eb0e3d2ab42f64c02887
564ea424819ad6206fcc7a5a5467fd0dbd41fed1
c91eef585a2f5367b79656186abeeefe032770a34518a8963e7590cee6f5d0ec
GET /wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 04:47:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1699
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
142.250.74.170200 OK 33 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
IP 142.250.74.170:0
File type Unicode text, UTF-8 text, with very long lines (65479)
Hash a1dbc2376faed4d6de4f5918c679a3d5
a9deb320a96ac3ddd24bb431b2854ff64f789e5e
6c96b4087484f1793973c8bb673eae22e7798be772392a0eed8f5f9252a472d8
GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 18:05:12 GMT
expires: Sat, 30 Mar 2024 18:05:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 364238
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js
142.250.74.132200 OK 557 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 3c03fc06caa4972d216de05b8ed194e0
47ad55ee73d74f61dc5ebd825606e814118bbe3e
fed213f7bcf6ef86e7dbe06d59ece8fcf80213ce468a6c2b8ecc162230b6d70c
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 04 Apr 2023 23:15:50 GMT
date: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-233581752-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-233581752-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 3963446ac651a45b1adf166eb2dafb10
37aa5d847689f98b376a5756b49857427b0a2ee1
31fefe4dd981eb5e385971635941a98d85038baa398dc23d18cbbbf90351e085
GET /gtag/js?id=UA-233581752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Apr 2023 23:15:50 GMT
expires: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Apr 2023 21:08:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44926
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3
103.50.162.157200 OK 4.9 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (24702), with no line terminators
Hash ad695865c255bac1b0269376f1b37a27
47b9b7d823d0076d561f77bf79e25cee080995c7
ed6dffe5fc7db84ec0052ea6567fdbdc43502a8f422d80bbbfbfe1c53d5bba52
GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 22 Mar 2023 00:20:26 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4916
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 210 B URL HTTP/2 www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash a8f5adb01a17d608468beca934ff9e95
20303241ccbdbd180fd959cdf4c263c258870067
bcdca1820dc365b0a6c38b70739928ffb660a1cee9776ce5682a5feedd2824a3
GET /wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 210
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 967924886f14c2bf9ea1d320dc4c6c4e
7adfd48f7d7215535dfd7db7a025999ad6bab52d
9d7b368e9ea3c04bf17f94c8080202d0a9ab1fee6e5143840fa5bf0617d133bc
GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 27 Mar 2018 06:42:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1269
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 5.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with CRLF line terminators
Hash 0a8bd7341207a9042050c53b5e7bac6d
e21aa6bed02c4b6ee4cdc76c2870a737b27add14
6787293b487d3e4dd641e3e0b60b49d508a419979910abceeabac53601865cec
GET /wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sun, 03 Dec 2017 13:28:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5195
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 1.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 6fe412ab00fa602fbdff1ebc56c0122f
30a1a170684805d401207dc3c29bbbc16ed5795a
86158384e8fce089c0b8ec4d2cca88be20511262a175da582df15465e464caba
GET /wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 31 Mar 2021 04:15:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1102
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10952182701
142.250.74.168200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10952182701
IP 142.250.74.168:0
File type ASCII text, with very long lines (2379)
Hash 29c980773855d8e7a52f6b9fdf0104e5
e8faaeebf000501d3722dbf4faa8087cfaa2792b
ea0127235535a6d8071b1c9b77b7dbe38683d25a93e3d9c29ccd71314eaffa35
GET /gtag/js?id=AW-10952182701 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Apr 2023 23:15:50 GMT
expires: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Apr 2023 21:08:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66176
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 31 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 657b200dd483f984c1da25a96cfa5f27
2079ea1d5aeadd95b1b7e9a6f0dad3a56d2f9e3b
bb01566f0fae463c8b380ed797264427caa5d5779f4cdf140d12822d1287e7b7
GET /wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 04:28:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 56c71eaf36368e415c26682707de1f4b
11fa3f31278035c07813bf6f17361ac20442c900
a86434a20450dfd2b7787c1759e2e9b502bc89cf579fed44e6e698b27fc90203
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive
www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=14
103.50.162.157200 OK 2.8 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=14
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (6151)
Hash 49008f8f4357ed5325490ed74f7d2c8a
14f174dd3f5171fc4fd4717e7d26b15fcbd61a6f
2b31e6ab094b5e8daed6587ac5e065cc83e77896aed629f58d321c155ec233e3
GET /wp-content/tablepress-combined.min.css?ver=14 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 23 Mar 2023 00:20:13 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2766
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 6.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (28996), with CRLF line terminators
Hash 7213a021dbfa18b6ab789d989851a85d
71b427dfe5f56d60224aec1701d6f28f1443b18e
e917493cb9c90fd02626a3e4762d6ae81ebdb7a2d7c4ee58f1ccc970c72c301f
GET /wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2017 12:33:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6743
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d37a005990b494f2fbb22b15e95355aa
6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a
89fb008ff33bc826389dab4b4ae6e54f24800102e5ab4993d541ac1a9d2f91b8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8166
x-amzn-requestid: c20672fe-1108-40c6-af1f-8c63f2524380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cr60YHdWIAMFVSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427d81b-7b7c250f5c9862e42bb65d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 07:07:07 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 0JOT4HqAs3-jE9Ab_IYNG52lR4sTPDa7u1T8pF-mzBVJI6GOa0Y5XA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:12:55 GMT
age: 3775
etag: "6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 368daf089289cba50cd12298597e78a4
f84ad2d3eacfd5aeefd918838f69fcc962c63e51
7a1b8d38402e819ae571d358a7f9b8e430d02ec622cb0434eedb3788849ffb63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9371
x-amzn-requestid: a2353b11-26d6-4e26-bab1-79d407cbfa75
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqE4dIAMFfQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-579eb6016ba594714b5f714f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7hVSS2Tvs280ZBl1nCT_3KXWGqz0Ep5PUVe7WkoG9xqq6L2A3c6Qhg==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:53:33 GMT
age: 4937
etag: "f84ad2d3eacfd5aeefd918838f69fcc962c63e51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
151.101.130.83301 Moved Permanently 0 B URL HTTP/2 www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP 151.101.130.83:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.jscache.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: envoy
location: https://www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
expires: 0
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
timing-allow-origin: https://www.tripadvisor.com
content-type: text/plain; charset=utf-8
x-request-id: 8961b08e-74c9-4df5-934c-f9f8fe440229
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680650150.217834,VS0,VE156
content-length: 0
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 20ff30ea98e9f9086ee28d4ac369e938
40aee6f21d4958a8e36bb9e9359a1784bb4e059d
1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:47:01 GMT
age: 1729
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9132183080e6510ff7309e59efa59e75
9ce62f7aee64552638ff948e89b2ddf4f20bdff7
b888ab47550e87b46ed8377a0a6e8679fda7b2751473827bcba328aa4ce207ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5686
x-amzn-requestid: 3900b1cb-78c9-43d6-9c98-6f00d8635e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CooSOHAaoAMF6RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64268741-002861655352e48c6a833c80;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:09:53 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: XPqgiYowyfmy22TeKddE1Q7KybhFQNNaBi6XE7HRoCW9gWWIb-kVHA==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 19:58:14 GMT
age: 11856
etag: "9ce62f7aee64552638ff948e89b2ddf4f20bdff7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0c14dd9bfa7f1f37c711973900dbb5af
c8dea8f9cafcf7d108c93156f40537e78f7da88f
b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Q-yoSHYZcCHlnNSX3Gyzw6wLmH6Mr2z9WR39wfa8lgEVJhh5rPE6_A==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:35:57 GMT
age: 5993
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dd12555800d3b88954dfea270dc2e42e
1ef8b33524eacd8ea134937f55b2b4c704215992
0da83c486b906ca380982c4006e5b6d9235863056fb43945d74b55453ba07e8b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9667
x-amzn-requestid: 688e8919-43f5-461e-8fe2-c37f9d9d4771
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CoomuG7gIAMFWMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642687c4-4f0b41fe5abeb8af44317551;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:12:04 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Eg7iFXrRmw7NlzCTZaSqetbmBptwCFtp7h2ZIWf_on4gPlXUQp_2fA==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 19:58:14 GMT
age: 11856
etag: "1ef8b33524eacd8ea134937f55b2b4c704215992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
23.38.201.85200 OK 6.7 kB URL HTTP/2 www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
IP 23.38.201.85:0
File type PNG image data, 336 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 94e8c1fd1a7fc695af3d4e0ee15999d2
687f1c33739b9b64832a90876b7fcfed46f5c529
5e3adb4d54bcbc57e019efdf0a413ee8631470c53a2a23e7cf276fbe1bdef6c6
GET /img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 05 Apr 2023 11:15:50 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/png
x-request-id: c76ec274-fe13-42a5-8a3c-29f9fd8d01d7
content-length: 6689
date: Tue, 04 Apr 2023 23:15:50 GMT
set-cookie: TADCID=KRLPj1nynW49WHFSABQCXdElnkGETRW-Svh01l3nWnSjIA0fljcinEiNps8nr6fQw85Gdr3ylA0btM2tvm3AFtTZ8p7Sv7oLXRM; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:50 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A47DCjwo%2BLM3k7nWhzVPS6nS%2FfUSW5NQqRclv76nJbQA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:50 GMT; Path=/; HttpOnly
__vt=BDkxGElm-X38xpg7ABQCwDrKuA05TCmUEEd0_4-PPCSAwA6_mTVoPFJdXxjUey0lYpH1pk17fllzYeKpP6zH8H5-_XWvcWEc0DJgPrE7xGzDqjvXmdbOpFK4EaTzdWqNHJyTGaHNorU2eYXBxWK7Tcy4rA; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:50 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.0C8230F25BD947D02DF6BC649AEF093B*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=B; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2023-04-04; Domain=.tripadvisor.com; Expires=Sat, 03-Jun-2023 23:15:50 GMT; Path=/
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
103.50.162.157200 OK 3.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (11263), with no line terminators
Hash 51c75ba5a9163d96efde16b2702385e1
a7562e7da4ccca3b2a3788eb96e3d962aa2eace7
13167fe3f53391caa833d40793f29d744e995a09990722c71627de0d91de8bdd
GET /wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 27 Mar 2021 05:10:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3051
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 14 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (32003)
Hash 90b602e96dc8686ce38d4716c58e7284
701fb82d49244c5ebc04414adee026021f3a251e
d390d1917f2110b49e28e8f78523b3d72c333ef332f4759501e37d1113e92625
GET /wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2015 19:34:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 14315
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 9.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (484), with CRLF line terminators
Hash 1a00aae64e3669cbb6f7f4da1b2093f4
3dd8365cc3010850be912c02402a6a1a6cdc316b
8a1696e586703108bcf0b7d5e4b29a4dc44f560db077aca88e4105a2dc3d6844
GET /wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2016 13:57:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9390
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
103.50.162.157200 OK 1.6 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash e876c7268acd72c8475b7d0c2534162c
83cac186c0ebc22bbd94e4258d3b9f89bfdd93e0
6f0b5cf3682fa65fa3abc8de286e2cc8a2335b4f13b617ecc8e7e1b4c78bc697
GET /wp-content/plugins/fb-reviews-widget/static/img/avatar.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:23:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1641
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 1.8 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash d0681317b0b8f966b7285bdc2aeae277
a6240b58e048482b676e00e2d7ef33c2f9ea4145
efcc620e18e485ac4c40d4bc54d7927a5d2a901dcd43d452fff0b67f18a7650e
GET /wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 May 2020 07:16:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1845
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
103.50.162.157200 OK 3.8 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 9eb77fc94de44ca81098297eafa71267
e5f706259e39b76cf62aa9f0e4f8c928cc31173b
72cb50ae5802da4c1ae2b84eec4e6930405d132e676b0b6597d24b413804ff4e
GET /wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3770
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 236b893cd98b54dcb08404e1528e0b1f
1d37376aa3654fbdc995bdb3364f514623fb1860
865643694d61d92f91d3a361cb2a74da85a5e04869ae789ab583e2d81e8c1bf6
GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 07:24:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1270
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 9f96c4202ffbe12fb4d7bd331cd76ec1
3bdd87b1bd0f76c7443f5e423956408eed3a3860
f7ffe7691ac1cf2ef7d64a5ad72d632e39d5b54ece90f2e5051d09de6a9d6476
GET /wp-content/uploads/2019/11/facebook-review-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:25:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1453
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
103.50.162.157200 OK 3.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 3001ee7b4b2e6d4f72a8c15e833dc94e
7a4e50c47588cd3dbcb0dc37493ffea19048ca19
3f1f1f4cc42a985635913435111a836e7d35773ac94b8308c8a92018ef6b01b0
GET /wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3084
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
103.50.162.157200 OK 3.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 64d8e2b9d3c9a5d91014879ac7e19b1b
4511e9bea60d232d0a25cb120708764aeac63284
28e7b2c026d1adc94d152b8e50dedca32245d43476a70bdc26e679e2b162948d
GET /wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3442
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
103.50.162.157200 OK 2.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 144 x 18, 8-bit/color RGBA, non-interlaced\012- data
Hash fd24547c88cf7fa5f1c58c0dfad6d4b7
e07b978e1e901c9ee6c6b8799f541f68a7ae7753
323e547899c863adfb3f0ae96d7e6c7ccf147a425653d29a7b6c68132798b5a0
GET /wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 09:42:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2194
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
103.50.162.157200 OK 4.2 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (566)
Hash 2cd208e374b2cfe6ef4a6b635763f557
213b7d514e751ec2dd0732943d5329c559f7945d
658a4d4dda5ecb6f50e80dc35818551fcdc895d771b1ca33df0ca5ba2d791250
GET /wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4235
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 00995660effd64403d80003b82cb91f4
a3e2d1b5751946e79f0deaa51e46d4a9cf2d7d53
1c08cf5a927fc42729c530e44ff2fe003ec0ad2f757f9d7fa1c169e3b65f92ce
GET /wp-content/uploads/2021/02/google-review-ico.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 20 Feb 2021 05:56:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1462
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
103.50.162.157200 OK 1.5 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Hash 812a8ca3bfaf6470c1df6440236656a3
e9834f19e6680485977881875c5f56a27f81f415
a56e486cba71dd18706fb0616851a458d044b6e779b8e8d29b4ce6f134d0163e
GET /wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 10:55:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1530
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 2.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (4991)
Hash 7709d149d74f9f8672bc2634ae80854e
7c47e83c1c8a31fb4cdef3a045960801bbc09f9a
f6c020cfd458ba4f998e07401853518cf27d27e9841de43d4bfd78e6b59bcafa
GET /wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2142
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 1.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Hash 051b85ffbfbffb06086f46ee3d10d64f
2c482cbf5506b08adfb85e3eac90efc92c1f4bda
c5ca6532d1dd7294a3745bf288c552474bb264bc1e2d913af09f26405cdd69e1
GET /wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1338
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 7.1 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with very long lines (14856)
Hash 25ff635e4eac54a25b43a6678c0ac374
dca3ba9f3acfe4641ff899e00777f8ce21a47353
9f0a810379d2839d367899bffce144a24f2e0401f5ee036a8ff9d235ab8d0abc
GET /wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2016 13:12:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 7080
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
103.50.162.157200 OK 4.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ff5cfc35d1d8041d820059e9fa17d10
83cf1c59fc31fec116c65d0ac5c1058415cb87fd
f5e95693cd8f040b5d1af4d6f3b22d4718f9dc1ab1f89d514e18514dc925b12d
GET /wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4728
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
103.50.162.157200 OK 2.7 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Hash e036f9dbd0e59aaf0f1d0d86d599a3b7
3908447e6f5e97b3775073f0fec276f13c484f56
8ca083d7f6a3b34b391ad095b185e99c6cfaa07ce6219aea09d504ecab0202c8
GET /wp-content/uploads/2022/07/site-icon-e1658727344127.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 05:35:44 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2702
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 5.3 kB URL HTTP/2 www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type ASCII text, with very long lines (15718)
Hash 5b746d0cd5584b8c5f3681f52e1cc25c
a385a8bab45776cc493297a099df45db9852c15e
a99e7e9b42520feac7b6c1c16fca81bdaa227cc891b4a76303709347aee823e8
GET /wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5344
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
23.38.201.85200 OK 196 B URL HTTP/2 www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP 23.38.201.85:0
File type ASCII text, with very long lines (306)
Hash b3d94b71ff0e248b444852a9ce3ad6fa
ad407449bc9c1a13dad988d6613c166250f19b26
2e6bc6af4b480098eb144a92296372b6ab0a4092af99d5a626bcea9c7a0ac17c
GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
vary: Accept-Encoding
content-type: application/x-javascript;charset=UTF-8
content-encoding: br
x-request-id: 3e09bf36-beda-4c7b-a6a1-f5c83ed50b0a
content-length: 196
date: Tue, 04 Apr 2023 23:15:50 GMT
set-cookie: TADCID=ZNa2CZsIV4LHyAXuABQCXdElnkGETRW-Svh01l3nWnSjIMBKGdVb3mw2wu-j-8dQIohmJbNJpkFzH4cPIu5P7Ach47fyepGyxLc; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:50 GMT; Path=/; Secure; HttpOnly
__vt=Yco934nMYXaiivZHABQCwDrKuA05TCmUEEd0_4-PPCSAwCvmix-FdP7DLcCiRVHA8uOnG219VCD3iQpka53abJnqqfepEX1fElVICGGfLevt86O-AvUAuwKIpxDWhtHtAmV5-_Socdq4ZIJ6mbzJ5dz2; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:50 GMT; Path=/; Secure; HttpOnly
_abck=F4DC26C9F48BE498E9B0E5B1037B2DE0~-1~YAAQBk8kF/YGAA+HAQAARiOOTgkHkvI6pZvYfu38nYwQqWbVjs/gw35Nfn/F1PALK5Wd2fEQaJbAwRwBQNOqR2oy/GKfQ0RmwOlkJPUGV0ZU08bvysOeN1VZIvMDBz5u1RAcb8oN0qyWiwONT4OFi4Cjwy2BmKEYVg2LotV4eiSftGqQTnwKQds6cCoM4qkMZoWolp0tCVcncMw2fV1j9NdA1M5e9ZIIa7n7DSxN3xc9s1KDEOvjIbNYfq3hWCSsLUbFsTQGCIQXa+1ucSkzffLR20h/+i7UpQ1j4AjE1qSf9MVJVKFIONTu1i2yI9K2wxt9K9cB56PKvTsNVOvLqCoj3Dt+9m3N5/R7tmvJqlMgXGkUyQt6EXBXG/ihXxRhtMo=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 03 Apr 2024 23:15:50 GMT; Max-Age=31536000; Secure
bm_sz=66386B5D37958F8CED06529DFEF0D011~YAAQBk8kF/cGAA+HAQAARiOOThO/h+DYTy/iYp8BkC7ozcdEJ5sggkNGqqXaFWzNYH6ax6/GaVhTtEMaZSYMa3a5ILQqt+00U+bWxqlwxg8Ahbt4cbT4gm7N3stnvLIER6IaRPoIDbZU/xQYfeXFvhrKS7xkbPuzirD9TUOtsP7uMGT+VShLKz22FYPvulCla8ikACdWURpegZxcJy4H7TgWWFTrzCFe+9BNyboCV3m6hP7BlCeqCaHdN/ZcrfY/KJFsAs8uOGU3dHetm1X5PIXHjXWwTFaDhAbx1pD2p31Jy57rgCVXYg==~3224133~3621680; Domain=.tripadvisor.com; Path=/; Expires=Wed, 05 Apr 2023 03:15:50 GMT; Max-Age=14400
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 127 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Size 127 kB (127272 bytes)
Hash 0096634718551fb6f155f9b18bffa16d
edb14a03b6739cf84ac38255f664a61eddae4244
c8f42a7084c4c5afce24deff96b34150c22a978aea681e46ebdd152249c5d661
GET /wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 27 May 2020 07:53:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3
103.50.162.157200 OK 72 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type Web Open Font Format (Version 2), TrueType, length 71896, version 4.393\012- data
Hash e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
GET /wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 13 May 2016 11:44:26 GMT
accept-ranges: bytes
content-length: 71896
cache-control: max-age=0
expires: Tue, 04 Apr 2023 23:15:51 GMT
vary: Accept-Encoding
content-type: font/woff2
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2
www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
23.38.201.85200 OK 3.5 kB URL HTTP/2 www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
IP 23.38.201.85:0
Hash 6fcc7ecb1672cb601678d5594fa35e75
2431b4372aed8683468ed88b9c17994a12270b98
05669e91cc6864910417b72adcf8332dcb1d7749075ff513aa6362a4ab562ffb
GET /WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
vary: User-Agent,Accept-Encoding
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
content-type: text/javascript;charset=UTF-8
x-datadome: protected
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
content-encoding: br
x-request-id: bd124498-f172-46a8-8ddb-2fc041cc00af
content-length: 3520
date: Tue, 04 Apr 2023 23:15:51 GMT
set-cookie: TADCID=eXeukjl0doqDBlliABQCXdElnkGETRW-Svh01l3nWnSjIJNf_jxAKnlvMX-51JfhClplIjBgQajJE8ycoaB2_ioOh4ZUpIMKZfU; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:51 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3ApJ2haVufrc7k7nWhzVPS6nS%2FfUSW5NQqiVv9a7YXHKU2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:51 GMT; Path=/; HttpOnly
__vt=X6nUXbliUU-SqLkmABQCwDrKuA05TCmUEEd0_4-PPCSAwD9jm25Si9LqsgnEYRtkWQxtjm1QvEkYyKlSA-OnV75mXA_1B1Wh3F9VfTMRggQjpLxxWHbFjcV6L0ZcR21xlW_qIUgdZMBIXXi5xm0bTEMmlg; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:51 GMT; Path=/; Secure; HttpOnly
TASSK=enc%3AALnQilJiJLEhy18eObnnQ%2FqR3NzZwGpXFoixV9bhRm4FVOqv%2FbJzIBSsTLwvm0BcU5Y7x6%2Fsb4xfI%2FxfuCwpA5iKn%2FOpbjka9ODPAku4sEHjdEKZFAPzkj8SMZVcchtd%2FA%3D%3D; Domain=www.tripadvisor.com; Expires=Sun, 01-Oct-2023 23:15:51 GMT; Path=/; HttpOnly
TASession=V2ID.86A2ABB9903B4E11B88E373F98113600*SQ.1*LS.WidgetEmbed-cdsratingsonlywide*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*DF.0*TRA.true; Domain=.tripadvisor.com; Path=/
SRT=TART_SYNC; Domain=www.tripadvisor.com; Expires=Tue, 04-Apr-2023 23:45:51 GMT; Path=/
ServerPool=B; Domain=.tripadvisor.com; Path=/
PMC=V2*MS.28*MD.20230404*LD.20230404; Domain=www.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:51 GMT; Path=/; Secure; HttpOnly
TART=%1%enc%3A5O51oc1T0uolg5Y9CBYbj%2BtobdW8LP1EizgyjhE0rBLus0xUPA8RXUtst0CCkD%2FCyx9HjuV9fk0%3D; Domain=www.tripadvisor.com; Expires=Sun, 09-Apr-2023 23:15:51 GMT; Path=/; HttpOnly
TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3*RS.1; Domain=.tripadvisor.com; Expires=Tue, 18-Apr-2023 23:15:51 GMT; Path=/
TAUD=RDD-1680650151222-2023_04_04; Domain=.tripadvisor.com; Expires=Tue, 18-Apr-2023 23:15:51 GMT; Path=/
TASID=86A2ABB9903B4E11B88E373F98113600; Domain=www.tripadvisor.com; Expires=Tue, 04-Apr-2023 23:45:51 GMT; Path=/; Secure
datadome=3cuE_rfR4HrGX4U05KWRmYKqT~jJwnpdqbIsLmFTsK~DrzQ14AUytTV2KEntIF0GsMrpGXjMOJcMzXd8B4qIqShaPK60ridscNKal4tQ91n2L4~~iPW-aBP4L2JAv7UW; Max-Age=31536000; Domain=.tripadvisor.com; Path=/; Secure; SameSite=Lax
_abck=09512C99B36C5B64D035378D1C2E5918~-1~YAAQBk8kF/8GAA+HAQAAniWOTgk6qw6U0qYYbNneP2Mg92OA9cI/ifjOV/rykOJOCxEZ1H1W6P0vKPGBj7G2mZwNQCVdJOyn8I1stb6/RBArZWQLpdO6L7V2Bg0xbBi26B9HELuKrkbx0sqk73G8UNClLl1Gbxg5IVgZkCo9LEac0T+TqDql5ApFbiAmiUURtn57AFU578lMETE3160FH/kBE73ZHsFXrb31Unvb76pHpnbo4Zb5o4mToa7IFzOKrytRdCag6adWqtgEe41N1JjCzuYnpGWohmntgBuPao0vVhvdL37H7Gz4NJZL4SWsHp/uMijDMVKCRZGISgNfNcNV4SAqPqoR59T2/vuPw7OWfF0gSph9JaQGvv3jCWORlPU=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 03 Apr 2024 23:15:51 GMT; Max-Age=31536000; Secure
bm_sz=0D791C7E81DD1A96FEDC885897E9ACAF~YAAQBk8kFwAHAA+HAQAAniWOThPzmMG6G8oItXef2eRIU9MxqEB3+r9dSl3OeVrIkGKUacqAGZF7s55TvM0sp2isz9bOQTGWgCmr/RwOmuX9XtC9Gfo3TdzSX0nrS6NI2B5dtGUyzzI6wf4oI+AZVNe5F3dWohSYF+8YXIuDpH7Hz4x4KM8qDLLVwcVQEO0jiAR0BVcLkanLhjabMpBmMquLRw3pmCGrL07lrs4jh9j53yWggv+kaUc+Y5BZNj2A2d+3QlUbA1n5Kpz0cKmYZS851XGXLlELK0x7iOKR/CPhqM8w+SSSgQ==~3229241~3424562; Domain=.tripadvisor.com; Path=/; Expires=Wed, 05 Apr 2023 03:15:51 GMT; Max-Age=14400
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
151.101.130.83200 OK 5.2 kB URL HTTP/2 static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
IP 151.101.130.83:0
File type ASCII text, with very long lines (26406)
Hash 2bebc92408db559342738534ba508a09
ad3717b8c14ce6a6b74ae549160e34e2ee585d16
57f3c4daa2137aa7d96ad39235c7135c84e1d41ff9764cbcd9221dc342eb3a7c
GET /css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Thu, 09 Mar 2023 12:33:43 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 08 Mar 2024 20:04:20 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: text/css
content-encoding: br
x-request-id: 2a35c69c-a837-47ba-ac6f-d462da7064af
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:51 GMT
via: 1.1 varnish
age: 2257891
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 2114
x-timer: S1680650151.401879,VS0,VE0
vary: Accept-Encoding
content-length: 5223
X-Firefox-Spdy: h2
static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
151.101.130.83200 OK 4.8 kB URL HTTP/2 static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
IP 151.101.130.83:0
File type ASCII text, with very long lines (13794)
Hash fa97be86b93aacf79dcad215a94f2b85
e1c90e4f202b3fea3f410ba3d4052a88b072f297
927c614417397c766404de130b1110f1044a693866ddce0b19c04acf0345780f
GET /js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Sun, 26 Feb 2023 12:32:58 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 08 Mar 2024 20:04:16 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/x-javascript
content-encoding: br
x-request-id: cda7d17f-d95b-4630-bc9d-0d2bdcb82901
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:51 GMT
via: 1.1 varnish
age: 2257895
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 6812
x-timer: S1680650151.402253,VS0,VE0
vary: Accept-Encoding
content-length: 4837
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
103.50.162.157409 Conflict 83 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type HTML document, ASCII text, with no line terminators
Hash 26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.142200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.142:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 04 Apr 2023 22:05:12 GMT
expires: Wed, 05 Apr 2023 00:05:12 GMT
cache-control: public, max-age=7200
age: 4239
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1
172.217.21.162200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP 172.217.21.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Apr-2023 23:30:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4
172.217.21.162200 OK 1.3 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4
IP 172.217.21.162:0
File type ASCII text, with very long lines (2813), with no line terminators
Hash 4602d9b35650b5f3523d0949c3b4c389
587fc19e14962f6d8705cda1c15f3b6053aaa11f
435b6320f08a534eb297605eecb7ab0176a48a549fd6e5aab3823705c026ca55
GET /pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1297
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Apr-2023 23:30:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/2764.svg
192.0.77.48200 OK 368 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/2764.svg
IP 192.0.77.48:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (368), with no line terminators
Hash 0483f2b648dcc986d01385062052ae1c
61bd815f1497863265a76d92623042835e5e7fe2
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27
GET /images/core/emoji/14.0.0/svg/2764.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:51 GMT
content-type: image/svg+xml
content-length: 368
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
103.50.162.157200 OK 1.4 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 66bca48be9ab9ade409124603161521b
e7302b18db5561118e775c33943be87b774e45f2
301f6b6efef20378c0c2f98586c9f73a05bfb0db528a4e4c41c6fd239a74da5c
GET /wp-content/uploads/2022/07/cropped-site-icon-32x32.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151; _ga_KLTY4E3YBY=GS1.1.1680650151.1.0.1680650151.60.0.0; _ga=GA1.1.1195200102.1680650151
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:51 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1373
content-type: image/png
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
103.50.162.157200 OK 11 kB URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash e10502927cb3f23b202e7cb82fc07796
64454b2191829153b92a11424ab3765832d63f0c
73bed124aa35379906624895beca4c6853d2c3933ab334dc04ff958c4bcaf16a
GET /wp-content/uploads/2022/07/cropped-site-icon-192x192.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151; _ga_KLTY4E3YBY=GS1.1.1680650151.1.0.1680650151.60.0.0; _ga=GA1.1.1195200102.1680650151
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:51 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11430
content-type: image/png
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2
lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
142.250.74.97200 OK 338 B URL HTTP/2 lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
IP 142.250.74.97:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 36f4c583b5b07b9a2dc6ff8475c01140
aec7344593dd0eb2720ea38e8f4e8c1ebbb14a6b
91f5ccaee89c9e29a27400e61f0ca916976b92bb63ba3f4c894e1a24c7095cfe
GET /-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename=""
x-content-type-options: nosniff
server: fife
content-length: 338
x-xss-protection: 0
date: Tue, 04 Apr 2023 20:12:12 GMT
expires: Wed, 05 Apr 2023 20:12:12 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
vary: Origin
age: 11019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6a7db5abefd460ab737ba19d6233468c
eb119f0e1418e3627a9c24d12b543ea00e1cd53a
d88a1df68e834418ba42c02a8ee6a271eb77c262ae5f45e7a773e11d71b38ce7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6411
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Last-Modified: Tue, 04 Apr 2023 21:29:00 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6a7db5abefd460ab737ba19d6233468c
eb119f0e1418e3627a9c24d12b543ea00e1cd53a
d88a1df68e834418ba42c02a8ee6a271eb77c262ae5f45e7a773e11d71b38ce7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5793
Cache-Control: max-age=140632
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Etag: "642c1b5e-1d7"
Expires: Thu, 06 Apr 2023 14:19:43 GMT
Last-Modified: Tue, 04 Apr 2023 12:43:10 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1&z=1947258664
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1&z=1947258664
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1&z=1947258664 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/sdk.js
157.240.221.16200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (1957)
Hash d676fc7f2772c60a84d14608e20d9192
ee63ce3b808bc9a6f52e656ffcf8b358563392f6
d1931db4efbb9e4f1b71f264c9e4383f166adbe58828d303d860a4775ae12766
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9ac79c447acdbce1617173dcd47e8aac
etag: "294b56243e9a25a259720ed86a2e52db"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 04 Apr 2023 23:25:52 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 1nb8fydyxgqE0UYI4g2Rkg==
x-fb-debug: sV+HC8ucKeI1HQGSsM81YoJmASJUKKBBQmUNNfxpLsLzZR5Erxobx5u/lD2TU9cVKtfPssuy5xmqf0n3VI6IpQ==
content-length: 1685
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
connect.facebook.net/en_GB/sdk.js
157.240.221.16200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_GB/sdk.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (1957)
Hash 951b1538ecde6789756c9b56bc05e3f3
7bf9d1c985f4a7275c7c7ecb34049e33ddf41ecb
985895f6630ce5fa03ce5fc693cf367bf67c6af6817b15a5ea9dbecf6823152c
GET /en_GB/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6646ab22db414b266b50090fbb846f70
etag: "95d8b4cc86ccb1881113d0f86f13cbd6"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 04 Apr 2023 23:28:19 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: lRsVOOzeZ4l1bJtWvAXj8w==
x-fb-debug: j/AzBaOYBOvx9x9EE+ce6HYby4SSnKGf4MPheOOXMxbJd0YqOrbR0hF3w5iGodLaHEab/uH3QOZkC4Jr6Bxgfw==
content-length: 1686
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
142.250.74.35200 OK 166 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (582)
Size 166 kB (166464 bytes)
Hash b81d6636c3ad72c63e532e5180eaf7f9
ddcd059999fff6218e98af62dbe3fa9c885a0de8
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef
GET /recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166464
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 09:29:05 GMT
expires: Wed, 03 Apr 2024 09:29:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 28 Mar 2023 00:02:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 49606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.163200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.163:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1>m=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT>m_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 20 kB IP 192.229.221.95:0
Hash 51a8b0bca8748283c2e9cc04929de237
e6b0a61888c93f3f1c2da82375c7de65fb04fa89
3aafd9dff30ed16d7fe4c6e17a59d54de72a7d8da885f03abb16a4db764e9583
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6411
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Last-Modified: Tue, 04 Apr 2023 21:29:00 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db
157.240.221.16200 OK 89 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db
IP 157.240.221.16:0
File type ASCII text, with very long lines (18530)
Hash ec935c6146be19713ee3e09a795c5bc2
7f978969d8200571bbe75a5ba71f7e13190610cd
566f8c07838a0248290b37bef921e2bfbae9c26c1b81d6a4a9abef6c97e55e31
GET /en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 416af2b923360f988b9c6a1df74575cb
etag: "69d7938cbf5ffd7bcbf188e7fc02deaa"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 03 Apr 2024 21:54:21 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 7JNcYUa+GXE+4+CaeVxbwg==
x-fb-debug: C7k62HIABN7qbFByM1M1+apuW8ZIHaokzZRvbwzSyCSOqpuyMVuEUp7NPMK6ndIr06eq9sC31ko4E9yGgQxcOw==
content-length: 88580
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
142.250.74.106200 OK 40 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
IP 142.250.74.106:0
Hash 639feb376a330274c6315a4ad13eca70
83df15b409d2806a4086a7f9e840a65baab9dbf4
36eeeee21cb76d88c9c1c0458a5276bb645c8087ccec28e9fdf24a4c79c501c1
GET /css?family=Open+Sans:400,600,700|Raleway:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Apr 2023 23:15:50 GMT
date: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY>m=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY>m=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KLTY4E3YBY>m=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 04 Apr 2023 23:15:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
3.122.91.229204 No Content 0 B URL HTTP/1.1 l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
IP 3.122.91.229:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 04 Apr 2023 23:15:52 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1
64.233.161.155204 No Content 0 B URL HTTP/2 stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1
IP 64.233.161.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151>m=45je3430&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 04 Apr 2023 23:15:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
54.230.111.11200 OK 763 B URL HTTP/2 buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
IP 54.230.111.11:0
File type ASCII text, with very long lines (763), with no line terminators
Hash d561e09722a4e9a9aab1f41b2c7f9be7
050d4da83989f4a5a65e5293ed8ca2cfaaf91502
c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9
GET /js/5a3603310c3a12001239de22.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 763
last-modified: Mon, 18 Dec 2017 11:52:59 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Apr 2023 23:15:53 GMT
cache-control: max-age=60,public
etag: "d561e09722a4e9a9aab1f41b2c7f9be7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m6LioT8sZ69eFegjAuNdxLe9gfaAwmS_YRm_QKmFN5TKz70hz1M2QQ==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
oneocsp.microsoft.com/ocsp
204.79.197.203200 OK 1.8 kB URL HTTP/1.1 oneocsp.microsoft.com/ocsp
IP 204.79.197.203:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 4b7cef060377d8d797de38dbc384a141
3007d1ec547cb26dcda09d88836cc1d87ed33352
0e1929cc6957c95f01c212cd3e70114f1d2a5a7fdaf533ce650401591d436823
POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 10 Apr 2023 15:50:18 GMT
Last-Modified: Tue, 04 Apr 2023 05:08:22 GMT
ETag: "0e1929cc6957c95f01c212cd3e70114f1d2a5a7fdaf533ce650401591d436823"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A4103B5F82FC4CC38C0B221B5AB5E971 Ref B: OSL30EDGE0208 Ref C: 2023-04-04T23:15:52Z
Date: Tue, 04 Apr 2023 23:15:51 GMT
static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
151.101.130.83200 OK 26 kB URL HTTP/2 static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
IP 151.101.130.83:0
File type Web Open Font Format (Version 2), TrueType, length 26252, version 1.0\012- data
Hash 2d0c909fe09ed8ef77056363d8963d2e
f81b7dc1acf5a2c25e46a893be5fe09622716d70
b182c7fce760e8851d7e91095237ff86a4f7036c78ddf4107ead869ff2f3502a
GET /css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023 HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://static.tacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
last-modified: Mon, 13 Mar 2023 09:30:01 GMT
cache-control: max-age=2592000, immutable
expires: Thu, 27 Apr 2023 22:40:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff2
x-request-id: f0c9c6b5-77d7-424d-a1ad-073026fb1b0b
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:52 GMT
via: 1.1 varnish
age: 606901
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1680650152.448881,VS0,VE0
vary: Accept-Encoding
content-length: 26252
X-Firefox-Spdy: h2
www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
23.38.201.85200 OK 2.2 kB URL HTTP/2 www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
IP 23.38.201.85:0
File type SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 0a90d137f0ab6c2f260541dc08a9476c
8fd94d963512b86c935c7ea42095d1a3535ba4ff
e4f64730b81ec869a8dc84a2f1102e4134fdf8dfbe308253f6d2b05ef6ff6af9
GET /img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 05 Apr 2023 11:15:52 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: br
x-request-id: 333a3419-79c7-4b89-a68f-039f5efddb2a
content-length: 2202
date: Tue, 04 Apr 2023 23:15:52 GMT
set-cookie: TADCID=trSXh63yWywW9DA9ABQCXdElnkGETRW-Svh01l3nWnSjIJqqr6ncVnFI0K6Alp2fpSvhWQa0YrNsiAemTIEr9l-HmCRSChFH5xo; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:52 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A7zweuZcTl2fk7nWhzVPS6nS%2FfUSW5NQqT%2BZR9RAe4kQ2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:52 GMT; Path=/; HttpOnly
__vt=9rYGe6iyF805I6cBABQCwDrKuA05TCmUEEd0_4-PPCSAwK3St4siMoMrfaGIN4YOFGRAh2gbjRvzStSHyLu-5twn_xMkhTEurHwKDv2CsUg1i9XfQTjwqen-Ot8GCZT-cb6i7UGnDaVsJcZfH7GzFjqa; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:52 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.33FCD7035F14C0FCB13D676C4FAEEB51*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=T; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2023-04-04; Domain=.tripadvisor.com; Expires=Sat, 03-Jun-2023 23:15:52 GMT; Path=/
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/facebook.svg
54.230.111.57200 OK 301 B URL HTTP/2 platform-cdn.sharethis.com/img/facebook.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 15 Mar 2023 12:15:15 GMT
cache-control: public, max-age=2592000
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yef3ZNCFuVosm961S-MNCFPCfP_1cSavg5IjC-4T11slcdmkjkAdUQ==
age: 1767638
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/pinterest.svg
54.230.111.57200 OK 771 B URL HTTP/2 platform-cdn.sharethis.com/img/pinterest.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Hash 2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d
GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 12 Mar 2023 02:20:42 GMT
cache-control: public, max-age=2592000
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WnEwl5LcGPNbqHD1F0hZx0cqYGfJN2oGoCsUghcPFTFzjnoJ_Yd4Wg==
age: 2139373
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/email.svg
54.230.111.57200 OK 343 B URL HTTP/2 platform-cdn.sharethis.com/img/email.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 18 Mar 2023 12:29:41 GMT
cache-control: public, max-age=2592000
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r6QbSix1zEVl2FIhZvS7vTsVyr-tNbk3FIO2N7olnNI7qUX3DH4uCg==
age: 2402371
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/twitter.svg
54.230.111.57200 OK 731 B URL HTTP/2 platform-cdn.sharethis.com/img/twitter.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (575)
Hash 0af2fb38987598376c99e21af17ade45
bfbdfd0b1a2dcef714e347928bd11b8410dc7ca2
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
GET /img/twitter.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 731
date: Sat, 25 Mar 2023 01:32:34 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "0af2fb38987598376c99e21af17ade45"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qfIPJN9nctdwDyEh84dHt4G1pAD3Yuua1t_NTyl8UOPVFjJ9v_JblQ==
age: 942199
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
y.clarity.ms/collect
104.211.35.148204 No Content 0 B IP 104.211.35.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 687
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 04 Apr 2023 23:15:52 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
platform-cdn.sharethis.com/img/arrow_left.svg
54.230.111.57200 OK 565 B URL HTTP/2 platform-cdn.sharethis.com/img/arrow_left.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Hash b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
date: Fri, 17 Mar 2023 04:08:29 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "b55d8d2b9321e381a3c38a4bddb74037"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jc88mt3gPkuqxpr-RmIxilT95ALUHoGIJv2fJzNwqyIqoFbHR7MJZw==
age: 1624044
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
platform-cdn.sharethis.com/img/arrow_right.svg
54.230.111.57200 OK 565 B URL HTTP/2 platform-cdn.sharethis.com/img/arrow_right.svg
IP 54.230.111.57:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Hash 9928d025bd5792b718ee0a185f62e67c
16406d7b5b6d383b12859b853cf6cb7e3733e33d
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
GET /img/arrow_right.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 16 Mar 2023 04:13:41 GMT
cache-control: public, max-age=2592000
etag: "9928d025bd5792b718ee0a185f62e67c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nBf3NSldXWRpJez2tPX9s-_0oJdNXfSkrl8WeqAzWUJj2iaXSQqI2w==
age: 1710137
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
c.clarity.ms/c.gif
68.219.88.97302 Found 0 B IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=31A0C0FE5A1D6DA32E0DD2175E1D634C; domain=.clarity.ms; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Tue, 04 Apr 2023 23:15:51 GMT
content-length: 0
X-Firefox-Spdy: h2
count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
54.230.111.71200 OK 176 B URL HTTP/2 count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
IP 54.230.111.71:0
File type ASCII text, with no line terminators
Hash b658a5a578c8434f6f5dd7dea671c0fe
c126e491ef71e7c0565501d8d6f615e8cbfc2b74
52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34
GET /v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe HTTP/1.1
Host: count-server.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript
content-length: 176
date: Tue, 04 Apr 2023 23:15:52 GMT
cache-control: no-cache, no-store, must-revalidate
etag: b658a5a578c8434f6f5dd7dea671c0fe
apigw-requestid: C4BiZiREoAMEJ9w=
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S-XJrmE0g9VMSV6rFTjFBHl49wflidaNlBqwyWtBDM-gElmFqEfVDw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C
13.107.21.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=070EC9A7246B698F03E9DB4E259E6866; domain=.bing.com; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Tue, 11-Apr-2023 23:15:52 GMT; path=/; SameSite=None; Secure;
SRM_B=070EC9A7246B698F03E9DB4E259E6866; domain=c.bing.com; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 072912F6CA5F44D88247101B24D6CF8F Ref B: OSL30EDGE0112 Ref C: 2023-04-04T23:15:52Z
date: Tue, 04 Apr 2023 23:15:52 GMT
content-length: 0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866
68.219.88.97200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866
IP 68.219.88.97:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 16 Mar 2023 17:16:22 GMT
accept-ranges: bytes
etag: "c4b6d572b58d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Tue, 04-Apr-2023 23:25:52 GMT; path=/; SameSite=None; Secure;
date: Tue, 04 Apr 2023 23:15:51 GMT
content-length: 42
X-Firefox-Spdy: h2
y.clarity.ms/collect
104.211.35.148204 No Content 0 B IP 104.211.35.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 114080
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 04 Apr 2023 23:15:53 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 28 Jun 2018 10:17:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/uploads/2021/08/WhatsApp-Logo.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 10:40:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/plugins/hello123/sw.js HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
192.0.77.48200 OK 0 B URL HTTP/2 s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
IP 192.0.77.48:0
GET /images/core/emoji/14.0.0/svg/1f60d.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:51 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.clarity.ms/tag/80x2itprfu?ref=bwt
13.107.237.53200 OK 0 B URL HTTP/2 www.clarity.ms/tag/80x2itprfu?ref=bwt
IP 13.107.237.53:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
GET /tag/80x2itprfu?ref=bwt HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=e4131bc2c1634651a2c417ff9d841977.20230404.20240403; expires=Wed, 03 Apr 2024 23:15:51 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
x-cache: CONFIG_NOCACHE
x-azure-ref: 0p68sZAAAAACtYtUDybM3QbEKaeY/CrPSQ1BIMzBFREdFMDQxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Tue, 04 Apr 2023 23:15:51 GMT
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
103.50.162.157404 Not Found 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:49 GMT
server: Apache
X-Firefox-Spdy: h2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
103.50.162.157200 OK 0 B URL HTTP/2 www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
IP 103.50.162.157:0
ASN #394695 PUBLIC-DOMAIN-REGISTRY
GET /wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:13:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2
platform-api.sharethis.com/js/sharethis.js
143.204.55.116200 OK 0 B URL HTTP/2 platform-api.sharethis.com/js/sharethis.js
IP 143.204.55.116:0
GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Tue, 04 Apr 2023 23:09:06 GMT
cache-control: max-age=600, public
etag: W/"3184b-xStZrNgO3eG9+q9l3cRkzPWrPx0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IUe6hZZZerKt2AEN_raERrUejA9tohG7jdQL9KesqCQZAB7_ecf0mw==
age: 405
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2