urlscan.io logo urlscan.io
SecurityTrails logo

himalayanwildlifesanctuary.com Open in urlscan Pro
65.60.61.194  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://jraquila.com/fe0827f8b43/
Effective URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneI...
Submission: On March 22 via manual from RO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 11 domains to perform 19 HTTP transactions. The main IP is 65.60.61.194, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is himalayanwildlifesanctuary.com.
TLS certificate: Issued by R3 on February 25th 2021. Valid for: 3 months.
This is the only time himalayanwildlifesanctuary.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online) Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 1 69.195.72.55 46606 (UNIFIEDLA...)
1 65.60.61.194 32475 (SINGLEHOP...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 163.171.128.148 54994 (QUANTILNE...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:e6:... 13335 (CLOUDFLAR...)
1 52.216.147.142 16509 (AMAZON-02)
19 13
1    69.195.72.55 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box2446.bluehost.com
jraquila.com
1    65.60.61.194 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: spock.cncdomains.com
himalayanwildlifesanctuary.com
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
drive.google.com
1    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
doc-0g-bs-docs.googleusercontent.com
1    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
doc-00-bs-docs.googleusercontent.com
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
3    163.171.128.148 (Germany)

ASN54994 (QUANTILNETWORKS, US)
images.benchmarkemail.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700:e6::ac40:ca1c (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
1    52.216.147.142 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
Domain Requested by
3 images.benchmarkemail.com himalayanwildlifesanctuary.com
3 fonts.googleapis.com himalayanwildlifesanctuary.com
doc-00-bs-docs.googleusercontent.com
2 ka-f.fontawesome.com kit.fontawesome.com
2 drive.google.com 2 redirects
2 maxcdn.bootstrapcdn.com himalayanwildlifesanctuary.com
2 code.jquery.com himalayanwildlifesanctuary.com
1 s3.amazonaws.com himalayanwildlifesanctuary.com
1 cdnjs.cloudflare.com himalayanwildlifesanctuary.com
1 kit.fontawesome.com himalayanwildlifesanctuary.com
1 doc-00-bs-docs.googleusercontent.com himalayanwildlifesanctuary.com
1 doc-0g-bs-docs.googleusercontent.com himalayanwildlifesanctuary.com
1 ajax.googleapis.com himalayanwildlifesanctuary.com
1 himalayanwildlifesanctuary.com
1 jraquila.com 1 redirects
19 14

This site contains no links.

Subject Issuer Validity Valid
himalayanwildlifesanctuary.com
R3		 2021-02-25 -
2021-05-26		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
*.googleusercontent.com
GTS CA 1O1		 2021-02-23 -
2021-05-18		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-13 -
2021-12-14		 a year crt.sh
*.benchmarkemail.com
Sectigo RSA Organization Validation Secure Server CA		 2019-12-26 -
2021-12-28		 2 years crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2020-08-04 -
2021-08-09		 a year crt.sh

This page contains 1 frames:

Primary Page: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Frame ID: D0A76BCD85754EA82559464D2A839BE3
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://jraquila.com/fe0827f8b43/ HTTP 302
    https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b9... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<script[^>]* src=[^>]+fontawesome(?:\.js)?/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

19
Requests

100 %
HTTPS

73 %
IPv6

11
Domains

14
Subdomains

13
IPs

3
Countries

583 kB
Transfer

1122 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jraquila.com/fe0827f8b43/ HTTP 302
    https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://drive.google.com/uc?export=view&id=1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw- HTTP 302
  • https://doc-0g-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5i72oree3l0m1fo2nlnd6h1s1fttjfg9/1616431350000/11161123860412385461/*/1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-?e=view
Request Chain 5
  • https://drive.google.com/uc?export=view&id=1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY HTTP 302
  • https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e=view

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/
Redirect Chain
  • https://jraquila.com/fe0827f8b43/
  • https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.60.61.194 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
spock.cncdomains.com
Software
Apache /
Resource Hash
904031307b947058bb2ad5f7f1f2958ccd542444c3fd6183fb86229eb722c65c

Request headers

:method
GET
:authority
himalayanwildlifesanctuary.com
:scheme
https
:path
/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:04 GMT
server
Apache
content-type
text/html; charset=UTF-8

Redirect headers

date
Mon, 22 Mar 2021 16:43:03 GMT
server
Apache
location
https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length
0
content-type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 13:14:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12543
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 22 Mar 2022 13:14:02 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
gzip
last-modified
Thu, 22 Sep 2016 22:32:34 GMT
server
nginx
etag
W/"57e45c02-152b5"
vary
Accept-Encoding
x-hw
1616431385.dop220.fr8.t,1616431385.cds246.fr8.hn,1616431385.cds012.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30070
jquery-3.3.1.js
code.jquery.com/ 		265 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

Origin
https://himalayanwildlifesanctuary.com
Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
gzip
last-modified
Sat, 20 Jan 2018 17:26:44 GMT
server
nginx
etag
W/"5a637bd4-42587"
vary
Accept-Encoding
x-hw
1616431385.dop126.fr8.t,1616431385.cds246.fr8.hc,1616431385.cds165.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
80268
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://himalayanwildlifesanctuary.com
Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 718
age
11676
cdn-cachedat
2021-03-11 11:57:51
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08fc6aa26400004dee850e4000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
2cef2b233618340c6a701af819c99a6d
cf-ray
6340e07d6f034dee-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-
doc-0g-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5i72oree3l0m1fo2nlnd6h1s1fttjfg9/1616431350000/11161123860412385461/*/
Redirect Chain
  • https://drive.google.com/uc?export=view&id=1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-
  • https://doc-0g-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5i72oree3l0m1fo2nlnd6h1s1fttjfg9/1616431350000/11161123860412385461/*/1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-?e...
56 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://doc-0g-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5i72oree3l0m1fo2nlnd6h1s1fttjfg9/1616431350000/11161123860412385461/*/1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-?e=view
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
access-control-allow-methods
GET,OPTIONS
server
UploadServer
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
x-guploader-uploadid
ABg5-UxP9zjmoXGOfe8JCiES0MwDD0ZFESaAi3oDB-4zj-02lgaEAYwBDAx6CRbfWqluv_v4jGuVFXu8m1Kq_0jK7sw
x-goog-hash
crc32c=NzeKmQ==
content-type
text/css
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
attachment;filename="all.min.css";filename*=UTF-8''all.min.css
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
57180
expires
Mon, 22 Mar 2021 16:43:05 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
location
https://doc-0g-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/5i72oree3l0m1fo2nlnd6h1s1fttjfg9/1616431350000/11161123860412385461/*/1zRzaJC2hlNcBJPmIY_Cmoe3wrb9rSVw-?e=view
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-ykK3ZS4aBLAFaeIuRbdT7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
312
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY
doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/
Redirect Chain
  • https://drive.google.com/uc?export=view&id=1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY
  • https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e...
10 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e=view
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
9f79f33e6422447b91059192452a123b2d5b4f05993eb50df73b351eb75d460f

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
access-control-allow-methods
GET,OPTIONS
server
UploadServer
access-control-allow-headers
Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, x-chrome-connected, X-ClientDetails, X-Client-Version, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-AuthUser, x-goog-ext-124712974-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, X-Goog-Api-Key, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Ariane-Xsrf-Token, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Client-Data, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout
x-guploader-uploadid
ABg5-Uwq9KzSrpLD_aQigAk7m1W9emFaEuLKVDhUzzmBwxl20moffui41R6c5d4b87AeC8_exKEHGGkA2u080b9eTFTN_orqeg
x-goog-hash
crc32c=6K55UQ==
content-type
text/css
access-control-allow-origin
*
cache-control
private, max-age=0
access-control-allow-credentials
false
content-disposition
attachment;filename="style.css";filename*=UTF-8''style.css
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10685
expires
Mon, 22 Mar 2021 16:43:05 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
location
https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e=view
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-security-policy
script-src 'report-sample' 'nonce-bT2cfdEkHirqXbtBx9UQvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/drive-explorer/
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
311
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/ 		1 KB
540 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
48288119bd915b95e80f8e26134cd694637508c594524f58b28d8e462fe718c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 16:40:34 GMT
server
ESF
date
Mon, 22 Mar 2021 16:43:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Mar 2021 16:43:05 GMT
585b051251.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/585b051251.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7943d6d067db8587e9fb675f0d2cc78d6c90c91b187cf8642a3f52ff91381685
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Origin
https://himalayanwildlifesanctuary.com
Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
gzip
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status
REVALIDATED
strict-transport-security
max-age=31536000; preload
cf-request-id
08fc6aa2680000c2866d132000000001
x-request-id
Fm6tKXiV3TuK8RVko3FB
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=60, public, must-revalidate
cf-ray
6340e07d7ba1c286-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
image10083167.png
images.benchmarkemail.com/client1227621/ 		242 KB
243 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.benchmarkemail.com/client1227621/image10083167.png
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
fc0a3ef53e84b8511d1b202d87ab0c4da63ce7c30ba49b36c3e436ff17763f56

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 16:43:05 GMT
Via
1.1 google, 1.1 PSmgnyNY2vn68:4 (W), 1.1 PSfgblPAR2gc184:5 (W), 1.1 PSdgflkfFRA1eq94:12 (W)
Server
PWS/8.3.1.0.8
Age
21714
X-Ws-Request-Id
6058c919_PSdgflkfFRA1dm9_21360-17893
Access-Control-Allow-Methods
POST, GET, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Allow-Origin
https://ui.benchmarkemail.com
Cache-Control
max-age=604812
X-Px
ht PSdgflkfFRA1eq94FRA
Connection
keep-alive
Alt-Svc
clear
Content-Length
247990
image10083178.jpg
images.benchmarkemail.com/client1227621/ 		661 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.benchmarkemail.com/client1227621/image10083178.jpg
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
e008ec318fabc40fa3ad5ae2fd9fc6ed5d5798ca8a577558d962bc085b9d85da

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 16:43:05 GMT
Via
1.1 google, 1.1 PSmgnyNY2ei66:4 (W), 1.1 PSdgflkfFRA1bc200:5 (W), 1.1 PSdgflkfFRA1bc95:5 (W)
Server
PWS/8.3.1.0.8
Age
19152
X-Ws-Request-Id
6058c919_PSdgflkfFRA1eq9_42159-43259
Access-Control-Allow-Methods
POST, GET, OPTIONS, HEAD
Content-Type
image/jpeg
Access-Control-Allow-Origin
https://ui.benchmarkemail.com
Cache-Control
max-age=604812
X-Px
ht PSdgflkfFRA1bc95FRA
Connection
keep-alive
Alt-Svc
clear
Content-Length
661
image10083170.png
images.benchmarkemail.com/client1227621/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.benchmarkemail.com/client1227621/image10083170.png
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
PWS/8.3.1.0.8 /
Resource Hash
3f4c861c923cac84230f81e44b02b1d5aee991558600efbfd3ef3ad23ff4baaf

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 16:43:05 GMT
Via
1.1 google, 1.1 hexi47:9 (W), 1.1 PSdgflkfFRA1ox201:8 (W), 1.1 PSdgflkfFRA1je97:9 (W)
Server
PWS/8.3.1.0.8
Age
21714
X-Ws-Request-Id
6058c919_PSdgflkfFRA1dm9_22747-51072
Access-Control-Allow-Methods
POST, GET, OPTIONS, HEAD
Content-Type
image/png
Access-Control-Allow-Origin
https://ui.benchmarkemail.com
Cache-Control
max-age=604812
X-Px
ht PSdgflkfFRA1je97FRA
Connection
keep-alive
Alt-Svc
clear
Content-Length
43826
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://himalayanwildlifesanctuary.com
Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4038970
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6458
cf-request-id
08fc6aa47200002c4a9b09f000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-500f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PQEJY7264Jm77bvoQgIQDAL9YcYZskoSKtyi6mtC7k4hhlRqfO2lrKeK2wiqv2QaYwLQbzR0xVz2BsdCGnGLD17MiqmxxX1eByI3w1qAeIa1UcrY2Ucnp%2FZlwttDQijBkg%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6340e080b9a32c4a-FRA
expires
Sat, 12 Mar 2022 16:43:05 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://himalayanwildlifesanctuary.com
Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
722, 617
age
11675
cdn-cachedat
2021-03-11 11:57:50
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08fc6aa47200004dee8f88f000000001
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
fa917b6f4d5c2bf79c6ab4d2e1f4f73f
cf-ray
6340e080bf3f4dee-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		6 KB
716 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:300,400,600,700
Requested by
Host: doc-00-bs-docs.googleusercontent.com
URL: https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e=view
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f11ed90b40e2b67e8dd5117ffcfaee8ede0a7bbc0fd99e1d1912580a79fe5b4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://doc-00-bs-docs.googleusercontent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 15:56:38 GMT
server
ESF
date
Mon, 22 Mar 2021 16:43:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Mar 2021 16:43:05 GMT
css
fonts.googleapis.com/ 		9 KB
775 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Arimo:300,400,400italic,700,700italic
Requested by
Host: doc-00-bs-docs.googleusercontent.com
URL: https://doc-00-bs-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/24kctildcbe196a0n3ehd0vcjr0ksb2n/1616431350000/11161123860412385461/*/1sOSBhfnqqmMa--x5oVFtGEtCo1WCPhAY?e=view
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
db163d9468eaec9c0c440474152ada5e53d8c781e84ddb5b250d365ab5b55bb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://doc-00-bs-docs.googleusercontent.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 16:43:05 GMT
server
ESF
date
Mon, 22 Mar 2021 16:43:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Mar 2021 16:43:05 GMT
free.min.css
ka-f.fontawesome.com/releases/v5.15.2/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.2/css/free.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c7bba7deb64ff95e98f7ac8cd0d3b675a4bcf02f302e57edc5a1d6fa3d6cf94

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
via
1.1 eaa1b95207b7e17a6ad05a7c45014762.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
24675
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08fc6aa4a000004ac2a3375000000001
last-modified
Wed, 13 Jan 2021 18:32:18 GMT
server
cloudflare
etag
W/"4ecc071b77d6b1790fa9fb8a5173f972"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AE8c%2BW6jChlYIRrcp3RP7eRu3gCxIt%2FdLZueRuKj%2BA9ABnZgADRCSd31XWX9dRd1agq2GTe8bi%2FRdAIcxbZ3a8Xz4C%2BQ2SpABWf5p7%2BODD2W7a3d9hY3jjivd%2B7m8fybyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
MUC50-C1
cf-ray
6340e0810c684ac2-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
tTmA_6Bw-4bDg7SAPELOiLx8jpcdgVV-iCrpEPIO-TxL1zWZrMT-VA==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.2/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.2/css/free-v4-shims.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:ca1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7cc3c57f9bda4c6dcb83bb3c19f2f2aa86ecec6274e243cd4ec315ae8e30101

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 22 Mar 2021 16:43:05 GMT
via
1.1 39ed76664123c3090231ff0882467152.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
24675
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08fc6aa4a100004ac2c789a000000001
last-modified
Wed, 13 Jan 2021 18:32:17 GMT
server
cloudflare
etag
W/"1848e71668f42835079e5fa2af6cf4a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JR89WEBLrCvrdJ6Jf7akAwPaO6SJGbshDagQs6G0nROeeRSQO05HP%2FfyLuCwa8uWw723piL%2BbaN9h18%2F63jG7S5fqgA63tMZuOPWv%2BNW4nmo7c1v%2BgFGe%2BHu5cmdZNl0qA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
MUC50-C1
cf-ray
6340e0810c6b4ac2-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
lRBmbPenSprwzGJE8iLKo6-v622Vc-furwmjIBS_m8zhsm5NJXlBgQ==
ZJH_2F3Xi0SopxxCuN7EKeDY.jpg
s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.amazonaws.com/simbla-static-2/2020/11/5faba665321d68001d4fc0e4/5faba6db73aef50019af7085/ZJH_2F3Xi0SopxxCuN7EKeDY.jpg
Requested by
Host: himalayanwildlifesanctuary.com
URL: https://himalayanwildlifesanctuary.com/modules/mod_simplefileuploadv1.3/elements/eFAX/?email=&9f8e35e7-09d6-44b4-b95a-fe0827f8b43epaneId=startcoding&action=start&env_id=ibmypus-south&ace_config&fav=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.147.142 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3

Request headers

Referer
https://himalayanwildlifesanctuary.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 22 Mar 2021 16:43:07 GMT
x-amz-meta-websiteid
5faba6db73aef50019af7085
Last-Modified
Wed, 11 Nov 2020 08:56:44 GMT
Server
AmazonS3
x-amz-meta-userid
5faba665321d68001d4fc0e4
ETag
"7916a894ebde7d29c2cc29b267f1299f"
Content-Type
image/jpeg
Cache-Control
max-age=2592000000
x-amz-request-id
5C0T51YXKDXJQG2Y
Accept-Ranges
bytes
Content-Length
17453
x-amz-id-2
UlcVdOpU2c9m/1ECd09uDG864rUQELREQVN0QQ1QoKxvX3dSwhlys2hPyx3bhFJLVh+Degjmld4=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) Microsoft (Consumer)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| FontAwesomeKitConfig function| Popper

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
doc-00-bs-docs.googleusercontent.com
doc-0g-bs-docs.googleusercontent.com
drive.google.com
fonts.googleapis.com
himalayanwildlifesanctuary.com
images.benchmarkemail.com
jraquila.com
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
s3.amazonaws.com
163.171.128.148
2001:4de0:ac18::1:a:3b
2606:4700::6810:125e
2606:4700::6812:1634
2606:4700::6812:acf
2606:4700:e6::ac40:ca1c
2a00:1450:4001:800::200a
2a00:1450:4001:801::2001
2a00:1450:4001:803::200a
2a00:1450:4001:808::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:810::200a
52.216.147.142
65.60.61.194
69.195.72.55
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3f4c861c923cac84230f81e44b02b1d5aee991558600efbfd3ef3ad23ff4baaf
48288119bd915b95e80f8e26134cd694637508c594524f58b28d8e462fe718c2
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
7943d6d067db8587e9fb675f0d2cc78d6c90c91b187cf8642a3f52ff91381685
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8c7bba7deb64ff95e98f7ac8cd0d3b675a4bcf02f302e57edc5a1d6fa3d6cf94
904031307b947058bb2ad5f7f1f2958ccd542444c3fd6183fb86229eb722c65c
9f79f33e6422447b91059192452a123b2d5b4f05993eb50df73b351eb75d460f
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
d7cc3c57f9bda4c6dcb83bb3c19f2f2aa86ecec6274e243cd4ec315ae8e30101
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
db163d9468eaec9c0c440474152ada5e53d8c781e84ddb5b250d365ab5b55bb7
e008ec318fabc40fa3ad5ae2fd9fc6ed5d5798ca8a577558d962bc085b9d85da
f11ed90b40e2b67e8dd5117ffcfaee8ede0a7bbc0fd99e1d1912580a79fe5b4a
fc0a3ef53e84b8511d1b202d87ab0c4da63ce7c30ba49b36c3e436ff17763f56