Report - heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

Report Overview

Submitted URL
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157
ASN
#394695 PUBLIC-DOMAIN-REGISTRY
Submitted
2023-04-04 23:15:59
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-04-04T18:15:20Z	455 B	167 kB	142.250.74.35
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-04-04T22:18:02Z	379 B	21 kB	142.250.74.142
connect.facebook.net	139	2012-05-22T04:51:28Z	2023-04-04T18:12:04Z	1.3 kB	96 kB	157.240.221.16
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-04-04T20:17:11Z	828 B	453 B	216.239.34.36
platform-cdn.sharethis.com	11841	2019-01-09T19:55:39Z	2023-04-03T20:28:59Z	2.4 kB	6.9 kB	54.230.111.57
www.google.no	25607	2016-04-05T21:50:59Z	2023-04-04T19:45:57Z	2.2 kB	2.0 kB	142.250.74.163
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-04-04T13:13:40Z	3.2 kB	50 kB	34.120.237.76
www.tripadvisor.com	8786	2012-05-22T03:41:46Z	2023-04-03T19:10:28Z	2.0 kB	21 kB	23.38.201.85
y.clarity.ms	unknown	2023-02-13T18:09:57Z	2023-04-04T18:16:56Z	923 B	600 B	104.211.35.148
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-04-04T18:20:05Z	413 B	5.9 kB	34.160.144.191
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-04-04T22:01:39Z	398 B	34 kB	142.250.74.170
static.tacdn.com	10336	2014-12-11T19:22:48Z	2023-04-03T18:15:31Z	1.4 kB	38 kB	151.101.130.83
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-04-04T22:35:31Z	433 B	41 kB	142.250.74.106
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-04-04T18:25:09Z	500 B	453 B	64.233.161.155
c.clarity.ms	803	2021-02-04T00:22:47Z	2023-04-04T05:16:22Z	865 B	1.2 kB	68.219.88.97
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-04-04T18:12:09Z	3.4 kB	8.9 kB	23.36.76.226
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-04-04T18:19:16Z	606 B	238 B	34.117.65.55
code.jquery.com	634	2012-05-21T19:28:02Z	2023-04-04T00:15:20Z	378 B	34 kB	69.16.175.10
www.google.com	7	2015-05-10T13:11:19Z	2023-04-04T21:32:30Z	373 B	1.1 kB	142.250.74.132
googleads.g.doubleclick.net	42	2021-02-20T16:43:32Z	2023-04-04T23:56:47Z	1.8 kB	2.9 kB	172.217.21.162
platform-api.sharethis.com	5118	2017-01-29T12:44:16Z	2023-04-04T18:35:40Z	384 B	596 B	143.204.55.116
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-04-04T18:13:55Z	782 B	2.4 kB	35.241.9.150
buttons-config.sharethis.com	6006	2017-05-04T11:18:15Z	2023-04-04T11:21:12Z	401 B	1.3 kB	54.230.111.11
oneocsp.microsoft.com	1473	2020-08-13T08:58:55Z	2023-04-04T18:13:10Z	349 B	2.3 kB	204.79.197.203
count-server.sharethis.com	11699	2017-01-04T06:02:12Z	2023-04-03T20:04:26Z	506 B	688 B	54.230.111.71
www.clarity.ms	1404	2018-08-22T09:41:57Z	2023-04-04T05:16:22Z	379 B	518 B	13.107.237.53
www.jscache.com	16218	2012-06-02T05:45:44Z	2023-04-03T18:15:35Z	490 B	783 B	151.101.130.83
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-04-04T18:12:04Z	5.8 kB	12 kB	142.250.74.131
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-04-04T18:25:09Z	784 B	112 kB	142.250.74.168
s.w.org	748	2017-01-30T05:56:16Z	2023-04-04T17:21:49Z	817 B	1.2 kB	192.0.77.48
lh3.googleusercontent.com	66	2012-05-22T09:35:05Z	2023-04-03T18:29:13Z	469 B	843 B	142.250.74.97
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-04-04T18:13:50Z	333 B	391 B	34.117.237.239
www.heavenlybhutan.com	unknown	2015-02-18T07:00:25Z	2023-03-18T00:05:54Z	23 kB	360 kB	103.50.162.157
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-04-04T23:17:38Z	1.0 kB	21 kB	192.229.221.95
l.sharethis.com	4794	2012-05-21T23:59:04Z	2023-04-04T18:35:40Z	873 B	407 B	3.122.91.229
c.bing.com	247	2012-05-22T12:26:32Z	2023-04-04T05:16:22Z	486 B	1.0 kB	13.107.21.200
heavenlybhutan.com	unknown	2015-02-18T07:00:25Z	2023-03-20T12:44:13Z	888 B	1.6 kB	103.50.162.157

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-04 23:15:48	high	Client IP	103.50.162.157	ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-04	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2023-04-04	medium	heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware
2023-04-04	medium	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (45)

	URL	Size	First Seen	Last Seen
	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	84 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash fecf798e33f7abf83dcb48aa3f0b8f15 14db8bfc490d48ed6eb4e33a6bb13d39f8e62e2b dcbf0f78627a3697478f393225667707b718cb880c1620d988a598f5ebd07e36 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	112 B	2023-03-08	2023-12-16
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-12-16 12:31:38 Times Seen31 Hash 19c3937333be96ebffcd5efb99f9c031 3ed57d8bb8aa7658ff6a30994e41cb9f31d5a9bc 0c5c780d572dca2e1cf3dc126075151a6e8df0d09f8d78fc99019c54b2ca05d6 Loading...

	www.google.com/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-20
Pretty URL www.google.com/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-20 17:48:03 Times Seen63949 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db	314 kB	2023-04-05	2023-04-05
Pretty URL connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db IP 157.240.221.16 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:36 Last Seen2023-04-05 02:11:52 Times Seen2 Hash 416af2b923360f988b9c6a1df74575cb f7405226c8b960d1354aea71396818dc730271a8 28dad1fe2c5626ae2c371c83e4756bfc4ff2c69a4581f3db53dfe93dc62ac54c Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986	37 kB	2023-03-07	2024-04-26
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-26 11:32:45 Times Seen34454 Hash c5b5b2fa19bd66ff23211d9f844e0131 791aa054a026bddc0de92bad6cf7a1c6e73713d5 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986	5.2 kB	2023-03-07	2024-04-21
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:36:09 Last Seen2024-04-21 12:31:11 Times Seen757 Hash 44701cfb0078345ec1d432f661e33709 0b31dabace05042ee29f5989b0191e7e4072a88f 0f427d0f88a0698c955ff63bf13af4ca80c9b32f218b5e210847450da901a74f Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986	3.4 kB	2023-03-07	2023-10-24
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2023-10-24 11:59:07 Times Seen23 Hash 7fc0f2a754835e99a8ffbd26b6d7de97 a33477eda851e548dcff03014a5f9e92f1ae88b1 74e96d956bb5697d88ac6c4f715bee9c9bc79c34e466cbadae6be2111eb92cd9 Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 23:31:55 Times Seen37104615 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8	23 kB	2023-03-07	2024-03-25
Pretty URL www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:09 Last Seen2024-03-25 18:21:41 Times Seen12 Hash 6568b156990a9cc281edbcfd520e1144 0ad0d5bcf640f88cd1ce75b339757c21b5ee3e65 0df1f7d62263a13e19684a322a0cf45889033f7a83fc6ace824f7be093de95ec Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986	227 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash a7eea7059e6ec3dae416af8218628242 1ca4158594ff05a67170f5ab76e90b9fbb3cff75 6eece3fbdb4769f95c3c71e43696b32302db6418dcb778686edd7e332fd56743 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 4662b9c41cf3a3d3fc8ffd3a0dc8d6a9 50efef9f56112d839fe841609494861472584f94 d06527470fc193f40457743b08f34ed48d404954ffcb3f020fd19ffaed8e850e Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	290 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 11f2283e1c750c1da6332c37c228e260 9d4737fb37702cbb878de00420775c26ff050646 781566367ad976baa8969ad6bf9e0da9b7dba96e31d9fb598bdf85a6696eb178 Loading...

	www.googletagmanager.com/gtag/js?id=AW-10952182701	180 kB	2023-04-05	2023-04-05
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10952182701 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash a646f0ea96a3a5420a46d3580216e555 1f9f6bfa7059a7097d7d97798df83ba9f1e095ea ac0f8d4087e75ae05faac9818311f9d11e03eb6cb100aaa2a63b04c4e403ad05 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	76 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash c6049ee23733acab27282589c2f68aea 0fbb9f5997cbdab7882dd04cd1fc4ee2da6b670d b8917247009ebb885de89942ea8da2e67290c780ee3329725cd62fa5a97a85bd Loading...

	www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c	227 kB	2023-04-05	2023-04-05
Pretty URL www.googletagmanager.com/gtag/js?id=G-KLTY4E3YBY&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash 012c7dc0ff7580c73d8b2142f15d09e5 9fabe73729ab16909f54d10dbb8363e26badd4b0 9fe342efebb9b47d0819706c66e3124267068c075352c2105bd7e8cd1a1a06af Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	136 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 8cf5394d9049dd6e25ee686f24fa2dfa a4ba0ce28631767912f8e095d283830e135cff8c 17e99ef63fefcec20cf375cfe02410cbc64e9623748efc336bb50d424bb49969 Loading...

	code.jquery.com/jquery-1.12.0.min.js	97 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-1.12.0.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:02 Last Seen2024-04-26 11:39:40 Times Seen4948 Hash cbb11b58473b2d672f4ed53abbb67336 66f47b885d587aa9a6c453ae3f2c9a382e5c7ec7 5f1ab65fe2ad6b381a1ae036716475bf78c9b2e309528cf22170c1ddeefddcbf Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	440 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 0130183c1c138771b5e140b838f02d45 6d18d592e74f9d192127fe24777409b9162bb8de 41fea4019aab929879874fc4a82257e127891888d6e60afc5b9e0006de4feb18 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	155 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash a3a0fe1caf653a01f75cba9c8ab9c67c 5ac9e624f11b78fdd4597a61d336428b7069db20 1c5611fe8aab1bdaf27a0e019282f713589cfcf541d347dfa9b95aa170e1bd6c Loading...

	connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022	3.1 kB	2023-04-05	2023-04-05
Pretty URL connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.10&appId=1945376245739022 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash 6646ab22db414b266b50090fbb846f70 e6da8a9f4d33f3158f757b081bc119400bd64f92 e9dba65cfd05acf2ba3f3a66f4162e14354bb7cc1964a7722a1d04d4608400cb Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986	16 kB	2023-03-07	2024-04-25
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:33 Last Seen2024-04-25 01:09:57 Times Seen1531 Hash da941a6e1e1df098744318f6d25ba13a 15f441d0df5a01efc674d62b88c0c95bf233656a 2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967 Loading...

	www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US	15 kB	2023-04-05	2023-04-05
Pretty URL www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US IP 23.38.201.85 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash 183be4e666c9bdad5a56a22af420c858 9a52dd4200fad913527864b0937b1cc808ebcaca 729437881b019512db46eab344eb07d81ce1b928a40c5183b6bad0a18c447475 Loading...

	static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js	15 kB	2023-03-07	2024-04-25
Pretty URL static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js IP 151.101.130.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:03:25 Last Seen2024-04-25 18:37:12 Times Seen710 Hash 9d1a046b5d9f975765a5adc3c8f2722e fd964609d091c301d408e879aa431a2a52e74a2c e94e0140ad5ee0dd772ad05d9ba5cc4cf3e2a1f5d420ea5cb783edbdbdda9f10 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	325 B	2023-03-08	2023-04-05
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-05 02:11:52 Times Seen3 Hash b7a25b8919d62bbb07ca33682a1ed053 2e9e58d8a038393d88dc1ee39920624069454921 6c2c31f52cb8a456975fcbd98f17b12ef7f2ed8ada6f853e6f56fe89d76f844c Loading...

	platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop	203 kB	2023-03-14	2023-04-25
Pretty URL platform-api.sharethis.com/js/sharethis.js#property=5a3603310c3a12001239de22&product=sop IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 16:51:15 Last Seen2023-04-25 18:12:19 Times Seen1021 Hash 8f74409ce64383c19f05ddf14e4b08d0 c52b59acd80edde1bdfaaf65ddc464ccf5ab3f1d d7a1bdec6b5209de5be156a573409f2f9e30488cca22fb380d2234057c7973f1 Loading...

	googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4	2.8 kB	2023-04-05	2023-04-05
Pretty URL googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4 IP 172.217.21.162 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash 247d253c97f7264c5d7c32fa6df5b93e 52a4c3967602a48533462e4eaebaa640dc0010ae f63a5a1575cea89df53b4b0a11bbc87b5fc0547a56dd74d1f20ed9501fc9f76e Loading...

	www.clarity.ms/tag/80x2itprfu?ref=bwt	624 B	2023-04-05	2023-04-05
Pretty URL www.clarity.ms/tag/80x2itprfu?ref=bwt IP 13.107.237.53 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:52 Last Seen2023-04-05 02:11:52 Times Seen1 Hash 36f951718c05656b99e58550e78ba3db fc51c8f8823d03524d22f3cdb49c324b89a950c2 dd6d479a4b6558e1ec59530064018656285c08a4ffb10fc56121bf02dade4a1c Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	158 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:08:29 Last Seen2023-05-13 11:06:47 Times Seen5 Hash aebf4930ad6b1b89e384f946c6a519f4 d9e8db4ee405495358914048b1a6454a1927f183 7ef3b8c3d5640112ebe93f49829cbd3893ba355e6cf6498eebf849a33dbe2553 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	314 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 7d2264c623db9f85c7026ded89332ce1 8b0581df9c85e9eee272d2359cd00fd49615d9f0 6a82739904bc8ba680c1ecb8e7fa96e35d3806b7bc8f75575bb75cdcdd00fa4c Loading...

	www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986	9.4 kB	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen7 Hash d09a2fa35d2925f8c00c657ec546d882 0448e16938b5ced39d61476c9f9a8f1ba611ef56 f2b70decc8610045eb84a80cbf669c3a1e52b2435e7c6fe3703893649001b38a Loading...

	www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986	19 kB	2023-03-14	2024-04-18
Pretty URL www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986 IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:30:15 Last Seen2024-04-18 15:36:02 Times Seen1703 Hash 4cc444663c1e69cb8ac7b909e7192bca d00ddc5b9526193fa99bc3995a6d05f995452ea1 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230 Loading...

	www.googletagmanager.com/gtag/js?id=UA-233581752-1	116 kB	2023-04-05	2023-04-05
Pretty URL www.googletagmanager.com/gtag/js?id=UA-233581752-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:53 Last Seen2023-04-05 02:11:53 Times Seen1 Hash 986863fbb15a5d241496800e11f489db 19a5dbbe12ae435de0d44f5be7902f0be0508e2e 994759afa7b5e8e0311313ddb083eb7f1ffe609030fe10e67cbba1d7ef72b592 Loading...

	buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js	763 B	2023-03-08	2023-04-23
Pretty URL buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js IP 54.230.111.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash d561e09722a4e9a9aab1f41b2c7f9be7 050d4da83989f4a5a65e5293ed8ca2cfaaf91502 c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9 Loading...

	count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe	176 B	2023-03-08	2023-04-23
Pretty URL count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe IP 54.230.111.71 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-04-23 19:46:07 Times Seen5 Hash b658a5a578c8434f6f5dd7dea671c0fe c126e491ef71e7c0565501d8d6f615e8cbfc2b74 52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34 Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js	93 kB	2023-03-07	2024-04-16
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:06 Last Seen2024-04-16 14:06:13 Times Seen649 Hash e7155ee7c8c9898b6d4f2a9a12a1288e d1b0ac46b41cbde7a4608fb270745929902bac7c fc184f96dd18794e204c41075a00923be7e8e568744231d74f2fdf8921f78d29 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	317 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 285677233354e6bc3314aa801b153906 08843186aa460a56ccd0bc935f5d25e59b0a48df 84add2e891aa85cf5778686e3c10c3d892d13c74bade98d89e9a2c8ad1b3fbb8 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	2.2 kB	2023-04-05	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:53 Last Seen2023-05-13 11:06:47 Times Seen3 Hash da4ab96f4457d096616cd318762f7791 cda9004db6c42d47001ef8a96e100e808094fa77 5ccb838e99a5c12fbc0056698f0c31ccbb543fa3b1bfd17d5d489158cd3ab1a9 Loading...

	www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2	307 B	2023-03-08	2023-05-13
Pretty URL www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 IP 151.101.130.83 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen6 Hash 309f508854c65cd4aba2417165dd9231 90676003edc377e88e6695efd87e492aaf25d1e4 01e85ac42ac2db3eaa19e9a392c9a30acca1e17e76e68da2a73bf00cf852e723 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MMC9V55	100 kB	2023-04-05	2023-04-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MMC9V55 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:53 Last Seen2023-04-05 02:11:53 Times Seen1 Hash e01282b64fe6498acce09539a78fe148 205a0814a47fd4a5eb4f73446ce35088a0f8cf0a 61f3cd4d2a214b4b276273d6e12b65ec2ff32dd02725e23ca7852d6f1cd5afa6 Loading...

	connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0	3.1 kB	2023-04-05	2023-04-05
Pretty URL connect.facebook.net/en_US/sdk.js#xfbml=1&version=v14.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:11:53 Last Seen2023-04-05 02:11:53 Times Seen1 Hash 9ac79c447acdbce1617173dcd47e8aac 2ccb570ad287eb39c7baf8ee6fbaa02404f80b33 d58aabbadc101d156498c4649a8bff2b08ee5689bfba320e8ca9149f6aadfe67 Loading...

	www.clarity.ms/eus-f-sc/s/0.7.6/clarity.js	57 kB	2023-04-01	2024-04-20
Pretty URL www.clarity.ms/eus-f-sc/s/0.7.6/clarity.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 10:43:35 Last Seen2024-04-20 17:48:03 Times Seen1466 Hash 5705f8e24923c332c4da15007746b69e f0bbfc3a328663e77cf279550b0a81476146f25a e63cf738c3a577e286765aaa9de59ed4300f6bf8b5d34773d131afd3da456b9c Loading...

	www.google.com/recaptcha/api.js	850 B	2023-04-01	2023-04-07
Pretty URL www.google.com/recaptcha/api.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:09:47 Last Seen2023-04-07 01:40:50 Times Seen619 Hash aab8445ad247d5263f5170f8c7f0413d 198d6ecd49654d182837e03df15f87bd38334038 e283c51e84ce00c1dec14325cc372bfc96528732f94b52d945e34185af6f1056 Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	161 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash d077e03a82bf86d21b930cbf5f61f946 77d7fbaa3f829cb17bddacc17ae80a700320eaf6 d9247e8f2539f5ae91de2ee01e6583da39012112f3c3201f7319920bb5a39d82 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.142 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe	307 B	2023-03-08	2023-05-13
Pretty URL www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe IP 103.50.162.157 ASN #394695 PUBLIC-DOMAIN-REGISTRY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:43:50 Last Seen2023-05-13 11:06:47 Times Seen5 Hash 24c9615b420990184e85d339ce329af0 64b833a695004bc86e4a760480b382206af5427f f8586d7463fb771d4a2dff579bf79770e6bb84c26d7d8b9c09d6af171ed52412 Loading...

HTTP Transactions (134)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a4074549843769a3da3f055bcb5a78ff
f99062d34cf71bda6a9c64061fb9e61008f94021
895e3801806f031611a25bec5652cc1a46dfa76ea6784f5064d859c1a5b9ddf7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "895E3801806F031611A25BEC5652CC1A46DFA76EA6784F5064D859C1A5B9DDF7"
Last-Modified: Tue, 04 Apr 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16568
Expires: Wed, 05 Apr 2023 03:51:56 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e50dac5108a698d61ca49516033d1a20
53d243b89fc00deb9bfae07351bbe36ddb7c1df3
e9e0ad98c485b56fe65ea0a8bc4974fff3f804fcf2d8f6266ada9acd27c7b7cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E9E0AD98C485B56FE65EA0A8BC4974FFF3F804FCF2D8F6266ADA9ACD27C7B7CC"
Last-Modified: Tue, 04 Apr 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11188
Expires: Wed, 05 Apr 2023 02:22:16 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
29fdbcd53b5646cfcdd46510063734c4
85e3ceda5ef130219f4fe8a31e52e2690c8f7d8e
24c27586332c016685e6231fec5836e921048d8aaefbcd4cd6f88969f9d91e18

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 04 Apr 2023 22:16:42 GMT
content-type: application/json
age: 3546
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

280 B

URL HTTP/1.1
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
280 B (280 bytes)
Hash
023ac1b25303dd2b521ec25e1274e490
c44bc2238f7227be4cc63f75c0eee098bc01cd66
634cebac5c21890cbed71111b2342cc5792fe987a2b41bd75c9a6866cbec06e9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	high	ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Apr 2023 23:15:48 GMT
Server: Apache
X-Content-Type-Options: nosniff
Location: https://heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Cache-Control: max-age=0
Expires: Tue, 04 Apr 2023 23:15:48 GMT
Content-Length: 280
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
903ed2d58f1f33d069b70c4b53f1cb1f
0ef89cd6eb79a2ddd74434f9233cf486fffc1142
d8c984b50f04fcdb1ebc99d982502d85193302c85239ee7497666247edfc0061

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8C984B50F04FCDB1EBC99D982502D85193302C85239EE7497666247EDFC0061"
Last-Modified: Sun, 02 Apr 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20176
Expires: Wed, 05 Apr 2023 04:52:04 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: hWCbFEBo+nsul1hvqJfUtukBQTQcdmH5h3NxpH56lX4IfT1TM1aB3M8yt+wyVhoivtJA4bzBAKo=
x-amz-request-id: 62S18JHYFPPG26HJ
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Apr 2023 22:53:23 GMT
age: 1345
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
27326a64990c6f698a83600491674790
a6bdb4743ace6be80673f6899605bf9177a75b69
e4a8d3c3016130e47580098183bcea5ae369697b7907eafd65ac3450dc2eb265

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4A8D3C3016130E47580098183BCEA5AE369697B7907EAFD65AC3450DC2EB265"
Last-Modified: Mon, 03 Apr 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4730
Expires: Wed, 05 Apr 2023 00:34:38 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 04 Apr 2023 22:17:29 GMT
age: 3499
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: P0F+iIoCFcv52bv5kNyGaw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qvR7qRUsZpI6NuI1jAuQxbJXlXk=
Date: Tue, 04 Apr 2023 23:15:48 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
688c7aa7d0fa9f541fdc9e1a2b95e692
60d139080d4de6dee67ea0213209b0df1c0e8b8d
6d22d562b079ea5bd544a234dd1131243528e7f98a1de051e0da334ec6e70f66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D22D562B079EA5BD544A234DD1131243528E7F98A1DE051E0DA334EC6E70F66"
Last-Modified: Tue, 04 Apr 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21578
Expires: Wed, 05 Apr 2023 05:15:26 GMT
Date: Tue, 04 Apr 2023 23:15:48 GMT
Connection: keep-alive

heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

301 Moved Permanently

0 B

URL HTTP/2
heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	high	ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
expires: Wed, 05 Apr 2023 00:15:49 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
x-content-type-options: nosniff
location: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:48 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
98437f675562ae2af8df0fdaf1369f43
c4deaf8e798062e62d94f95268b5164ff40ebced
ee9c92d96eb1f6214f6bf42b234bc144d0cada1746fbd94ee8b595d8b765165b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

code.jquery.com/jquery-1.12.0.min.js

69.16.175.10

200 OK

34 kB

URL HTTP/2
code.jquery.com/jquery-1.12.0.min.js
IP
69.16.175.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32060)
Size
34 kB (33820 bytes)
Hash
e0865bea5b028ce4d913dc4d6166c751
b2df1f4068ce3040ba56512e7fa7674db72f8fcb
0dbb35dfe27885f4ab7cb2f5f3b6894d0fe03f691e4612cec613bd6a74193337

HTTP Headers

GET /jquery-1.12.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Apr 2023 23:15:50 GMT
content-encoding: gzip
content-length: 33820
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-17c52"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680650150.dop202.sk1.t,1680650150.cds002.sk1.hn,1680650150.cds229.sk1.c
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8

103.50.162.157

200 OK

1.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6095), with no line terminators
Size
1.7 kB (1699 bytes)
Hash
807a495302e6eb0e3d2ab42f64c02887
564ea424819ad6206fcc7a5a5467fd0dbd41fed1
c91eef585a2f5367b79656186abeeefe032770a34518a8963e7590cee6f5d0ec

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/css/facebook-review.css?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 29 Mar 2021 04:47:09 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1699
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js

142.250.74.170

200 OK

33 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (65479)
Size
33 kB (33396 bytes)
Hash
a1dbc2376faed4d6de4f5918c679a3d5
a9deb320a96ac3ddd24bb431b2854ff64f789e5e
6c96b4087484f1793973c8bb673eae22e7798be772392a0eed8f5f9252a472d8

HTTP Headers

GET /ajax/libs/jquery/1.8.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33396
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 18:05:12 GMT
expires: Sat, 30 Mar 2024 18:05:12 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 364238
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js

142.250.74.132

200 OK

557 B

URL HTTP/2
www.google.com/recaptcha/api.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (850), with no line terminators
Size
557 B (557 bytes)
Hash
3c03fc06caa4972d216de05b8ed194e0
47ad55ee73d74f61dc5ebd825606e814118bbe3e
fed213f7bcf6ef86e7dbe06d59ece8fcf80213ce468a6c2b8ecc162230b6d70c

HTTP Headers

GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Tue, 04 Apr 2023 23:15:50 GMT
date: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2cd3f434a12d198abeaadbfb321bdac2
2720dbf537a719412e035c7682a738878211ba3c
00e6af13b49d9559588217ac936e87aa82a58da0af42fb03df3a8e04f376586e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-233581752-1

142.250.74.168

200 OK

45 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-233581752-1
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2206)
Size
45 kB (44926 bytes)
Hash
3963446ac651a45b1adf166eb2dafb10
37aa5d847689f98b376a5756b49857427b0a2ee1
31fefe4dd981eb5e385971635941a98d85038baa398dc23d18cbbbf90351e085

HTTP Headers

GET /gtag/js?id=UA-233581752-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Apr 2023 23:15:50 GMT
expires: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Apr 2023 21:08:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44926
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3

103.50.162.157

200 OK

4.9 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (24702), with no line terminators
Size
4.9 kB (4916 bytes)
Hash
ad695865c255bac1b0269376f1b37a27
47b9b7d823d0076d561f77bf79e25cee080995c7
ed6dffe5fc7db84ec0052ea6567fdbdc43502a8f422d80bbbfbfe1c53d5bba52

HTTP Headers

GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 22 Mar 2023 00:20:26 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4916
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

210 B

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
210 B (210 bytes)
Hash
a8f5adb01a17d608468beca934ff9e95
20303241ccbdbd180fd959cdf4c263c258870067
bcdca1820dc365b0a6c38b70739928ffb660a1cee9776ce5682a5feedd2824a3

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 210
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1269 bytes)
Hash
967924886f14c2bf9ea1d320dc4c6c4e
7adfd48f7d7215535dfd7db7a025999ad6bab52d
9d7b368e9ea3c04bf17f94c8080202d0a9ab1fee6e5143840fa5bf0617d133bc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 27 Mar 2018 06:42:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1269
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

5.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with CRLF line terminators
Size
5.2 kB (5195 bytes)
Hash
0a8bd7341207a9042050c53b5e7bac6d
e21aa6bed02c4b6ee4cdc76c2870a737b27add14
6787293b487d3e4dd641e3e0b60b49d508a419979910abceeabac53601865cec

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/royalslider.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sun, 03 Dec 2017 13:28:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5195
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

1.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.1 kB (1102 bytes)
Hash
6fe412ab00fa602fbdff1ebc56c0122f
30a1a170684805d401207dc3c29bbbc16ed5795a
86158384e8fce089c0b8ec4d2cca88be20511262a175da582df15465e464caba

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/resize.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 31 Mar 2021 04:15:02 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1102
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=AW-10952182701

142.250.74.168

200 OK

66 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=AW-10952182701
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2379)
Size
66 kB (66176 bytes)
Hash
29c980773855d8e7a52f6b9fdf0104e5
e8faaeebf000501d3722dbf4faa8087cfaa2792b
ea0127235535a6d8071b1c9b77b7dbe38683d25a93e3d9c29ccd71314eaffa35

HTTP Headers

GET /gtag/js?id=AW-10952182701 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Apr 2023 23:15:50 GMT
expires: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Apr 2023 21:08:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66176
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4741fb0e250c9bcfbf5ecf935786156a
b5ee9286de89da804036335ad071bcdf0bd69b6f
0273c45d6b16ec9f44aef454cfcc190ac3e953899347c346effb38e335806309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

31 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
31 kB (30809 bytes)
Hash
657b200dd483f984c1da25a96cfa5f27
2079ea1d5aeadd95b1b7e9a6f0dad3a56d2f9e3b
bb01566f0fae463c8b380ed797264427caa5d5779f4cdf140d12822d1287e7b7

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/main.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 18 Jul 2022 04:28:59 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
56c71eaf36368e415c26682707de1f4b
11fa3f31278035c07813bf6f17361ac20442c900
a86434a20450dfd2b7787c1759e2e9b502bc89cf579fed44e6e698b27fc90203

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
869fe4a8dc549ffa1023d3adc184e4f2
37b95d88dd3f6f251bb651b130e09b202850033f
9387d0291fa66cc98248bae7724ec34f884c766302d2a99e734585cc591ad304

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9387D0291FA66CC98248BAE7724EC34F884C766302D2A99E734585CC591AD304"
Last-Modified: Mon, 03 Apr 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7138
Expires: Wed, 05 Apr 2023 01:14:48 GMT
Date: Tue, 04 Apr 2023 23:15:50 GMT
Connection: keep-alive

www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=14

103.50.162.157

200 OK

2.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/tablepress-combined.min.css?ver=14
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (6151)
Size
2.8 kB (2766 bytes)
Hash
49008f8f4357ed5325490ed74f7d2c8a
14f174dd3f5171fc4fd4717e7d26b15fcbd61a6f
2b31e6ab094b5e8daed6587ac5e065cc83e77896aed629f58d321c155ec233e3

HTTP Headers

GET /wp-content/tablepress-combined.min.css?ver=14 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 23 Mar 2023 00:20:13 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2766
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

6.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (28996), with CRLF line terminators
Size
6.7 kB (6743 bytes)
Hash
7213a021dbfa18b6ab789d989851a85d
71b427dfe5f56d60224aec1701d6f28f1443b18e
e917493cb9c90fd02626a3e4762d6ae81ebdb7a2d7c4ee58f1ccc970c72c301f

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 09 Oct 2017 12:33:10 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 6743
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8166 bytes)
Hash
d37a005990b494f2fbb22b15e95355aa
6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a
89fb008ff33bc826389dab4b4ae6e54f24800102e5ab4993d541ac1a9d2f91b8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd83b1ff-cffc-4bc4-bd3c-bc6bee996f8d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8166
x-amzn-requestid: c20672fe-1108-40c6-af1f-8c63f2524380
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cr60YHdWIAMFVSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427d81b-7b7c250f5c9862e42bb65d0d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Sat, 01 Apr 2023 07:07:07 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 0JOT4HqAs3-jE9Ab_IYNG52lR4sTPDa7u1T8pF-mzBVJI6GOa0Y5XA==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:12:55 GMT
age: 3775
etag: "6dd60d490f5ee8b5f9c8aaeeca5a7a9b7b6a3a4a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.4 kB (9371 bytes)
Hash
368daf089289cba50cd12298597e78a4
f84ad2d3eacfd5aeefd918838f69fcc962c63e51
7a1b8d38402e819ae571d358a7f9b8e430d02ec622cb0434eedb3788849ffb63

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82e6c3e6-7fa8-45ee-8b20-f057b4f9a87c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9371
x-amzn-requestid: a2353b11-26d6-4e26-bab1-79d407cbfa75
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqE4dIAMFfQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-579eb6016ba594714b5f714f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 7hVSS2Tvs280ZBl1nCT_3KXWGqz0Ep5PUVe7WkoG9xqq6L2A3c6Qhg==
via: 1.1 626ad4a6bf529166d2aad94a2957694c.cloudfront.net (CloudFront), 1.1 ae06b19943a6bad1c1b12b79f7339498.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:53:33 GMT
age: 4937
etag: "f84ad2d3eacfd5aeefd918838f69fcc962c63e51"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

151.101.130.83

301 Moved Permanently

0 B

URL HTTP/2
www.jscache.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
151.101.130.83:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.jscache.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: envoy
location: https://www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
expires: 0
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
cache-control: no-cache,no-store,must-revalidate
timing-allow-origin: https://www.tripadvisor.com
content-type: text/plain; charset=utf-8
x-request-id: 8961b08e-74c9-4df5-934c-f9f8fe440229
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680650150.217834,VS0,VE156
content-length: 0
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6606 bytes)
Hash
20ff30ea98e9f9086ee28d4ac369e938
40aee6f21d4958a8e36bb9e9359a1784bb4e059d
1fa8c56d96a34e8971f580a83ef30b460b622d43ed7486ccb2c317366cb2179c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F79da5da9-3d26-4695-ae7f-58d008a2530b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6606
x-amzn-requestid: 2e52472d-4c31-46af-b2e7-4ffc169c2222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C34yhEGhIAMF1sA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642ca1a9-4f0faa13315fe1e76cbb09a3;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 22:16:09 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: -3eyeauXxMTnrWCD5BX_WX2pakIj6fexjGzeXiTotEkJi7tkQBFFjA==
via: 1.1 b6cdb2111444305bd4957a473b711ad6.cloudfront.net (CloudFront), 1.1 a9e73292d0b92053c3e38dcec15fd0e2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 22:47:01 GMT
age: 1729
etag: "40aee6f21d4958a8e36bb9e9359a1784bb4e059d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5686 bytes)
Hash
9132183080e6510ff7309e59efa59e75
9ce62f7aee64552638ff948e89b2ddf4f20bdff7
b888ab47550e87b46ed8377a0a6e8679fda7b2751473827bcba328aa4ce207ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74ab7a15-f867-4797-989f-7adeb80e9c1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5686
x-amzn-requestid: 3900b1cb-78c9-43d6-9c98-6f00d8635e3b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CooSOHAaoAMF6RA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64268741-002861655352e48c6a833c80;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:09:53 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: XPqgiYowyfmy22TeKddE1Q7KybhFQNNaBi6XE7HRoCW9gWWIb-kVHA==
via: 1.1 50cc3f0b039433daebdf343a3f4489ae.cloudfront.net (CloudFront), 1.1 8cb7de37a1655236518810d0aabb8656.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 19:58:14 GMT
age: 11856
etag: "9ce62f7aee64552638ff948e89b2ddf4f20bdff7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3500 bytes)
Hash
0c14dd9bfa7f1f37c711973900dbb5af
c8dea8f9cafcf7d108c93156f40537e78f7da88f
b99050909eb528f9c22201ed2f0f185edbb1f0b1e16631ef21dca72433e1e05d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77527c77-7214-4edc-ac50-c610366aefd6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3500
x-amzn-requestid: 5626e00a-90a4-42c5-bcbd-1ec24decfa47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: C3yqqG0_oAMFTcQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642c97dd-16eb602d2ac30b2521cc8165;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Tue, 04 Apr 2023 21:34:21 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Q-yoSHYZcCHlnNSX3Gyzw6wLmH6Mr2z9WR39wfa8lgEVJhh5rPE6_A==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 ef8f66c83aecd87910ce2e1153544a20.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 21:35:57 GMT
age: 5993
etag: "c8dea8f9cafcf7d108c93156f40537e78f7da88f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9667 bytes)
Hash
dd12555800d3b88954dfea270dc2e42e
1ef8b33524eacd8ea134937f55b2b4c704215992
0da83c486b906ca380982c4006e5b6d9235863056fb43945d74b55453ba07e8b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e436c7d-e108-4689-b94e-5ff6e0dfdf0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9667
x-amzn-requestid: 688e8919-43f5-461e-8fe2-c37f9d9d4771
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CoomuG7gIAMFWMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642687c4-4f0b41fe5abeb8af44317551;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 07:12:04 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Eg7iFXrRmw7NlzCTZaSqetbmBptwCFtp7h2ZIWf_on4gPlXUQp_2fA==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Apr 2023 19:58:14 GMT
age: 11856
etag: "1ef8b33524eacd8ea134937f55b2b4c704215992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png

23.38.201.85

200 OK

6.7 kB

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
PNG image data, 336 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
6.7 kB (6689 bytes)
Hash
94e8c1fd1a7fc695af3d4e0ee15999d2
687f1c33739b9b64832a90876b7fcfed46f5c529
5e3adb4d54bcbc57e019efdf0a413ee8631470c53a2a23e7cf276fbe1bdef6c6

HTTP Headers

GET /img/cdsi/img2/branding/tripadvisor_logo_transp_340x80-18034-2.png HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 05 Apr 2023 11:15:50 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/png
x-request-id: c76ec274-fe13-42a5-8a3c-29f9fd8d01d7
content-length: 6689
date: Tue, 04 Apr 2023 23:15:50 GMT
set-cookie: TADCID=KRLPj1nynW49WHFSABQCXdElnkGETRW-Svh01l3nWnSjIA0fljcinEiNps8nr6fQw85Gdr3ylA0btM2tvm3AFtTZ8p7Sv7oLXRM; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:50 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A47DCjwo%2BLM3k7nWhzVPS6nS%2FfUSW5NQqRclv76nJbQA2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:50 GMT; Path=/; HttpOnly
__vt=BDkxGElm-X38xpg7ABQCwDrKuA05TCmUEEd0_4-PPCSAwA6_mTVoPFJdXxjUey0lYpH1pk17fllzYeKpP6zH8H5-_XWvcWEc0DJgPrE7xGzDqjvXmdbOpFK4EaTzdWqNHJyTGaHNorU2eYXBxWK7Tcy4rA; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:50 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.0C8230F25BD947D02DF6BC649AEF093B*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=B; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2023-04-04; Domain=.tripadvisor.com; Expires=Sat, 03-Jun-2023 23:15:50 GMT; Path=/
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3

103.50.162.157

200 OK

3.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (11263), with no line terminators
Size
3.1 kB (3051 bytes)
Hash
51c75ba5a9163d96efde16b2702385e1
a7562e7da4ccca3b2a3788eb96e3d962aa2eace7
13167fe3f53391caa833d40793f29d744e995a09990722c71627de0d91de8bdd

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/css/google-review.css?ver=1.8.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 27 Mar 2021 05:10:29 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3051
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

14 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (32003)
Size
14 kB (14315 bytes)
Hash
90b602e96dc8686ce38d4716c58e7284
701fb82d49244c5ebc04414adee026021f3a251e
d390d1917f2110b49e28e8f78523b3d72c333ef332f4759501e37d1113e92625

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/bootstrap.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 24 Nov 2015 19:34:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 14315
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

9.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (484), with CRLF line terminators
Size
9.4 kB (9390 bytes)
Hash
1a00aae64e3669cbb6f7f4da1b2093f4
3dd8365cc3010850be912c02402a6a1a6cdc316b
8a1696e586703108bcf0b7d5e4b29a4dc44f560db077aca88e4105a2dc3d6844

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/jquery.mmenu.all.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2016 13:57:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 9390
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png

103.50.162.157

200 OK

1.6 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/img/avatar.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.6 kB (1641 bytes)
Hash
e876c7268acd72c8475b7d0c2534162c
83cac186c0ebc22bbd94e4258d3b9f89bfdd93e0
6f0b5cf3682fa65fa3abc8de286e2cc8a2335b4f13b617ecc8e7e1b4c78bc697

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/img/avatar.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:23:43 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1641
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

1.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.8 kB (1845 bytes)
Hash
d0681317b0b8f966b7285bdc2aeae277
a6240b58e048482b676e00e2d7ef33c2f9ea4145
efcc620e18e485ac4c40d4bc54d7927a5d2a901dcd43d452fff0b67f18a7650e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/main.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 May 2020 07:16:22 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1845
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png

103.50.162.157

200 OK

3.8 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.8 kB (3770 bytes)
Hash
9eb77fc94de44ca81098297eafa71267
e5f706259e39b76cf62aa9f0e4f8c928cc31173b
72cb50ae5802da4c1ae2b84eec4e6930405d132e676b0b6597d24b413804ff4e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/l-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3770
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1270 bytes)
Hash
236b893cd98b54dcb08404e1528e0b1f
1d37376aa3654fbdc995bdb3364f514623fb1860
865643694d61d92f91d3a361cb2a74da85a5e04869ae789ab583e2d81e8c1bf6

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/owl.carousel1.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 05 May 2020 07:24:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1270
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2019/11/facebook-review-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1453 bytes)
Hash
9f96c4202ffbe12fb4d7bd331cd76ec1
3bdd87b1bd0f76c7443f5e423956408eed3a3860
f7ffe7691ac1cf2ef7d64a5ad72d632e39d5b54ece90f2e5051d09de6a9d6476

HTTP Headers

GET /wp-content/uploads/2019/11/facebook-review-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 10:25:23 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1453
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png

103.50.162.157

200 OK

3.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.1 kB (3084 bytes)
Hash
3001ee7b4b2e6d4f72a8c15e833dc94e
7a4e50c47588cd3dbcb0dc37493ffea19048ca19
3f1f1f4cc42a985635913435111a836e7d35773ac94b8308c8a92018ef6b01b0

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/bh-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3084
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png

103.50.162.157

200 OK

3.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
3.4 kB (3442 bytes)
Hash
64d8e2b9d3c9a5d91014879ac7e19b1b
4511e9bea60d232d0a25cb120708764aeac63284
28e7b2c026d1adc94d152b8e50dedca32245d43476a70bdc26e679e2b162948d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/druk-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 3442
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png

103.50.162.157

200 OK

2.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 144 x 18, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2194 bytes)
Hash
fd24547c88cf7fa5f1c58c0dfad6d4b7
e07b978e1e901c9ee6c6b8799f541f68a7ae7753
323e547899c863adfb3f0ae96d7e6c7ccf147a425653d29a7b6c68132798b5a0

HTTP Headers

GET /wp-content/plugins/widget-google-reviews/static/img/powered_by_google_on_white.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 15 Jan 2020 09:42:41 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2194
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8

103.50.162.157

200 OK

4.2 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (566)
Size
4.2 kB (4235 bytes)
Hash
2cd208e374b2cfe6ef4a6b635763f557
213b7d514e751ec2dd0732943d5329c559f7945d
658a4d4dda5ecb6f50e80dc35818551fcdc895d771b1ca33df0ca5ba2d791250

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/wpac-time.js?ver=1.6.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4235
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/02/google-review-ico.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1462 bytes)
Hash
00995660effd64403d80003b82cb91f4
a3e2d1b5751946e79f0deaa51e46d4a9cf2d7d53
1c08cf5a927fc42729c530e44ff2fe003ec0ad2f757f9d7fa1c169e3b65f92ce

HTTP Headers

GET /wp-content/uploads/2021/02/google-review-ico.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Sat, 20 Feb 2021 05:56:07 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1462
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png

103.50.162.157

200 OK

1.5 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1530 bytes)
Hash
812a8ca3bfaf6470c1df6440236656a3
e9834f19e6680485977881875c5f56a27f81f415
a56e486cba71dd18706fb0616851a458d044b6e779b8e8d29b4ce6f134d0163e

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/viber-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 11 Nov 2019 10:55:16 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1530
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

2.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (4991)
Size
2.1 kB (2142 bytes)
Hash
7709d149d74f9f8672bc2634ae80854e
7c47e83c1c8a31fb4cdef3a045960801bbc09f9a
f6c020cfd458ba4f998e07401853518cf27d27e9841de43d4bfd78e6b59bcafa

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/blazy.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2142
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

1.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text
Size
1.3 kB (1338 bytes)
Hash
051b85ffbfbffb06086f46ee3d10d64f
2c482cbf5506b08adfb85e3eac90efc92c1f4bda
c5ca6532d1dd7294a3745bf288c552474bb264bc1e2d913af09f26405cdd69e1

HTTP Headers

GET /wp-content/plugins/fb-reviews-widget/static/js/rplg.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 04 Feb 2020 05:45:25 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1338
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

7.1 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with very long lines (14856)
Size
7.1 kB (7080 bytes)
Hash
25ff635e4eac54a25b43a6678c0ac374
dca3ba9f3acfe4641ff899e00777f8ce21a47353
9f0a810379d2839d367899bffce144a24f2e0401f5ee036a8ff9d235ab8d0abc

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/vendor/modernizr-2.8.3.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Tue, 12 Jan 2016 13:12:52 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 7080
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png

103.50.162.157

200 OK

4.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4728 bytes)
Hash
0ff5cfc35d1d8041d820059e9fa17d10
83cf1c59fc31fec116c65d0ac5c1058415cb87fd
f5e95693cd8f040b5d1af4d6f3b22d4718f9dc1ab1f89d514e18514dc925b12d

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/abto-icon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 29 Jun 2018 10:46:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4728
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png

103.50.162.157

200 OK

2.7 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/site-icon-e1658727344127.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced\012- data
Size
2.7 kB (2702 bytes)
Hash
e036f9dbd0e59aaf0f1d0d86d599a3b7
3908447e6f5e97b3775073f0fec276f13c484f56
8ca083d7f6a3b34b391ad095b185e99c6cfaa07ce6219aea09d504ecab0202c8

HTTP Headers

GET /wp-content/uploads/2022/07/site-icon-e1658727344127.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 25 Jul 2022 05:35:44 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2702
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

5.3 kB

URL HTTP/2
www.heavenlybhutan.com/wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
ASCII text, with very long lines (15718)
Size
5.3 kB (5344 bytes)
Hash
5b746d0cd5584b8c5f3681f52e1cc25c
a385a8bab45776cc493297a099df45db9852c15e
a99e7e9b42520feac7b6c1c16fca81bdaa227cc891b4a76303709347aee823e8

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 5344
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2

23.38.201.85

200 OK

196 B

URL HTTP/2
www.tripadvisor.com/wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (306)
Size
196 B (196 bytes)
Hash
b3d94b71ff0e248b444852a9ce3ad6fa
ad407449bc9c1a13dad988d6613c166250f19b26
2e6bc6af4b480098eb144a92296372b6ab0a4092af99d5a626bcea9c7a0ac17c

HTTP Headers

GET /wejs?wtype=cdsratingsonlywide&uniq=930&locationId=12377388&lang=en_US&border=true&shadow=true&backgroundColor=gray&display_version=2 HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
vary: Accept-Encoding
content-type: application/x-javascript;charset=UTF-8
content-encoding: br
x-request-id: 3e09bf36-beda-4c7b-a6a1-f5c83ed50b0a
content-length: 196
date: Tue, 04 Apr 2023 23:15:50 GMT
set-cookie: TADCID=ZNa2CZsIV4LHyAXuABQCXdElnkGETRW-Svh01l3nWnSjIMBKGdVb3mw2wu-j-8dQIohmJbNJpkFzH4cPIu5P7Ach47fyepGyxLc; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:50 GMT; Path=/; Secure; HttpOnly
__vt=Yco934nMYXaiivZHABQCwDrKuA05TCmUEEd0_4-PPCSAwCvmix-FdP7DLcCiRVHA8uOnG219VCD3iQpka53abJnqqfepEX1fElVICGGfLevt86O-AvUAuwKIpxDWhtHtAmV5-_Socdq4ZIJ6mbzJ5dz2; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:50 GMT; Path=/; Secure; HttpOnly
_abck=F4DC26C9F48BE498E9B0E5B1037B2DE0~-1~YAAQBk8kF/YGAA+HAQAARiOOTgkHkvI6pZvYfu38nYwQqWbVjs/gw35Nfn/F1PALK5Wd2fEQaJbAwRwBQNOqR2oy/GKfQ0RmwOlkJPUGV0ZU08bvysOeN1VZIvMDBz5u1RAcb8oN0qyWiwONT4OFi4Cjwy2BmKEYVg2LotV4eiSftGqQTnwKQds6cCoM4qkMZoWolp0tCVcncMw2fV1j9NdA1M5e9ZIIa7n7DSxN3xc9s1KDEOvjIbNYfq3hWCSsLUbFsTQGCIQXa+1ucSkzffLR20h/+i7UpQ1j4AjE1qSf9MVJVKFIONTu1i2yI9K2wxt9K9cB56PKvTsNVOvLqCoj3Dt+9m3N5/R7tmvJqlMgXGkUyQt6EXBXG/ihXxRhtMo=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 03 Apr 2024 23:15:50 GMT; Max-Age=31536000; Secure
bm_sz=66386B5D37958F8CED06529DFEF0D011~YAAQBk8kF/cGAA+HAQAARiOOThO/h+DYTy/iYp8BkC7ozcdEJ5sggkNGqqXaFWzNYH6ax6/GaVhTtEMaZSYMa3a5ILQqt+00U+bWxqlwxg8Ahbt4cbT4gm7N3stnvLIER6IaRPoIDbZU/xQYfeXFvhrKS7xkbPuzirD9TUOtsP7uMGT+VShLKz22FYPvulCla8ikACdWURpegZxcJy4H7TgWWFTrzCFe+9BNyboCV3m6hP7BlCeqCaHdN/ZcrfY/KJFsAs8uOGU3dHetm1X5PIXHjXWwTFaDhAbx1pD2p31Jy57rgCVXYg==~3224133~3621680; Domain=.tripadvisor.com; Path=/; Expires=Wed, 05 Apr 2023 03:15:50 GMT; Max-Age=14400
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

127 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
data
Size
127 kB (127272 bytes)
Hash
0096634718551fb6f155f9b18bffa16d
edb14a03b6739cf84ac38255f664a61eddae4244
c8f42a7084c4c5afce24deff96b34150c22a978aea681e46ebdd152249c5d661

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/js/plugins.js?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Wed, 27 May 2020 07:53:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9209152015bce63ee2d21cc0d966532
7fb6b50059f25e76e0acd9f8ced75095ba7474fe
e3d734e1657051dfd33351e97078cf4e5210332ac63e0b104ff73e913011f024

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3

103.50.162.157

200 OK

72 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
Web Open Font Format (Version 2), TrueType, length 71896, version 4.393\012- data
Size
72 kB (71896 bytes)
Hash
e6cf7c6ec7c2d6f670ae9d762604cb0b
97e438cc545714309882fbceadbf344fcaddcec5
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/fonts/fontAwesome/fontawesome-webfont.woff2?v=4.6.3 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/font-awesome.min.css?ver=7a22247de8db3271f3bf8573be10e986
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 13 May 2016 11:44:26 GMT
accept-ranges: bytes
content-length: 71896
cache-control: max-age=0
expires: Tue, 04 Apr 2023 23:15:51 GMT
vary: Accept-Encoding
content-type: font/woff2
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US

23.38.201.85

200 OK

3.5 kB

URL HTTP/2
www.tripadvisor.com/WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
3.5 kB (3520 bytes)
Hash
6fcc7ecb1672cb601678d5594fa35e75
2431b4372aed8683468ed88b9c17994a12270b98
05669e91cc6864910417b72adcf8332dcb1d7749075ff513aa6362a4ab562ffb

HTTP Headers

GET /WidgetEmbed-cdsratingsonlywide?border=true&backgroundColor=gray&shadow=true&locationId=12377388&display_version=2&uniq=930&lang=en_US HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
vary: User-Agent,Accept-Encoding
expires: 0
cache-control: no-cache,no-store,must-revalidate
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
pragma: no-cache
timing-allow-origin: https://www.tripadvisor.com
content-type: text/javascript;charset=UTF-8
x-datadome: protected
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
content-encoding: br
x-request-id: bd124498-f172-46a8-8ddb-2fc041cc00af
content-length: 3520
date: Tue, 04 Apr 2023 23:15:51 GMT
set-cookie: TADCID=eXeukjl0doqDBlliABQCXdElnkGETRW-Svh01l3nWnSjIJNf_jxAKnlvMX-51JfhClplIjBgQajJE8ycoaB2_ioOh4ZUpIMKZfU; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:51 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3ApJ2haVufrc7k7nWhzVPS6nS%2FfUSW5NQqiVv9a7YXHKU2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:51 GMT; Path=/; HttpOnly
__vt=X6nUXbliUU-SqLkmABQCwDrKuA05TCmUEEd0_4-PPCSAwD9jm25Si9LqsgnEYRtkWQxtjm1QvEkYyKlSA-OnV75mXA_1B1Wh3F9VfTMRggQjpLxxWHbFjcV6L0ZcR21xlW_qIUgdZMBIXXi5xm0bTEMmlg; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:51 GMT; Path=/; Secure; HttpOnly
TASSK=enc%3AALnQilJiJLEhy18eObnnQ%2FqR3NzZwGpXFoixV9bhRm4FVOqv%2FbJzIBSsTLwvm0BcU5Y7x6%2Fsb4xfI%2FxfuCwpA5iKn%2FOpbjka9ODPAku4sEHjdEKZFAPzkj8SMZVcchtd%2FA%3D%3D; Domain=www.tripadvisor.com; Expires=Sun, 01-Oct-2023 23:15:51 GMT; Path=/; HttpOnly
TASession=V2ID.86A2ABB9903B4E11B88E373F98113600*SQ.1*LS.WidgetEmbed-cdsratingsonlywide*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*DF.0*TRA.true; Domain=.tripadvisor.com; Path=/
SRT=TART_SYNC; Domain=www.tripadvisor.com; Expires=Tue, 04-Apr-2023 23:45:51 GMT; Path=/
ServerPool=B; Domain=.tripadvisor.com; Path=/
PMC=V2*MS.28*MD.20230404*LD.20230404; Domain=www.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:51 GMT; Path=/; Secure; HttpOnly
TART=%1%enc%3A5O51oc1T0uolg5Y9CBYbj%2BtobdW8LP1EizgyjhE0rBLus0xUPA8RXUtst0CCkD%2FCyx9HjuV9fk0%3D; Domain=www.tripadvisor.com; Expires=Sun, 09-Apr-2023 23:15:51 GMT; Path=/; HttpOnly
TATravelInfo=V2*A.2*MG.-1*HP.2*FL.3*RS.1; Domain=.tripadvisor.com; Expires=Tue, 18-Apr-2023 23:15:51 GMT; Path=/
TAUD=RDD-1680650151222-2023_04_04; Domain=.tripadvisor.com; Expires=Tue, 18-Apr-2023 23:15:51 GMT; Path=/
TASID=86A2ABB9903B4E11B88E373F98113600; Domain=www.tripadvisor.com; Expires=Tue, 04-Apr-2023 23:45:51 GMT; Path=/; Secure
datadome=3cuE_rfR4HrGX4U05KWRmYKqT~jJwnpdqbIsLmFTsK~DrzQ14AUytTV2KEntIF0GsMrpGXjMOJcMzXd8B4qIqShaPK60ridscNKal4tQ91n2L4~~iPW-aBP4L2JAv7UW; Max-Age=31536000; Domain=.tripadvisor.com; Path=/; Secure; SameSite=Lax
_abck=09512C99B36C5B64D035378D1C2E5918~-1~YAAQBk8kF/8GAA+HAQAAniWOTgk6qw6U0qYYbNneP2Mg92OA9cI/ifjOV/rykOJOCxEZ1H1W6P0vKPGBj7G2mZwNQCVdJOyn8I1stb6/RBArZWQLpdO6L7V2Bg0xbBi26B9HELuKrkbx0sqk73G8UNClLl1Gbxg5IVgZkCo9LEac0T+TqDql5ApFbiAmiUURtn57AFU578lMETE3160FH/kBE73ZHsFXrb31Unvb76pHpnbo4Zb5o4mToa7IFzOKrytRdCag6adWqtgEe41N1JjCzuYnpGWohmntgBuPao0vVhvdL37H7Gz4NJZL4SWsHp/uMijDMVKCRZGISgNfNcNV4SAqPqoR59T2/vuPw7OWfF0gSph9JaQGvv3jCWORlPU=~-1~-1~-1; Domain=.tripadvisor.com; Path=/; Expires=Wed, 03 Apr 2024 23:15:51 GMT; Max-Age=31536000; Secure
bm_sz=0D791C7E81DD1A96FEDC885897E9ACAF~YAAQBk8kFwAHAA+HAQAAniWOThPzmMG6G8oItXef2eRIU9MxqEB3+r9dSl3OeVrIkGKUacqAGZF7s55TvM0sp2isz9bOQTGWgCmr/RwOmuX9XtC9Gfo3TdzSX0nrS6NI2B5dtGUyzzI6wf4oI+AZVNe5F3dWohSYF+8YXIuDpH7Hz4x4KM8qDLLVwcVQEO0jiAR0BVcLkanLhjabMpBmMquLRw3pmCGrL07lrs4jh9j53yWggv+kaUc+Y5BZNj2A2d+3QlUbA1n5Kpz0cKmYZS851XGXLlELK0x7iOKR/CPhqM8w+SSSgQ==~3229241~3424562; Domain=.tripadvisor.com; Path=/; Expires=Wed, 05 Apr 2023 03:15:51 GMT; Max-Age=14400
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css

151.101.130.83

200 OK

5.2 kB

URL HTTP/2
static.tacdn.com/css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css
IP
151.101.130.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (26406)
Size
5.2 kB (5223 bytes)
Hash
2bebc92408db559342738534ba508a09
ad3717b8c14ce6a6b74ae549160e34e2ee585d16
57f3c4daa2137aa7d96ad39235c7135c84e1d41ff9764cbcd9221dc342eb3a7c

HTTP Headers

GET /css2/build/concat/t4b_widget_ratingsonly-v24139938417a.css HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Thu, 09 Mar 2023 12:33:43 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 08 Mar 2024 20:04:20 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: text/css
content-encoding: br
x-request-id: 2a35c69c-a837-47ba-ac6f-d462da7064af
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:51 GMT
via: 1.1 varnish
age: 2257891
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 2114
x-timer: S1680650151.401879,VS0,VE0
vary: Accept-Encoding
content-length: 5223
X-Firefox-Spdy: h2

static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js

151.101.130.83

200 OK

4.8 kB

URL HTTP/2
static.tacdn.com/js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js
IP
151.101.130.83:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (13794)
Size
4.8 kB (4837 bytes)
Hash
fa97be86b93aacf79dcad215a94f2b85
e1c90e4f202b3fea3f410ba3d4052a88b072f297
927c614417397c766404de130b1110f1044a693866ddce0b19c04acf0345780f

HTTP Headers

GET /js3/build/concat/widget/cdswidgets_m-c-v22480917520a.js HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Sun, 26 Feb 2023 12:32:58 GMT
cache-control: max-age=31536000, immutable
expires: Fri, 08 Mar 2024 20:04:16 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/x-javascript
content-encoding: br
x-request-id: cda7d17f-d95b-4630-bc9d-0d2bdcb82901
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:51 GMT
via: 1.1 varnish
age: 2257895
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 6812
x-timer: S1680650151.402253,VS0,VE0
vary: Accept-Encoding
content-length: 4837
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1

103.50.162.157

409 Conflict

83 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
HTML document, ASCII text, with no line terminators
Size
83 B (83 bytes)
Hash
26267cd8990f15d3bbea71684a6d5995
ac3b38cf3fe0e112bb6aeb7e05226b7133575d93
769e8ab745a0fe4bf811036e75a8630e38c50a18cb3e24d539ce4a0722c7c85e

HTTP Headers

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.5.1 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 409 Conflict
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
content-length: 83
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.142

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Tue, 04 Apr 2023 22:05:12 GMT
expires: Wed, 05 Apr 2023 00:05:12 GMT
cache-control: public, max-age=7200
age: 4239
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1

172.217.21.162

200 OK

42 B

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Apr-2023 23:30:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4

172.217.21.162

200 OK

1.3 kB

URL HTTP/2
googleads.g.doubleclick.net/pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4
IP
172.217.21.162:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2813), with no line terminators
Size
1.3 kB (1297 bytes)
Hash
4602d9b35650b5f3523d0949c3b4c389
587fc19e14962f6d8705cda1c15f3b6053aaa11f
435b6320f08a534eb297605eecb7ab0176a48a549fd6e5aab3823705c026ca55

HTTP Headers

GET /pagead/viewthroughconversion/10952182701/?random=1680650151298&cv=11&fst=1680650151298&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&hn=www.googleadservices.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&auid=650139808.1680650151&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 1297
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 04-Apr-2023 23:30:51 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/2764.svg

192.0.77.48

200 OK

368 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/2764.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (368), with no line terminators
Size
368 B (368 bytes)
Hash
0483f2b648dcc986d01385062052ae1c
61bd815f1497863265a76d92623042835e5e7fe2
09a743ee0c32ca57c9be64b13b29c396310d1dd309cb4d7d3be722e47db95f27

HTTP Headers

GET /images/core/emoji/14.0.0/svg/2764.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:51 GMT
content-type: image/svg+xml
content-length: 368
last-modified: Tue, 12 Apr 2022 03:47:50 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png

103.50.162.157

200 OK

1.4 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-32x32.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.4 kB (1373 bytes)
Hash
66bca48be9ab9ade409124603161521b
e7302b18db5561118e775c33943be87b774e45f2
301f6b6efef20378c0c2f98586c9f73a05bfb0db528a4e4c41c6fd239a74da5c

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-32x32.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151; _ga_KLTY4E3YBY=GS1.1.1680650151.1.0.1680650151.60.0.0; _ga=GA1.1.1195200102.1680650151
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:51 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1373
content-type: image/png
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png

103.50.162.157

200 OK

11 kB

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2022/07/cropped-site-icon-192x192.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (11430 bytes)
Hash
e10502927cb3f23b202e7cb82fc07796
64454b2191829153b92a11424ab3765832d63f0c
73bed124aa35379906624895beca4c6853d2c3933ab334dc04ff958c4bcaf16a

HTTP Headers

GET /wp-content/uploads/2022/07/cropped-site-icon-192x192.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Cookie: _gcl_au=1.1.650139808.1680650151; _ga_KLTY4E3YBY=GS1.1.1680650151.1.0.1680650151.60.0.0; _ga=GA1.1.1195200102.1680650151
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Mon, 04 Jul 2022 10:14:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:51 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 11430
content-type: image/png
date: Tue, 04 Apr 2023 23:15:51 GMT
server: Apache
X-Firefox-Spdy: h2

lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg

142.250.74.97

200 OK

338 B

URL HTTP/2
lh3.googleusercontent.com/-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
338 B (338 bytes)
Hash
36f4c583b5b07b9a2dc6ff8475c01140
aec7344593dd0eb2720ea38e8f4e8c1ebbb14a6b
91f5ccaee89c9e29a27400e61f0ca916976b92bb63ba3f4c894e1a24c7095cfe

HTTP Headers

GET /-8hepWJzFXpE/AAAAAAAAAAI/AAAAAAAAAAA/I80WzYfIxCQ/s50-c/114307615494839964028.jpg HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename=""
x-content-type-options: nosniff
server: fife
content-length: 338
x-xss-protection: 0
date: Tue, 04 Apr 2023 20:12:12 GMT
expires: Wed, 05 Apr 2023 20:12:12 GMT
cache-control: public, max-age=86400, no-transform
content-type: image/png
vary: Origin
age: 11019
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
6a7db5abefd460ab737ba19d6233468c
eb119f0e1418e3627a9c24d12b543ea00e1cd53a
d88a1df68e834418ba42c02a8ee6a271eb77c262ae5f45e7a773e11d71b38ce7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6411
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Last-Modified: Tue, 04 Apr 2023 21:29:00 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

192.229.221.95

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
6a7db5abefd460ab737ba19d6233468c
eb119f0e1418e3627a9c24d12b543ea00e1cd53a
d88a1df68e834418ba42c02a8ee6a271eb77c262ae5f45e7a773e11d71b38ce7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5793
Cache-Control: max-age=140632
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Etag: "642c1b5e-1d7"
Expires: Thu, 06 Apr 2023 14:19:43 GMT
Last-Modified: Tue, 04 Apr 2023 12:43:10 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1&z=1947258664

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1&z=1947258664
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1&z=1947258664 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ac47ef385bc7c524ed803b880454fa3
601c9bf2d242f6d26b2826836dca3bf73dcddbb4
83011803363383f94f0f96505cad7316f969cc42e465ecd2fd077322aa2ec88e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

connect.facebook.net/en_US/sdk.js

157.240.221.16

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1685 bytes)
Hash
d676fc7f2772c60a84d14608e20d9192
ee63ce3b808bc9a6f52e656ffcf8b358563392f6
d1931db4efbb9e4f1b71f264c9e4383f166adbe58828d303d860a4775ae12766

HTTP Headers

GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 9ac79c447acdbce1617173dcd47e8aac
etag: "294b56243e9a25a259720ed86a2e52db"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 04 Apr 2023 23:25:52 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 1nb8fydyxgqE0UYI4g2Rkg==
x-fb-debug: sV+HC8ucKeI1HQGSsM81YoJmASJUKKBBQmUNNfxpLsLzZR5Erxobx5u/lD2TU9cVKtfPssuy5xmqf0n3VI6IpQ==
content-length: 1685
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.no/pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pagead/1p-user-list/10952182701/?random=1680650151298&cv=11&fst=1680649200000&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4050092488&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

connect.facebook.net/en_GB/sdk.js

157.240.221.16

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_GB/sdk.js
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1957)
Size
1.7 kB (1686 bytes)
Hash
951b1538ecde6789756c9b56bc05e3f3
7bf9d1c985f4a7275c7c7ecb34049e33ddf41ecb
985895f6630ce5fa03ce5fc693cf367bf67c6af6817b15a5ea9dbecf6823152c

HTTP Headers

GET /en_GB/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 6646ab22db414b266b50090fbb846f70
etag: "95d8b4cc86ccb1881113d0f86f13cbd6"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Tue, 04 Apr 2023 23:28:19 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: lRsVOOzeZ4l1bJtWvAXj8w==
x-fb-debug: j/AzBaOYBOvx9x9EE+ce6HYby4SSnKGf4MPheOOXMxbJd0YqOrbR0hF3w5iGodLaHEab/uH3QOZkC4Jr6Bxgfw==
content-length: 1686
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
52cf7892de6cdf242185d850568a556a
c81784fa4cbafdb0aeaadc6698ba4b1b31750358
708e5977583e24c30bdbbbfd5d59e7c8adb7771162e54672b59dfd8e1a8d0ed3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js

142.250.74.35

200 OK

166 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (582)
Size
166 kB (166464 bytes)
Hash
b81d6636c3ad72c63e532e5180eaf7f9
ddcd059999fff6218e98af62dbe3fa9c885a0de8
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

HTTP Headers

GET /recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166464
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 09:29:05 GMT
expires: Wed, 03 Apr 2024 09:29:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 28 Mar 2023 00:02:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 49606
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
274780afcb4fbc5f81feba1c5d99add3
c26412d591486507f86c9c310a2b1cc62ddd8e76
2baa6a831f9856ee6b02859c3681a5a0d0e9dc361c60d04580b9f893fc06802c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0

142.250.74.163

200 OK

63 B

URL HTTP/2
www.google.no/pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26

HTTP Headers

GET /pagead/1p-conversion/10952182701/?random=1680650151307&cv=11&fst=1680650151307&bg=ffffff&guid=ON&async=1&gtm=45be3430&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&label=fgPJCJ-B984DEK2XtOYo&hn=www.google.com&frm=0&tiba=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&did=dZTNiMT&gdid=dZTNiMT&gtm_ee=1&auid=650139808.1680650151&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 04 Apr 2023 23:15:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

192.229.221.95

200 OK

20 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
20 kB (19612 bytes)
Hash
51a8b0bca8748283c2e9cc04929de237
e6b0a61888c93f3f1c2da82375c7de65fb04fa89
3aafd9dff30ed16d7fe4c6e17a59d54de72a7d8da885f03abb16a4db764e9583

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6411
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:51 GMT
Last-Modified: Tue, 04 Apr 2023 21:29:00 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db

157.240.221.16

200 OK

89 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db
IP
157.240.221.16:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (18530)
Size
89 kB (88580 bytes)
Hash
ec935c6146be19713ee3e09a795c5bc2
7f978969d8200571bbe75a5ba71f7e13190610cd
566f8c07838a0248290b37bef921e2bfbae9c26c1b81d6a4a9abef6c97e55e31

HTTP Headers

GET /en_US/sdk.js?hash=07ea48ab8293ca9d465efd4b22af15db HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 416af2b923360f988b9c6a1df74575cb
etag: "69d7938cbf5ffd7bcbf188e7fc02deaa"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 03 Apr 2024 21:54:21 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 7JNcYUa+GXE+4+CaeVxbwg==
x-fb-debug: C7k62HIABN7qbFByM1M1+apuW8ZIHaokzZRvbwzSyCSOqpuyMVuEUp7NPMK6ndIr06eq9sC31ko4E9yGgQxcOw==
content-length: 88580
x-fb-trip-id: 1679558926
date: Tue, 04 Apr 2023 23:15:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700

142.250.74.106

200 OK

40 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:400,600,700|Raleway:400,500,600,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
40 kB (40476 bytes)
Hash
639feb376a330274c6315a4ad13eca70
83df15b409d2806a4086a7f9e840a65baab9dbf4
36eeeee21cb76d88c9c1c0458a5276bb645c8087ccec28e9fdf24a4c79c501c1

HTTP Headers

GET /css?family=Open+Sans:400,600,700|Raleway:400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Apr 2023 23:15:50 GMT
date: Tue, 04 Apr 2023 23:15:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-KLTY4E3YBY&gtm=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&gtm=45je3430&_p=254336237&_gaz=1&gdid=dZTNiMT&cid=1195200102.1680650151&ul=en-us&sr=1280x1024&_s=1&sid=1680650151&sct=1&seg=0&dl=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&dt=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 04 Apr 2023 23:15:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en

3.122.91.229

204 No Content

0 B

URL HTTP/1.1
l.sharethis.com/pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en
IP
3.122.91.229:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pview?event=pview&hostname=www.heavenlybhutan.com&location=%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&product=sop&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Page%20not%20found%20-%20Heavenly%20Bhutan%20%7C%20Luxury%20Tour%20Operator%20%26%20Best%20Travel%20Agency&cms=unknown&publisher=5a3603310c3a12001239de22&sop=true&version=st_sop.js&lang=en HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Access-Control-Expose-Headers: stid
Access-Control-Max-Age: 1728000
Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 04 Apr 2023 23:15:52 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive

stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1

64.233.161.155

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1
IP
64.233.161.155:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-KLTY4E3YBY&cid=1195200102.1680650151&gtm=45je3430&aip=1 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.heavenlybhutan.com
date: Tue, 04 Apr 2023 23:15:52 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8318be4633e5bd7ed8b010dced813a61
bf8c3a8932684e7e2cabe13dc40ed71b710829ec
add9922dfdcf26c07d9a286e529332fa488099e9c7029ca62b658434e4e987c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Apr 2023 23:15:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js

54.230.111.11

200 OK

763 B

URL HTTP/2
buttons-config.sharethis.com/js/5a3603310c3a12001239de22.js
IP
54.230.111.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (763), with no line terminators
Size
763 B (763 bytes)
Hash
d561e09722a4e9a9aab1f41b2c7f9be7
050d4da83989f4a5a65e5293ed8ca2cfaaf91502
c6a495386e655bb43c0e926b50a9b9ed5e75b666a3e116783ac31c14bba934d9

HTTP Headers

GET /js/5a3603310c3a12001239de22.js HTTP/1.1
Host: buttons-config.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 763
last-modified: Mon, 18 Dec 2017 11:52:59 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Apr 2023 23:15:53 GMT
cache-control: max-age=60,public
etag: "d561e09722a4e9a9aab1f41b2c7f9be7"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m6LioT8sZ69eFegjAuNdxLe9gfaAwmS_YRm_QKmFN5TKz70hz1M2QQ==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

oneocsp.microsoft.com/ocsp

204.79.197.203

200 OK

1.8 kB

URL HTTP/1.1
oneocsp.microsoft.com/ocsp
IP
204.79.197.203:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type
data
Size
1.8 kB (1777 bytes)
Hash
4b7cef060377d8d797de38dbc384a141
3007d1ec547cb26dcda09d88836cc1d87ed33352
0e1929cc6957c95f01c212cd3e70114f1d2a5a7fdaf533ce650401591d436823

HTTP Headers

POST /ocsp HTTP/1.1
Host: oneocsp.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 1777
Content-Type: application/ocsp-response
Expires: Mon, 10 Apr 2023 15:50:18 GMT
Last-Modified: Tue, 04 Apr 2023 05:08:22 GMT
ETag: "0e1929cc6957c95f01c212cd3e70114f1d2a5a7fdaf533ce650401591d436823"
X-Powered-By: ASP.NET
x-content-type-options: nosniff
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A4103B5F82FC4CC38C0B221B5AB5E971 Ref B: OSL30EDGE0208 Ref C: 2023-04-04T23:15:52Z
Date: Tue, 04 Apr 2023 23:15:51 GMT

static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023

151.101.130.83

200 OK

26 kB

URL HTTP/2
static.tacdn.com/css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023
IP
151.101.130.83:0
ASN
#54113 FASTLY

File type
Web Open Font Format (Version 2), TrueType, length 26252, version 1.0\012- data
Size
26 kB (26252 bytes)
Hash
2d0c909fe09ed8ef77056363d8963d2e
f81b7dc1acf5a2c25e46a893be5fe09622716d70
b182c7fce760e8851d7e91095237ff86a4f7036c78ddf4107ead869ff2f3502a

HTTP Headers

GET /css2/webfonts/TripAdvisor/TripAdvisor_Regular.woff2?v004.023 HTTP/1.1
Host: static.tacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://static.tacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
last-modified: Mon, 13 Mar 2023 09:30:01 GMT
cache-control: max-age=2592000, immutable
expires: Thu, 27 Apr 2023 22:40:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
content-type: application/font-woff2
x-request-id: f0c9c6b5-77d7-424d-a1ad-073026fb1b0b
accept-ranges: bytes
date: Tue, 04 Apr 2023 23:15:52 GMT
via: 1.1 varnish
age: 606901
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 2
x-timer: S1680650152.448881,VS0,VE0
vary: Accept-Encoding
content-length: 26252
X-Firefox-Spdy: h2

www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg

23.38.201.85

200 OK

2.2 kB

URL HTTP/2
www.tripadvisor.com/img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg
IP
23.38.201.85:0
ASN
#16625 AKAMAI-AS

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Size
2.2 kB (2202 bytes)
Hash
0a90d137f0ab6c2f260541dc08a9476c
8fd94d963512b86c935c7ea42095d1a3535ba4ff
e4f64730b81ec869a8dc84a2f1102e4134fdf8dfbe308253f6d2b05ef6ff6af9

HTTP Headers

GET /img/cdsi/img2/branding/v2/Tripadvisor_lockup_horizontal_secondary_registered-18034-2.svg HTTP/1.1
Host: www.tripadvisor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: envoy
cache-control: private, max-age=43200
expires: Wed, 05 Apr 2023 11:15:52 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT DSP COR CAO PSA IDC ADM DEVi TAIi PSD IVAi IVDi CONi HIS CNT"
timing-allow-origin: https://www.tripadvisor.com
content-type: image/svg+xml
vary: Accept-Encoding
content-encoding: br
x-request-id: 333a3419-79c7-4b89-a68f-039f5efddb2a
content-length: 2202
date: Tue, 04 Apr 2023 23:15:52 GMT
set-cookie: TADCID=trSXh63yWywW9DA9ABQCXdElnkGETRW-Svh01l3nWnSjIJqqr6ncVnFI0K6Alp2fpSvhWQa0YrNsiAemTIEr9l-HmCRSChFH5xo; Domain=www.tripadvisor.com; Expires=Fri, 01-Apr-2033 23:15:52 GMT; Path=/; Secure; HttpOnly
TAUnique=%1%enc%3A7zweuZcTl2fk7nWhzVPS6nS%2FfUSW5NQqT%2BZR9RAe4kQ2jHwltRJPGQ%3D%3D; Domain=.tripadvisor.com; Expires=Thu, 03-Apr-2025 23:15:52 GMT; Path=/; HttpOnly
__vt=9rYGe6iyF805I6cBABQCwDrKuA05TCmUEEd0_4-PPCSAwK3St4siMoMrfaGIN4YOFGRAh2gbjRvzStSHyLu-5twn_xMkhTEurHwKDv2CsUg1i9XfQTjwqen-Ot8GCZT-cb6i7UGnDaVsJcZfH7GzFjqa; Domain=www.tripadvisor.com; Expires=Wed, 05-Apr-2023 00:15:52 GMT; Path=/; Secure; HttpOnly
TASession=V2ID.33FCD7035F14C0FCB13D676C4FAEEB51*SQ.1*HS.recommended*ES.popularity*DS.5*SAS.popularity*FPS.oldFirst*FA.1*TRA.true; Domain=.tripadvisor.com; Path=/
ServerPool=T; Domain=.tripadvisor.com; Path=/
TACds=A.1.18034.2.2023-04-04; Domain=.tripadvisor.com; Expires=Sat, 03-Jun-2023 23:15:52 GMT; Path=/
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/facebook.svg

54.230.111.57

200 OK

301 B

URL HTTP/2
platform-cdn.sharethis.com/img/facebook.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
301 B (301 bytes)
Hash
c6e9be45643e197ce1db1d7e24a99adc
d7338e398bb0f7a9082d24f121140d2cf9e88859
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

HTTP Headers

GET /img/facebook.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 15 Mar 2023 12:15:15 GMT
cache-control: public, max-age=2592000
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yef3ZNCFuVosm961S-MNCFPCfP_1cSavg5IjC-4T11slcdmkjkAdUQ==
age: 1767638
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/pinterest.svg

54.230.111.57

200 OK

771 B

URL HTTP/2
platform-cdn.sharethis.com/img/pinterest.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (615)
Size
771 B (771 bytes)
Hash
2b10a062e719c64b686e2e8fcdc216dc
38bd37fa3975f4d5b849763359481d8b31bb80ba
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

HTTP Headers

GET /img/pinterest.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 771
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 12 Mar 2023 02:20:42 GMT
cache-control: public, max-age=2592000
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: WnEwl5LcGPNbqHD1F0hZx0cqYGfJN2oGoCsUghcPFTFzjnoJ_Yd4Wg==
age: 2139373
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/email.svg

54.230.111.57

200 OK

343 B

URL HTTP/2
platform-cdn.sharethis.com/img/email.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
343 B (343 bytes)
Hash
5977437466e857c7ddcadda6f6d88c2a
19c6378daa1f946ca225fb8d9e039e1f7762fb0d
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

HTTP Headers

GET /img/email.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sat, 18 Mar 2023 12:29:41 GMT
cache-control: public, max-age=2592000
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: r6QbSix1zEVl2FIhZvS7vTsVyr-tNbk3FIO2N7olnNI7qUX3DH4uCg==
age: 2402371
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/twitter.svg

54.230.111.57

200 OK

731 B

URL HTTP/2
platform-cdn.sharethis.com/img/twitter.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (575)
Size
731 B (731 bytes)
Hash
0af2fb38987598376c99e21af17ade45
bfbdfd0b1a2dcef714e347928bd11b8410dc7ca2
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

HTTP Headers

GET /img/twitter.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 731
date: Sat, 25 Mar 2023 01:32:34 GMT
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
etag: "0af2fb38987598376c99e21af17ade45"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qfIPJN9nctdwDyEh84dHt4G1pAD3Yuua1t_NTyl8UOPVFjJ9v_JblQ==
age: 942199
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

y.clarity.ms/collect

104.211.35.148

204 No Content

0 B

URL HTTP/1.1
y.clarity.ms/collect
IP
104.211.35.148:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 687
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 04 Apr 2023 23:15:52 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

platform-cdn.sharethis.com/img/arrow_left.svg

54.230.111.57

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_left.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
b55d8d2b9321e381a3c38a4bddb74037
000c29635758e608bbe15d191e953adb27627c2e
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

HTTP Headers

GET /img/arrow_left.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
date: Fri, 17 Mar 2023 04:08:29 GMT
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
etag: "b55d8d2b9321e381a3c38a4bddb74037"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=2592000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jc88mt3gPkuqxpr-RmIxilT95ALUHoGIJv2fJzNwqyIqoFbHR7MJZw==
age: 1624044
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

platform-cdn.sharethis.com/img/arrow_right.svg

54.230.111.57

200 OK

565 B

URL HTTP/2
platform-cdn.sharethis.com/img/arrow_right.svg
IP
54.230.111.57:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (409)
Size
565 B (565 bytes)
Hash
9928d025bd5792b718ee0a185f62e67c
16406d7b5b6d383b12859b853cf6cb7e3733e33d
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

HTTP Headers

GET /img/arrow_right.svg HTTP/1.1
Host: platform-cdn.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 565
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 16 Mar 2023 04:13:41 GMT
cache-control: public, max-age=2592000
etag: "9928d025bd5792b718ee0a185f62e67c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nBf3NSldXWRpJez2tPX9s-_0oJdNXfSkrl8WeqAzWUJj2iaXSQqI2w==
age: 1710137
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

c.clarity.ms/c.gif

68.219.88.97

302 Found

0 B

URL HTTP/2
c.clarity.ms/c.gif
IP
68.219.88.97:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=31A0C0FE5A1D6DA32E0DD2175E1D634C; domain=.clarity.ms; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Tue, 04 Apr 2023 23:15:51 GMT
content-length: 0
X-Firefox-Spdy: h2

count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe

54.230.111.71

200 OK

176 B

URL HTTP/2
count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe
IP
54.230.111.71:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
176 B (176 bytes)
Hash
b658a5a578c8434f6f5dd7dea671c0fe
c126e491ef71e7c0565501d8d6f615e8cbfc2b74
52871bfa5fbbfc4ffa508ef7a347aa166ec3ca7ced36a0365f5613c3546c9b34

HTTP Headers

GET /v2.0/get_counts?cb=window.__sharethis__.cb&url=https%3A%2F%2Fwww.heavenlybhutan.com%2Fwp-content%2Fplugins%2Fhello123%2F89h8btyfde445.exe HTTP/1.1
Host: count-server.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 176
date: Tue, 04 Apr 2023 23:15:52 GMT
cache-control: no-cache, no-store, must-revalidate
etag: b658a5a578c8434f6f5dd7dea671c0fe
apigw-requestid: C4BiZiREoAMEJ9w=
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: S-XJrmE0g9VMSV6rFTjFBHl49wflidaNlBqwyWtBDM-gElmFqEfVDw==
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C

13.107.21.200

302 Found

0 B

URL HTTP/2
c.bing.com/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C
IP
13.107.21.200:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&RedC=c.clarity.ms&MXFR=31A0C0FE5A1D6DA32E0DD2175E1D634C HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=070EC9A7246B698F03E9DB4E259E6866; domain=.bing.com; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Tue, 11-Apr-2023 23:15:52 GMT; path=/; SameSite=None; Secure;
SRM_B=070EC9A7246B698F03E9DB4E259E6866; domain=c.bing.com; expires=Sun, 28-Apr-2024 23:15:52 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 072912F6CA5F44D88247101B24D6CF8F Ref B: OSL30EDGE0112 Ref C: 2023-04-04T23:15:52Z
date: Tue, 04 Apr 2023 23:15:52 GMT
content-length: 0
X-Firefox-Spdy: h2

c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866

68.219.88.97

200 OK

42 B

URL HTTP/2
c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866
IP
68.219.88.97:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

HTTP Headers

GET /c.gif?ctsa=mr&CtsSyncId=9608E517F4DA44988551AA5E2A0645AE&MUID=070EC9A7246B698F03E9DB4E259E6866 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 16 Mar 2023 17:16:22 GMT
accept-ranges: bytes
etag: "c4b6d572b58d91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Tue, 04-Apr-2023 23:25:52 GMT; path=/; SameSite=None; Secure;
date: Tue, 04 Apr 2023 23:15:51 GMT
content-length: 42
X-Firefox-Spdy: h2

y.clarity.ms/collect

104.211.35.148

204 No Content

0 B

URL HTTP/1.1
y.clarity.ms/collect
IP
104.211.35.148:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /collect HTTP/1.1
Host: y.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 114080
Origin: https://www.heavenlybhutan.com
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 04 Apr 2023 23:15:53 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavenlybhutan.com
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 00:19:24 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/css/bootstrap.css?ver=7a22247de8db3271f3bf8573be10e986 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 28 Jun 2018 10:17:04 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/uploads/2021/08/WhatsApp-Logo.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/2021/08/WhatsApp-Logo.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Thu, 26 Aug 2021 10:40:39 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/tablepress-responsive-tables/css/tablepress-responsive.min.css?ver=1.8 HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/sw.js
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/plugins/hello123/sw.js HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg

192.0.77.48

200 OK

0 B

URL HTTP/2
s.w.org/images/core/emoji/14.0.0/svg/1f60d.svg
IP
192.0.77.48:0
ASN
#2635 AUTOMATTIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/core/emoji/14.0.0/svg/1f60d.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Apr 2023 23:15:51 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 2
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.clarity.ms/tag/80x2itprfu?ref=bwt

13.107.237.53

200 OK

0 B

URL HTTP/2
www.clarity.ms/tag/80x2itprfu?ref=bwt
IP
13.107.237.53:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag/80x2itprfu?ref=bwt HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=e4131bc2c1634651a2c417ff9d841977.20230404.20240403; expires=Wed, 03 Apr 2024 23:15:51 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
x-cache: CONFIG_NOCACHE
x-azure-ref: 0p68sZAAAAACtYtUDybM3QbEKaeY/CrPSQ1BIMzBFREdFMDQxMgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Tue, 04 Apr 2023 23:15:51 GMT
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe

103.50.162.157

404 Not Found

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/hello123/89h8btyfde445.exe HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://www.heavenlybhutan.com/wp-json/>; rel="https://api.w.org/"
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; preload
content-security-policy: upgrade-insecure-requests
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=31536000, enforce, report-uri="https://www.heavenlybhutan.com/"
feature-policy: camera 'none'; fullscreen 'self'; geolocation 'self'; microphone 'self'
permissions-policy: geolocation=(self "https://heavenlybhutan.com"), microphone=()
content-type: text/html; charset=UTF-8
date: Tue, 04 Apr 2023 23:15:49 GMT
server: Apache
X-Firefox-Spdy: h2

www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png

103.50.162.157

200 OK

0 B

URL HTTP/2
www.heavenlybhutan.com/wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png
IP
103.50.162.157:0
ASN
#394695 PUBLIC-DOMAIN-REGISTRY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/heavenlybhutan/assets/img/icons/Favicon.png HTTP/1.1
Host: www.heavenlybhutan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavenlybhutan.com/wp-content/plugins/hello123/89h8btyfde445.exe
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
x-content-type-options: nosniff
last-modified: Fri, 10 Jun 2022 06:13:58 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 03 Apr 2024 23:15:50 GMT
vary: Accept-Encoding
content-encoding: gzip
content-type: image/png
date: Tue, 04 Apr 2023 23:15:50 GMT
server: Apache
X-Firefox-Spdy: h2

platform-api.sharethis.com/js/sharethis.js

143.204.55.116

200 OK

0 B

URL HTTP/2
platform-api.sharethis.com/js/sharethis.js
IP
143.204.55.116:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/sharethis.js HTTP/1.1
Host: platform-api.sharethis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavenlybhutan.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
x-frame-options: SAMEORIGIN
date: Tue, 04 Apr 2023 23:09:06 GMT
cache-control: max-age=600, public
etag: W/"3184b-xStZrNgO3eG9+q9l3cRkzPWrPx0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IUe6hZZZerKt2AEN_raERrUejA9tohG7jdQL9KesqCQZAB7_ecf0mw==
age: 405
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (45)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL