urlscan.io logo urlscan.io
SecurityTrails logo

www.ilookyou.com Open in urlscan Pro
173.236.180.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://capitolonoe.com/
Effective URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Submission: On August 15 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 5 countries across 14 domains to perform 31 HTTP transactions. The main IP is 173.236.180.201, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.ilookyou.com.
TLS certificate: Issued by R3 on July 20th 2021. Valid for: 3 months.
This is the only time www.ilookyou.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 81.17.18.197 51852 (PLI-AS)
2 3.224.214.180 14618 (AMAZON-AES)
1 1 35.157.49.161 16509 (AMAZON-02)
1 173.236.180.201 26347 (DREAMHOST-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 5.57.17.90 43996 (BOOKING-B...)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.13.44 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.130 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 5.57.17.220 43996 (BOOKING-B...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 2600:9000:210... 16509 (AMAZON-02)
31 16
1    81.17.18.197 (Zurich, Switzerland)

ASN51852 (PLI-AS, PA)
capitolonoe.com
2    3.224.214.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-214-180.compute-1.amazonaws.com
nizephoros-pom.com
1    35.157.49.161 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-49-161.eu-central-1.compute.amazonaws.com
cersday-conionard.com
1    173.236.180.201 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-goo.christopher.dreamhost.com
www.ilookyou.com
1    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    5.57.17.90 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: bstatic.com
aff.bstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.taboola.com
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    5.57.17.220 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: www.booking.com
www.booking.com
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
10    2600:9000:2104:ba00:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Domain Requested by
10 cf.bstatic.com www.booking.com
cf.bstatic.com
3 www.google-analytics.com www.ilookyou.com
www.google-analytics.com
3 bat.bing.com www.ilookyou.com
bat.bing.com
2 www.booking.com aff.bstatic.com
cf.bstatic.com
2 www.google.de www.ilookyou.com
2 www.google.com www.ilookyou.com
2 nizephoros-pom.com nizephoros-pom.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googleadservices.com www.googletagmanager.com
1 cdn.taboola.com www.ilookyou.com
1 aff.bstatic.com www.ilookyou.com
1 www.googletagmanager.com www.ilookyou.com
1 www.ilookyou.com nizephoros-pom.com
1 cersday-conionard.com 1 redirects
1 capitolonoe.com 1 redirects
31 16

This site contains no links.

Subject Issuer Validity Valid
www.ilookyou.com
R3		 2021-07-20 -
2021-10-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.bstatic.com
DigiCert ECC Secure Server CA		 2019-12-13 -
2021-12-17		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-07-06 -
2022-01-06		 6 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.booking.com
DigiCert ECC Secure Server CA		 2020-10-14 -
2021-10-18		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Frame ID: E982CBEF343FB061D5D9B06720342C45
Requests: 19 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Frame ID: 7549CED8204C95E34C0BC98A9BA674DE
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://capitolonoe.com/ HTTP 302
    http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef4... Page URL
  2. http://nizephoros-pom.com/zcredirect?visitid=1d3071d3-fdee-11eb-bf99-0a8179df49af&type=js&browserWidth... Page URL
  3. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%2... HTTP 302
    https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfih... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

31
Requests

94 %
HTTPS

56 %
IPv6

14
Domains

16
Subdomains

16
IPs

5
Countries

225 kB
Transfer

583 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capitolonoe.com/ HTTP 302
    http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f Page URL
  2. http://nizephoros-pom.com/zcredirect?visitid=1d3071d3-fdee-11eb-bf99-0a8179df49af&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
  3. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&caid=90e4431c-d634-4017-804b-8d60f8062e1c&zpid=1d3071d3-fdee-11eb-bf99-0a8179df49af&cid=wqsq068g67cfihp9iu200kgo&rt=R HTTP 302
    https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://capitolonoe.com/ HTTP 302
  • http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
72092e88-2c53-401c-b988-51ef43ce1034
nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/
Redirect Chain
  • http://capitolonoe.com/
  • http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f
1006 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f
Protocol
HTTP/1.1
Server
3.224.214.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-214-180.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
498f47eb4347355f19b1fa5b7ae673866ba3cd2413ac559befb07aa169dcfe0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
nizephoros-pom.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 15 Aug 2021 17:27:50 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server
ZeroPark-Traffic

Redirect headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
11
date
Sun, 15 Aug 2021 17:27:49 GMT
location
http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f
server
nginx
set-cookie
sid=1d2098b4-fdee-11eb-86ed-2cae009e5d74; path=/; domain=.capitolonoe.com; expires=Fri, 02 Sep 2089 20:41:57 GMT; max-age=2147483647; HttpOnly
zcredirect
nizephoros-pom.com/ 		774 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nizephoros-pom.com/zcredirect?visitid=1d3071d3-fdee-11eb-bf99-0a8179df49af&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Requested by
Host: nizephoros-pom.com
URL: http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f
Protocol
HTTP/1.1
Server
3.224.214.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-214-180.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
nizephoros-pom.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://nizephoros-pom.com/zcvisitor/1d3071d3-fdee-11eb-bf99-0a8179df49af/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=0f3c5d60-c23d-11eb-9e42-0aea8b85a94f

Response headers

Date
Sun, 15 Aug 2021 17:27:50 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected
JS
Server
ZeroPark-Traffic
Primary Request accommodations.php
www.ilookyou.com/
Redirect Chain
  • https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&caid=90e4431c-d634...
  • https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Requested by
Host: nizephoros-pom.com
URL: http://nizephoros-pom.com/zcredirect?visitid=1d3071d3-fdee-11eb-bf99-0a8179df49af&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.236.180.201 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-goo.christopher.dreamhost.com
Software
Apache /
Resource Hash
3ac26f6e4eabe7d8ca8180daf6587058928c3de1736da948cf1bf981a8e0392c

Request headers

:method
GET
:authority
www.ilookyou.com
:scheme
https
:path
/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://nizephoros-pom.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://nizephoros-pom.com/zcredirect?visitid=1d3071d3-fdee-11eb-bf99-0a8179df49af&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

date
Sun, 15 Aug 2021 17:27:51 GMT
server
Apache
cache-control
max-age=600
expires
Sun, 15 Aug 2021 17:37:51 GMT
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
2041
content-type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Sun, 15 Aug 2021 17:27:50 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Pragma
no-cache
Set-Cookie
90e4431c-d634-4017-804b-8d60f8062e1c-v4=90e4431c-d634-4017-804b-8d60f8062e1c; Max-Age=86400; Expires=Mon, 16-Aug-2021 17:27:50 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=H7r8btX6R9qyzCrxMoXcEpmdyeUK9U2aSEnDMzZ%2BXWjV1qTJzOBi3%2B%2BsnduMoWkVdj2WeFEilmBx%2B%2FX%2FmIiG6mpwLXqGIQtCOPaLcHh%2BuFN7RvMtYilR78Od2gq9Ym6Ixwtiu1azmUzQY1F4xpn2yA%3D%3D; Max-Age=31536000; Expires=Mon, 15-Aug-2022 17:27:50 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982840540
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b25f2184d926a8ae06571823e605117c31ce2a8795e489f5241dc93602d125e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 15 Aug 2021 17:27:51 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38995
x-xss-protection
0
last-modified
Sun, 15 Aug 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 15 Aug 2021 17:27:51 GMT
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1629048471471
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
bstatic.com
Software
nginx /
Resource Hash
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 15 Aug 2021 17:27:51 GMT
content-encoding
br
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-186e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
transfer-encoding
chunked
timing-allow-origin
*
nel
{"report_to":"default","max_age":600}
x-xss-protection
1; mode=block
expires
Tue, 14 Sep 2021 17:27:51 GMT
bat.js
bat.bing.com/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 15 Aug 2021 17:27:50 GMT
content-encoding
gzip
last-modified
Wed, 28 Jul 2021 18:27:37 GMT
x-msedge-ref
Ref A: CC48F29F74E84A0CA0215942383F0AC8 Ref B: FRAEDGE1308 Ref C: 2021-08-15T17:27:51Z
etag
"80f2963dde83d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9024
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 13 Jul 2021 18:24:06 GMT
server
Golfe2
age
850
date
Sun, 15 Aug 2021 17:13:41 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
expires
Sun, 15 Aug 2021 19:13:41 GMT
tfa.js
cdn.taboola.com/libtrc/unip/1315827/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1315827/tfa.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e6425351a7f8039ee01eeac6231d5a7e1c3e9498a7374032debaedb28d1656ea

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
plD9T0NhXgkGtd7vlhUecPwbz5fHgsrI
content-encoding
gzip
etag
"ca408fd90129347b020532133a733fd7"
age
88
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
24764
x-amz-id-2
PTtnuveiorMc2CUpF2XtxmUv2u3XADfIdDgRy4w2uB81PnXD84wnzTqPeGaSunwLbwwpXWzEqKM=
x-served-by
cache-fra19180-FRA
last-modified
Mon, 09 Aug 2021 10:18:53 GMT
server
AmazonS3
x-timer
S1629048472.622309,VS0,VE1
date
Sun, 15 Aug 2021 17:27:51 GMT
vary
Accept-Encoding
x-amz-request-id
E5S2945MR1KH71XV
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
64
x-cache-hits
1
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j92&a=286732897&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&dr=http%3A%2F%2Fnizephoros-pom.com%2F&ul=en-us&de=UTF-8&dt=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2079794055&gjid=1842281998&cid=57206936.1629048471&tid=UA-1048482-15&_gid=583427986.1629048471&_r=1&_slc=1&z=840835578
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
5280866.js
bat.bing.com/p/action/ 		0
93 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5280866.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 15 Aug 2021 17:27:51 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: 1B18A6459C324DB4BC387839524FCB2A Ref B: FRAEDGE1308 Ref C: 2021-08-15T17:27:51Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
117 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5280866&Ver=2&mid=fa5bc709-a160-47df-a8a0-5bb0f5346e17&sid=1e2b95a0fdee11eb82d5d1a1b72f59e5&vid=1e2bb2b0fdee11eba1eddfeaba5bb9c9&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&kw=Travel,%20Hotel,%20Hotels&p=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&r=http%3A%2F%2Fnizephoros-pom.com%2F&lt=746&evt=pageLoad&msclkid=N&sv=1&rn=6767
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 766252A9760D437DA7DC2115B98BBC50 Ref B: FRAEDGE1308 Ref C: 2021-08-15T17:27:51Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982840540
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 15 Aug 2021 17:27:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13981
x-xss-protection
0
server
cafe
etag
6132654052448080839
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 15 Aug 2021 17:27:51 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-1048482-15&cid=57206936.1629048471&jid=2079794055&gjid=1842281998&_gid=583427986.1629048471&_u=IEBAAEAAAAAAAC~&z=519741713
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 15 Aug 2021 17:27:51 GMT
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-1048482-15&cid=57206936.1629048471&jid=2079794055&_u=IEBAAEAAAAAAAC~&z=1695571755
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-1048482-15&cid=57206936.1629048471&jid=2079794055&_u=IEBAAEAAAAAAAC~&z=1695571755
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
flexiproduct.html
www.booking.com/ Frame 7549 		89 KB
36 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Requested by
Host: aff.bstatic.com
URL: https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1629048471471
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.220 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
www.booking.com
Software
nginx /
Resource Hash
918b33a8636f7c54cc6ca4f018be35e23d717b4c14d6ae1059b2a9df4ceddb6c
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.booking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.ilookyou.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.ilookyou.com/

Response headers

server
nginx
date
Sun, 15 Aug 2021 17:27:52 GMT
content-type
text/html; charset=UTF-8
content-length
35465
cache-control
private
vary
User-Agent, Accept-Encoding
content-encoding
br
nel
{"report_to":"default","max_age":604800}
report-to
{"group":"default","max_age":604800,"endpoints":[{"url":"https://nellie.booking.com/report"}]}
set-cookie
_pxhd=SeT96PRV0-4j1f8RXiZQy0KQh7xeAh4qEUvyaBZ6aNDMHh%2FkCQJFx29a6Ir6Ha%2FkNsXUREk5bCH2YT5qKVT3ng%3D%3D%3APGNCo2s3DbrgKQlJg5YYSpGhO4qQL1hfP6xZ-pUZ9VFQ5gf23uY8hFJGRxO0z90ybNWiSPnFpsrHv%2Fz1ru1TQA%2Fgbb1RgWpDiU6bxWDAjy8%3D; path=/; expires=Mon, 15-Aug-2022 17:27:51 GMT bkng=11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbof7CEiNviT9kxEbquU7uroSQaNWqOmObnywUXUa6LCJAIW%2F3ncAiwUtrb4k8VHxIylx5ErmaYrQ1IbZPDof3ie6DZprlT5OcgAwOJCKQ970wxB68YPRCThAbEKtTRBXITD9T7MzRs3frIdtmJe%2BX73jw9blFCswF; domain=.booking.com; path=/; expires=Fri, 14-Aug-2026 17:27:51 GMT; Secure; HTTPOnly; SameSite=None
strict-transport-security
max-age=604800
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/?random=1629048471768&cv=9&fst=1629048471768&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&ref=http%3A%2F%2Fnizephoros-pom.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98d0ce26b258140c308a4b68431c0e34928a1bc15575afc83e9abe8cdb7de95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1136
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/982840540/ 		42 B
67 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982840540/?random=1629048471768&cv=9&fst=1629046800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8b0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&ref=http%3A%2F%2Fnizephoros-pom.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=2457780706&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982840540/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982840540/?random=1629048471768&cv=9&fst=1629046800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa8b0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&ref=http%3A%2F%2Fnizephoros-pom.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=2457780706&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/accommodations.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wqsq068g67cfihp9iu200kgo
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 15 Aug 2021 17:27:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
82b674edb949dddf78e02d76e8593771bf2e85d5.css
cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/ Frame 7549 		1 KB
1013 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 22 Jul 2021 17:35:41 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
2073131
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 14:42:31 GMT
server
nginx
etag
W/"5eda59d7-51a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
xd56jKp9w43-McH2S2fqyg9IKtBJdW7F-rPrf_Ct6NgCwJXv80Qagw==
expires
Sat, 21 Aug 2021 17:35:41 GMT
f6d29e089da85314827d24b5e412d273b710cf84.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/ Frame 7549 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/f6d29e089da85314827d24b5e412d273b710cf84.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 08 Aug 2021 19:05:49 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
598923
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-2ae3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
AKh5HNftZbsk4plNb6JSoaugkpLhNtThUyB7YsgDcp857YfrDHJXuw==
expires
Tue, 07 Sep 2021 19:05:49 GMT
0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/ Frame 7549 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 12 Aug 2021 21:33:21 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
244471
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
W/"5cadd1af-32e1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
SaZ1tqDM1Bshp5CKygUJE3WBkCjjfXtvCgVbGBnmpbGTy29Gj3Uc7A==
expires
Sat, 11 Sep 2021 21:33:21 GMT
3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/ Frame 7549 		952 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 18:47:03 GMT
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
859249
x-cache
Hit from cloudfront
content-length
952
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
"5cadd1af-3b8"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ysODRhFqNcea0NQAo6jW2OOY1xWU1qwq2Wy5omvneLC0HlqQXFA01g==
expires
Sat, 04 Sep 2021 18:47:03 GMT
ebc3273565b5e682ccaf01872d2e046749306442.png
cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ Frame 7549 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ebc3273565b5e682ccaf01872d2e046749306442.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 21:41:48 GMT
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1021564
x-cache
Hit from cloudfront
content-length
2904
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-b58"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
QTIAW_bSXbjXLvrpToXc0R4tSQDdEu-KbFxMukHlvKbc5XVDzidz2g==
expires
Thu, 02 Sep 2021 21:41:48 GMT
0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/ Frame 7549 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 25 Jul 2021 20:10:12 GMT
via
1.1 83bc0649a33d85c1cf516bf48779a390.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1804660
x-cache
Hit from cloudfront
content-length
1230
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-4ce"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
gjVyjeKE7R4liRyPm8nJEmUU2NANeWtwXFpjVo58SS8owaGEgIVsjg==
expires
Tue, 24 Aug 2021 20:10:12 GMT
2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/ Frame 7549 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 11:29:53 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1058279
via
1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-1ecfc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
32PkERXp-P8oT3tv19OoUhnZkxuZN2WmcfINxQkIVnYQ8o5p1d-ZgQ==
expires
Thu, 02 Sep 2021 11:29:53 GMT
eb78197b2eee9a032c319d91a6e1c581e295f284.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/ Frame 7549 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/eb78197b2eee9a032c319d91a6e1c581e295f284.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 03 Aug 2021 22:36:56 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1018256
via
1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-84eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
evn7zpV5e07rML2Wss6jh-xn9bNLXuY-S-zz07AL137aLcRCYco53Q==
expires
Thu, 02 Sep 2021 22:36:56 GMT
a620a252f1d0110ab972e81348133431e8486098.js
cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/ Frame 7549 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/a620a252f1d0110ab972e81348133431e8486098.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 14:38:58 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
874134
via
1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-903"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
timing-allow-origin
*
x-amz-cf-id
Wvi-Bo0HdVuhsMB8IfMJuRIWbdGyoE6htXEIUTgDS4M0Hneq4HAEfA==
expires
Sat, 04 Sep 2021 14:38:58 GMT
750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
cf.bstatic.com/static/fonts/flexi/flexi/ Frame 7549 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/flexi/flexi/750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2104:ba00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 06 Aug 2021 22:36:36 GMT
via
1.1 e328b143eb69c36369a2def78300d502.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
759076
x-cache
Hit from cloudfront
content-length
7772
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:49 GMT
server
nginx
etag
"5cadd1cd-1e5c"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
AMS1-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
YAMDfB28R2a_NvVCgFWMR72TmRJvfPd6Al9Drm6HfJ1zB0aprVwKaw==
expires
Sun, 05 Sep 2021 22:36:36 GMT
fp_view
www.booking.com/affiliate/ Frame 7549 		12 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/affiliate/fp_view?aid=2181373&target_aid=2181373&product_type=nsb
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.220 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
www.booking.com
Software
nginx /
Resource Hash
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2181373&target_aid=2181373&fid=1629048471647&
X-Requested-With
XMLHttpRequest
X-Booking-CSRF
14YZYQAAAAA=8b9r_PkK6An3qPKd3TZL132Drmn-5ig9C4roo3lgTGwSBDAQOo-cs5DS-6J-STO2nsTd1bWK4kDngFOio4iYFCm_lQ8juLUni2FpQJHbxhwtFpHOwUVXUiCXAt8rfG1IdvK6lXEKv7uJlZi7adkTLR0tFmsvJrHbcui9V8sQicR8BaCbeAL605hGOZGfcMRqcp_cG7xdxW2dD3L4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 15 Aug 2021 17:27:52 GMT
x-content-options
nosniff
server
nginx
content-security-policy-report-only
frame-ancestors 'none'; report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=f48b7acc214d00fd&e=UmFuZG9tSVYkc2RlIyh9YV52yMgL4uFPlMiAwY3njElYT1489yT3-5YeKcQ9zFoacy8lYsc18iE&f=2&s=0;
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
strict-transport-security
max-age=604800
x-xss-protection
1; mode=block
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j92&a=286732897&t=timing&_s=2&dl=https%3A%2F%2Fwww.ilookyou.com%2Faccommodations.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwqsq068g67cfihp9iu200kgo&dr=http%3A%2F%2Fnizephoros-pom.com%2F&ul=en-us&de=UTF-8&dt=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=1443&pdt=0&dns=112&rrt=179&srt=141&tcp=305&dit=746&clt=746&_gst=745&_gbt=765&_cst=745&_cbt=793&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=57206936.1629048471&tid=UA-1048482-15&_gid=583427986.1629048471&z=1568189247
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 14 Aug 2021 22:16:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
69067
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| uetq string| GoogleAnalyticsObject function| ga object| _tfa object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| UET function| UET_init function| UET_push object| google_tag_manager function| _i_ function| _r_ object| BookingAff function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

7 Cookies

Domain/Path Name / Value
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbof7CEiNviT9kxEbquU7uroSQaNWqOmObnywUXUa6LCJAIW%2F3ncAiwUtrb4k8VHxIylx5ErmaYrQ1IbZPDof3ie6DZprlT5OcgAwOJCKQ970wxB68YPRCThAbEKtTRBXITD9T7MzRs3frIdtmJe%2BX73jw9blFCswF
.ilookyou.com/ Name: _gcl_au
Value: 1.1.1529915221.1629048472
.ilookyou.com/ Name: _gid
Value: GA1.2.583427986.1629048471
.ilookyou.com/ Name: _uetvid
Value: 1e2bb2b0fdee11eba1eddfeaba5bb9c9
.ilookyou.com/ Name: _gat
Value: 1
.ilookyou.com/ Name: _uetsid
Value: 1e2b95a0fdee11eb82d5d1a1b72f59e5
.ilookyou.com/ Name: _ga
Value: GA1.2.57206936.1629048471

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aff.bstatic.com
bat.bing.com
capitolonoe.com
cdn.taboola.com
cersday-conionard.com
cf.bstatic.com
googleads.g.doubleclick.net
nizephoros-pom.com
stats.g.doubleclick.net
www.booking.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.ilookyou.com
142.250.185.130
151.101.13.44
173.236.180.201
2600:9000:2104:ba00:1f:e2ee:200:93a1
2620:1ec:c11::200
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:812::2004
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:827::2008
2a00:1450:4001:827::200e
2a00:1450:400c:c07::9b
3.224.214.180
35.157.49.161
5.57.17.220
5.57.17.90
81.17.18.197
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
3ac26f6e4eabe7d8ca8180daf6587058928c3de1736da948cf1bf981a8e0392c
498f47eb4347355f19b1fa5b7ae673866ba3cd2413ac559befb07aa169dcfe0f
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
918b33a8636f7c54cc6ca4f018be35e23d717b4c14d6ae1059b2a9df4ceddb6c
98d0ce26b258140c308a4b68431c0e34928a1bc15575afc83e9abe8cdb7de95a
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b25f2184d926a8ae06571823e605117c31ce2a8795e489f5241dc93602d125e3
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6425351a7f8039ee01eeac6231d5a7e1c3e9498a7374032debaedb28d1656ea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7