www.yourbooklngaccount.eu Open in urlscan Pro
92.204.55.179  Malicious Activity! Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.yourbooklngaccount.eu/	238 KB 66 KB	103ms 29ms	Document text/html	92.204.55.179 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.55.179 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS sh11003.ispgateway.de Software nginx / Resource Hash 42dfff219d9db1b780cbb35088565f4ab85c6ab250991007ef93d951edecd30e Request headers :method GET :authority www.yourbooklngaccount.eu :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Fri, 24 Sep 2021 08:01:44 GMT content-type text/html vary Accept-Encoding last-modified Fri, 24 Sep 2021 07:41:10 GMT etag W/"3b632-5ccb8defea97e" x-cache-status BYPASS content-encoding gzip
GET H/1.1	200 OK	error_catcher Show response account.booking.com/	35 KB 10 KB	98ms 42ms	Script application/x-javascript	5.57.17.14 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Full URL https://account.booking.com/error_catcher Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash a27a9d6ebb1e744b3dd4efa8daa71014b181136f5972c7f6df86cb1ebccd8ee2 Security Headers Name Value Content-Security-Policy report-uri https://reports.booking.com/csp_violation?type=block&tag=42&pid=0b693874f7b00823&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7W5gg2QJifVSjHCNZmaqv7O1nn2ZyUkaUvOGa3x4oiSA&f=0&s=0; frame-ancestors https://*.booking.com 'self'; Strict-Transport-Security max-age=17280000 X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers content-security-policy report-uri https://reports.booking.com/csp_violation?type=block&tag=42&pid=0b693874f7b00823&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7W5gg2QJifVSjHCNZmaqv7O1nn2ZyUkaUvOGa3x4oiSA&f=0&s=0; frame-ancestors https://*.booking.com 'self'; content-encoding gzip content-security-policy-report-only base-uri 'none'; object-src 'none'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-MlSIxhKHyjz46lT' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-MlSIxhKHyjz46lT'; default-src *.bstatic.com bstatic.com 'self'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-cloud.net 'self' 'report-sample'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; report-uri https://reports.booking.com/csp_violation?type=report&tag=41&pid=0b693874f7b00823&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7W5gg2QJifVSjHCNZmaqv7O1nn2ZyUkaUvOGa3x4oiSA&f=0&s=0; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; server nginx date Fri, 24 Sep 2021 08:01:44 GMT vary User-Agent, Accept-Encoding content-type application/x-javascript strict-transport-security max-age=17280000 content-length 8251 x-xss-protection 1; mode=block
GET H2	200	1_54c417365f9c78d2e52c.css q-cf.bstatic.com/psb/accountsportal/assets/	4 KB 2 KB	65ms 7ms	Stylesheet text/css	13.225.78.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/1_54c417365f9c78d2e52c.css Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-89.fra2.r.cloudfront.net Software nginx / Resource Hash 306ec713e4718000a61dcb9cf93eccffdac60301dfd0b18c85458c1d1d8a4438 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br nel {"report_to":"default","max_age":600} age 1786522 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront date Fri, 03 Sep 2021 15:46:22 GMT x-xss-protection 1; mode=block timing-allow-origin * access-control-allow-origin * x-amz-expiration expiry-date="Sat, 13 Feb 2021 11:42:36 GMT", rule-id="" last-modified Fri, 16 Oct 2020 11:42:36 GMT server nginx etag W/"2a1e77140f6a517377d70ca15074620a" vary Accept-Encoding report-to {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05} x-amz-meta-x-deployment-hash 2715f4572d8b388ba2647840f0995d635550eb11 via 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 content-type text/css x-amz-cf-id bIPbGXy8xNiFQSxw7XhupZMsW8FaITYgNGSj7aLb7oxXQxcw22etMQ== expires Sun, 03 Oct 2021 15:46:22 GMT
GET H2	200	3_0e8709c6c4f0dd09c7b9.css q-cf.bstatic.com/psb/accountsportal/assets/	123 KB 16 KB	69ms 10ms	Stylesheet text/css	13.225.78.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q-cf.bstatic.com/psb/accountsportal/assets/3_0e8709c6c4f0dd09c7b9.css Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-89.fra2.r.cloudfront.net Software nginx / Resource Hash ebb512fa493ec99ac118ab64e2b9ed6db02b2830e92855de9e4f1c94356d748e Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 07:41:36 GMT content-encoding br nel {"report_to":"default","max_age":600} age 1208 x-amz-server-side-encryption AES256 x-edge-origin-shield-skipped 0 x-amz-meta-x-deployment-hash 6bae0dfe672e29c5161062bf941b7a8004d472e7 x-cache Hit from cloudfront x-xss-protection 1; mode=block access-control-allow-origin * x-amz-expiration expiry-date="Tue, 23 Feb 2021 13:33:48 GMT", rule-id="" last-modified Mon, 26 Oct 2020 13:33:48 GMT server nginx etag W/"beadf900623aa4c7c90ca1cfc30008e3" vary Accept-Encoding report-to {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05} content-type text/css via 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront) cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id W0JE26VNiJWb1zr9o21sJxfxUveyoPcctjqRlLRiNxXSEwhVSUcq2Q== expires Sun, 24 Oct 2021 07:41:36 GMT
GET H2	200	otSDKStub.js Show response cdn.cookielaw.org/scripttemplates/	19 KB 7 KB	13ms 13ms	Script application/javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 BC5xsXKGgJbQbCzkLNvwBQ== age 1420789 vary Accept-Encoding content-length 6328 x-ms-lease-status unlocked last-modified Wed, 04 Aug 2021 01:49:58 GMT server cloudflare etag 0x8D956EA2A6E73F4 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript access-control-allow-origin * x-ms-request-id b8d637e9-f01e-012a-80bd-8bebf6000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8d8c3c5c92-FRA expires Fri, 24 Sep 2021 12:01:44 GMT
GET H/1.1	200 OK	asset.76f4cfe389ea593cf33909bbcedb7949.js Show response saa.booking.com/	39 KB 13 KB	1210ms 686ms	Script application/javascript	185.28.221.41 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Full URL https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.28.221.41 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash 950d7028921f91f48d3242b0eace0b1a0be2e3290714014a3025953c44facb32 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 08:01:45 GMT content-encoding gzip last-modified Mon, 30 Sep 2013 09:36:48 GMT server nginx etag 76f4cfe389ea593cf33909bbcedb7949 vary Accept-Encoding content-type application/javascript cache-control public, max-age=31536000 content-length 12485 x-xss-protection 1; mode=block expires Tue, 31 Dec 2030 23:30:45 GMT
GET H2	200	px.v5.3.7-latest.min.js Show response q.bstatic.com/libs/perimeterx/	152 KB 55 KB	112ms 12ms	Script application/javascript	13.225.78.89 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://q.bstatic.com/libs/perimeterx/px.v5.3.7-latest.min.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-89.fra2.r.cloudfront.net Software nginx / Resource Hash 520920b7d401fb0691eb7849c7ce5ee3d0ea66d7a9a457ec4e8885fd6536bb75 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 03 Sep 2021 07:37:29 GMT content-encoding br nel {"report_to":"default","max_age":600} age 1815855 via 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-xss-protection 1; mode=block last-modified Fri, 27 Aug 2021 03:59:58 GMT server nginx etag W/"6128633e-2616e" vary Accept-Encoding report-to {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05} content-type application/javascript access-control-allow-origin * cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 timing-allow-origin * x-amz-cf-id zfM-65CjUDb70Wk7TmsPlNoO2ZKIge3NYmbXGW_WYRvRNOR4I8NtUg== expires Sun, 03 Oct 2021 07:37:29 GMT
GET H2	200	location Show response geolocation.onetrust.com/cookieconsentpub/v1/geo/	193 B 398 B	38ms 19ms	Script text/javascript	104.20.184.68 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.20.184.68 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 60756645bbed6ad3cc3e8be0a057dff15132f22b5b60cbe14e48250980043653 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/javascript strict-transport-security max-age=31536000; includeSubDomains; preload cf-ray 693a7c8dc8a44dd6-FRA
GET H2	200	otBannerSdk.js Show response cdn.cookielaw.org/scripttemplates/6.5.0/	325 KB 68 KB	18ms 17ms	Script application/javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/6.5.0/otBannerSdk.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 AvbD4VHYe4H/QnyU6j8v5w== age 6098697 vary Accept-Encoding content-length 69711 x-ms-lease-status unlocked last-modified Thu, 27 Aug 2020 03:43:22 GMT server cloudflare etag 0x8D84A3B58DE8819 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript access-control-allow-origin * x-ms-request-id ab62d005-b01e-0066-32a2-796abc000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=691200 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8ddcdc5c92-FRA expires Sat, 02 Oct 2021 08:01:44 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	28ms 6ms	Script text/javascript	142.250.186.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f14.1e100.net Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 4184 date Fri, 24 Sep 2021 06:52:00 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Fri, 24 Sep 2021 08:52:00 GMT
GET H2	200	OtAutoBlock.js Show response cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/	4 KB 2 KB	35ms 17ms	Script application/x-javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/OtAutoBlock.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ecb4af69800f31647e5a9ae2e7a681772fca610940127678ded2a4b02a479049 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 TpwspOKpQ1h5lh9PHZnFHQ== age 4108247 vary Accept-Encoding content-length 1529 x-ms-lease-status unlocked last-modified Mon, 15 Mar 2021 09:46:07 GMT server cloudflare etag 0x8D8E797288566BA expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/x-javascript access-control-allow-origin * x-ms-request-id 660fffd5-a01e-00f1-4cbd-8b0975000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8d0b0f5c92-FRA
GET H/1.1	200 OK	cookie-banner.min.js Show response www.bstatic.com/libs/privacy-consent/1.0.0/partner/	593 B 1 KB	93ms 18ms	Script application/javascript	5.57.16.90 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Full URL https://www.bstatic.com/libs/privacy-consent/1.0.0/partner/cookie-banner.min.js Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.16.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS bstatic.com Software nginx / Resource Hash c900a864b1d5aadef7184740f11b3b5f4caa1ac6a407d7ea59a741a259e01fc4 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 08:01:44 GMT last-modified Fri, 10 Sep 2021 01:53:21 GMT server nginx etag "613aba91-251" nel {"report_to":"default","max_age":600} report-to {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05} content-type application/javascript access-control-allow-origin * cache-control max-age=2592000 accept-ranges bytes timing-allow-origin * content-length 593 x-xss-protection 1; mode=block expires Sun, 24 Oct 2021 08:01:44 GMT
GET H2	200	de.png q-xx.bstatic.com/backend_static/common/flags/new/48/	160 B 724 B	47ms 7ms	Image image/png	13.225.78.89 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://q-xx.bstatic.com/backend_static/common/flags/new/48/de.png Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.225.78.89 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-225-78-89.fra2.r.cloudfront.net Software nginx / Resource Hash bd7dcbfd9777096ad47b1c2cc4acb95019a9cec13b9d2eaa857ce040f6a28457 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 03 Sep 2021 20:39:32 GMT via 1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront) nel {"report_to":"default","max_age":600} age 1768932 x-cache Hit from cloudfront content-length 160 x-xss-protection 1; mode=block last-modified Mon, 07 Sep 2020 09:08:23 GMT server nginx etag "5f55f887-a0" report-to {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05} content-type image/png access-control-allow-origin * cache-control max-age=2592000 x-amz-cf-pop FRA2-C2 accept-ranges bytes timing-allow-origin * x-amz-cf-id _luYOxOShGssBQqTGIxUWikq8zv1W_bayyWH80H9SYe4RoBvXd1ndg== expires Sun, 03 Oct 2021 20:39:32 GMT
GET H/1.1	200 OK	analytics.js Show response saa.booking.com/	341 B 586 B	1225ms 553ms	Script application/javascript	185.28.221.41 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Full URL https://saa.booking.com/analytics.js?ca=accountsportal Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.28.221.41 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash b131e2ea2e503333041085f79726960b3186231b174d4522702328aacf9abb04 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers pragma no-cache date Fri, 24 Sep 2021 08:01:45 GMT server nginx content-type application/javascript cache-control no-cache, no-store, must-revalidate content-length 341 x-xss-protection 1; mode=block expires 0
GET H/1.1	200 OK	fvtrpw.gif account.booking.com/_/	35 B 2 KB	216ms 216ms	Image image/gif	5.57.17.14 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Show image Full URL https://account.booking.com/_/fvtrpw.gif Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39 Security Headers Name Value Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://reports.booking.com/csp_violation?type=block&tag=42&pid=0b69387462ac0268&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7npLkokQJlmI6bOPiw80JcHj0sjLyTzINkJS6mYUzFQA&f=0&s=0; Strict-Transport-Security max-age=17280000 X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 08:01:44 GMT server nginx content-security-policy-report-only img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; report-uri https://reports.booking.com/csp_violation?type=report&tag=41&pid=0b69387462ac0268&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7npLkokQJlmI6bOPiw80JcHj0sjLyTzINkJS6mYUzFQA&f=0&s=0; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; object-src 'none'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-xEG2BpLq3yGCLC0' 'report-sample'; base-uri 'none'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-xEG2BpLq3yGCLC0'; content-type image/gif content-disposition attachment; filename=etnht.gif transfer-encoding chunked content-security-policy frame-ancestors https://*.booking.com 'self'; report-uri https://reports.booking.com/csp_violation?type=block&tag=42&pid=0b69387462ac0268&e=UmFuZG9tSVYkc2RlIyh9YTVpYxb9mtJD3cReeqMXo_7npLkokQJlmI6bOPiw80JcHj0sjLyTzINkJS6mYUzFQA&f=0&s=0; strict-transport-security max-age=17280000 x-xss-protection 1; mode=block
GET H2	200	a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Show response cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/	5 KB 2 KB	139ms 125ms	XHR application/x-javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b850d8d886695722ea6f0c1866af33d5ba6943fa8290ff36f51c698c321177d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status MISS content-md5 yzb8Rszq59vd2lnVIAm6yQ== vary Accept-Encoding content-length 1604 x-ms-lease-status unlocked last-modified Mon, 15 Mar 2021 09:46:08 GMT server cloudflare etag 0x8D8E79728A37B73 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/x-javascript access-control-allow-origin * x-ms-request-id 46b0e8c0-d01e-0054-261a-b1326c000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8db94b9abc-FRA
POST H2	200	collector Show response collector-pxikkul2rm.px-cloud.net/api/v2/	852 B 1 KB	106ms 56ms	XHR application/json	35.186.220.184 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxikkul2rm.px-cloud.net/api/v2/collector Requested by Host: q.bstatic.com URL: https://q.bstatic.com/libs/perimeterx/px.v5.3.7-latest.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 184.220.186.35.bc.googleusercontent.com Software / Resource Hash 3ccca0c7b190ae6d38ae07b971ca1f9ae446530f1092e7b29c70d700880c0120 Request headers Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:43 GMT via 1.1 google access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://www.yourbooklngaccount.eu access-control-allow-credentials true timing-allow-origin * alt-svc clear content-length 852
GET H/1.1	200 OK	_etnht www.booking.com/	35 B 750 B	435ms 210ms	Image image/gif	185.28.222.11 BOOKING-BV Bookin...
General Check archive.org Show headers Download Go to Show image Full URL https://www.booking.com/_etnht?cpr=https&ch=www.yourbooklngaccount.eu&cpa=&ad=ad%2F Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 185.28.222.11 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL), Reverse DNS Software nginx / Resource Hash 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39 Security Headers Name Value Strict-Transport-Security max-age=604800 X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Fri, 24 Sep 2021 08:01:45 GMT content-security-policy-report-only report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=18083874dc320008&e=UmFuZG9tSVYkc2RlIyh9YVMFwLUCQ8zsS7x9ri8k8tceb2adUvja8X5XoOiNvNegKOx44q461-w&f=0&s=0; frame-ancestors 'none'; server nginx strict-transport-security max-age=604800 content-length 35 x-xss-protection 1; mode=block content-type image/gif
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 214 B	14ms 13ms	XHR text/plain	142.250.186.46 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1967682944&t=pageview&_s=1&dl=https%3Awww.yourbooklngaccount.eu%2F%3F&dp=%2F&dh=www.yourbooklngaccount.eu&ul=en-us&de=UTF-8&dt=Booking.com%20Account&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&cid=210725122.1632470505&tid=UA-6284728-4&_gid=960922666.1632470505&_slc=1&z=1017948538 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.46 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s04-in-f14.1e100.net Software Golfe2 / Resource Hash a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 24 Sep 2021 08:01:44 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.yourbooklngaccount.eu cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Show response cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/	5 KB 2 KB	33ms 33ms	XHR application/x-javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5b850d8d886695722ea6f0c1866af33d5ba6943fa8290ff36f51c698c321177d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 yzb8Rszq59vd2lnVIAm6yQ== age 0 vary Accept-Encoding content-length 1604 x-ms-lease-status unlocked last-modified Mon, 15 Mar 2021 09:46:08 GMT server cloudflare etag 0x8D8E79728A37B73 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/x-javascript access-control-allow-origin * x-ms-request-id 46b0e8c0-d01e-0054-261a-b1326c000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8e69699abc-FRA
GET H2	200	otBannerSdk.js Show response cdn.cookielaw.org/scripttemplates/6.13.0/	366 KB 81 KB	24ms 17ms	Script application/javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/scripttemplates/6.13.0/otBannerSdk.js Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 078981fc821f3cf39ab491128cca5f9e9f9aeda1987a4baf81ce5ddc3bbe860c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT content-md5 pY8Rr438h7Vb2adEFDW1VA== age 3751212 vary Accept-Encoding content-length 82575 x-ms-lease-status unlocked last-modified Thu, 28 Jan 2021 07:38:02 GMT server cloudflare etag 0x8D8C35FA49267C6 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript access-control-allow-origin * x-ms-request-id ceca3015-601e-016b-07fc-8ec3e5000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=691200 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8e9eb55c92-FRA expires Sat, 02 Oct 2021 08:01:44 GMT
POST H2	404	js_errors Show response www.yourbooklngaccount.eu/	196 B 275 B	23ms 15ms	XHR text/html	92.204.55.179 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://www.yourbooklngaccount.eu/js_errors Requested by Host: account.booking.com URL: https://account.booking.com/error_catcher Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.55.179 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS sh11003.ispgateway.de Software nginx / Resource Hash 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Request headers sec-fetch-mode cors origin https://www.yourbooklngaccount.eu accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest empty cookie _ga=GA1.2.210725122.1632470505; _gid=GA1.2.960922666.1632470505; _pxff_cc=U2FtZVNpdGU9TGF4Ow== content-length 459 :path /js_errors pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/x-www-form-urlencoded accept */* cache-control no-cache :authority www.yourbooklngaccount.eu referer https://www.yourbooklngaccount.eu/ :scheme https sec-fetch-site same-origin :method POST Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H2	200	de.json Show response cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/f8745995-04f8-44ca-a6ff-f90c2d275998/	32 KB 10 KB	145ms 145ms	Fetch application/x-javascript	104.16.148.64 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/f8745995-04f8-44ca-a6ff-f90c2d275998/de.json Requested by Host: cdn.cookielaw.org URL: https://cdn.cookielaw.org/scripttemplates/6.13.0/otBannerSdk.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.148.64 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e877c036b169280e03a9ba64e53c06833c4e3eb36625d555f93568fb09e4e7e7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status MISS content-md5 dBrerRBGb4nqysTTjkSsNg== vary Accept-Encoding content-length 10456 x-ms-lease-status unlocked last-modified Mon, 15 Mar 2021 09:46:20 GMT server cloudflare etag 0x8D8E79730366626 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/x-javascript access-control-allow-origin * x-ms-request-id 601519e1-c01e-00a5-461a-b1e3ff000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=14400 x-ms-version 2009-09-19 accept-ranges bytes cf-ray 693a7c8ee9829abc-FRA
POST H2	404	js_errors Show response www.yourbooklngaccount.eu/	196 B 275 B	17ms 17ms	XHR text/html	92.204.55.179 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://www.yourbooklngaccount.eu/js_errors Requested by Host: account.booking.com URL: https://account.booking.com/error_catcher Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.55.179 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS sh11003.ispgateway.de Software nginx / Resource Hash 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Request headers sec-fetch-mode cors origin https://www.yourbooklngaccount.eu accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest empty cookie _ga=GA1.2.210725122.1632470505; _gid=GA1.2.960922666.1632470505; _pxff_cc=U2FtZVNpdGU9TGF4Ow== content-length 459 :path /js_errors pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/x-www-form-urlencoded accept */* cache-control no-cache :authority www.yourbooklngaccount.eu referer https://www.yourbooklngaccount.eu/ :scheme https sec-fetch-site same-origin :method POST Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:44 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
POST H2	200	collector Show response collector-pxikkul2rm.px-cloud.net/api/v2/	621 B 685 B	52ms 52ms	XHR application/json	35.186.220.184 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://collector-pxikkul2rm.px-cloud.net/api/v2/collector Requested by Host: q.bstatic.com URL: https://q.bstatic.com/libs/perimeterx/px.v5.3.7-latest.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.220.184 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 184.220.186.35.bc.googleusercontent.com Software / Resource Hash ace13c9f88118ee0ab934c4a325036e6c14aa481e84094f23934293a0b79fc6b Request headers Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:44 GMT via 1.1 google access-control-allow-methods GET,HEAD,PUT,PATCH,POST,DELETE content-type application/json; charset=utf-8 access-control-allow-origin https://www.yourbooklngaccount.eu access-control-allow-credentials true timing-allow-origin * alt-svc clear content-length 621
GET		c.html saa.booking.com/ec/	0 0
GET		e.html saa.booking.com/ec/	0 0
POST H2	404	js_errors Show response www.yourbooklngaccount.eu/	196 B 275 B	17ms 17ms	XHR text/html	92.204.55.179 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://www.yourbooklngaccount.eu/js_errors Requested by Host: account.booking.com URL: https://account.booking.com/error_catcher Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.55.179 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS sh11003.ispgateway.de Software nginx / Resource Hash 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Request headers sec-fetch-mode cors origin https://www.yourbooklngaccount.eu accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest empty cookie _ga=GA1.2.210725122.1632470505; _gid=GA1.2.960922666.1632470505; _pxff_cc=U2FtZVNpdGU9TGF4Ow==; ecc=null; ece=null content-length 1726 :path /js_errors pragma no-cache user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/x-www-form-urlencoded accept */* cache-control no-cache :authority www.yourbooklngaccount.eu referer https://www.yourbooklngaccount.eu/ :scheme https sec-fetch-site same-origin :method POST Referer https://www.yourbooklngaccount.eu/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:45 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1
POST H2	404	navigation_times Show response www.yourbooklngaccount.eu/	196 B 275 B	16ms 16ms	XHR text/html	92.204.55.179 GD-EMEA-DC-SXB1
General Check archive.org Show headers Download Go to Full URL https://www.yourbooklngaccount.eu/navigation_times?sid=&pid=fb835c04206b0050&nts=0,0,1632470504332,0,0,0,0,1632470504332,1632470504333,1632470504387,1632470504387,1632470504407,1632470504396,1632470504407,1632470504436,1632470504445,1632470504438,1632470504649,1632470505788,1632470505788,1632470505838,1632470505838,1632470505838,0&first=&cdn=cf&dc=4&bo=3&lang=en-gb&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt= Requested by Host: www.yourbooklngaccount.eu URL: https://www.yourbooklngaccount.eu/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 92.204.55.179 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE), Reverse DNS sh11003.ispgateway.de Software nginx / Resource Hash 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880 Request headers sec-fetch-mode cors origin https://www.yourbooklngaccount.eu accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 sec-fetch-dest empty cookie _ga=GA1.2.210725122.1632470505; _gid=GA1.2.960922666.1632470505; _pxff_cc=U2FtZVNpdGU9TGF4Ow==; ecc=null; ece=null content-length 8 :path /navigation_times?sid=&pid=fb835c04206b0050&nts=0,0,1632470504332,0,0,0,0,1632470504332,1632470504333,1632470504387,1632470504387,1632470504407,1632470504396,1632470504407,1632470504436,1632470504445,1632470504438,1632470504649,1632470505788,1632470505788,1632470505838,1632470505838,1632470505838,0&first=&cdn=cf&dc=4&bo=3&lang=en-gb&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt= pragma no-cache x-booking-csrf user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 content-type application/x-www-form-urlencoded accept */* cache-control no-cache :authority www.yourbooklngaccount.eu referer https://www.yourbooklngaccount.eu/ :scheme https sec-fetch-site same-origin :method POST Accept-Language de-DE,de;q=0.9 Referer https://www.yourbooklngaccount.eu/ X-Booking-CSRF User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Fri, 24 Sep 2021 08:01:46 GMT content-encoding gzip server nginx vary Accept-Encoding content-type text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

saa.booking.com

URL

https://saa.booking.com/ec/c.html?name=ecid

Domain

saa.booking.com

URL

https://saa.booking.com/ec/e.html?name=ecid

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| E_ function| onBookingError object| booking object| booking_extra object| B object| $u object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| PXikKuL2RM object| PX undefined| _ikKuL2RMhandler object| params string| search_params string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| OptanonWrapper function| getDomainUUID function| jsonFeed object| otStubData object| Optanon object| OneTrust object| $jscomp function| docReady object| SAA string| _pxAppId string| _pxParam1

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.yourbooklngaccount.eu/	1970-01-20 14:59:02	Name: _ga Value: GA1.2.210725122.1632470505
			.yourbooklngaccount.eu/	1970-01-19 21:29:16	Name: _gid Value: GA1.2.960922666.1632470505
			www.yourbooklngaccount.eu/	1970-01-19 21:27:50	Name: _pxff_cc Value: U2FtZVNpdGU9TGF4Ow==
			www.yourbooklngaccount.eu/	1969-12-31 23:59:59	Name: ecc Value: tuhnqQ0d7BGpUZlUht58PgWK
			www.yourbooklngaccount.eu/	1969-12-31 23:59:59	Name: ece Value: tuhnqQ0d7BGpUZlUht58PgWK

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.yourbooklngaccount.eu/js_errors Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.yourbooklngaccount.eu/js_errors Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.yourbooklngaccount.eu/js_errors Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.yourbooklngaccount.eu/ Message: Access to XMLHttpRequest at 'https://saa.booking.com/ec/c.html?name=ecid' from origin 'https://www.yourbooklngaccount.eu' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://saa.booking.com/ec/c.html?name=ecid Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.yourbooklngaccount.eu/navigation_times?sid=&pid=fb835c04206b0050&nts=0,0,1632470504332,0,0,0,0,1632470504332,1632470504333,1632470504387,1632470504387,1632470504407,1632470504396,1632470504407,1632470504436,1632470504445,1632470504438,1632470504649,1632470505788,1632470505788,1632470505838,1632470505838,1632470505838,0&first=&cdn=cf&dc=4&bo=3&lang=en-gb&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt= Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.yourbooklngaccount.eu/ Message: Access to XMLHttpRequest at 'https://saa.booking.com/ec/e.html?name=ecid' from origin 'https://www.yourbooklngaccount.eu' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://saa.booking.com/ec/e.html?name=ecid Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.booking.com
cdn.cookielaw.org
collector-pxikkul2rm.px-cloud.net
geolocation.onetrust.com
q-cf.bstatic.com
q-xx.bstatic.com
q.bstatic.com
saa.booking.com
www.booking.com
www.bstatic.com
www.google-analytics.com
www.yourbooklngaccount.eu
saa.booking.com
104.16.148.64
104.20.184.68
13.225.78.89
142.250.186.46
185.28.221.41
185.28.222.11
35.186.220.184
5.57.16.90
5.57.17.14
92.204.55.179
078981fc821f3cf39ab491128cca5f9e9f9aeda1987a4baf81ce5ddc3bbe860c
0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616
306ec713e4718000a61dcb9cf93eccffdac60301dfd0b18c85458c1d1d8a4438
3ccca0c7b190ae6d38ae07b971ca1f9ae446530f1092e7b29c70d700880c0120
42dfff219d9db1b780cbb35088565f4ab85c6ab250991007ef93d951edecd30e
520920b7d401fb0691eb7849c7ce5ee3d0ea66d7a9a457ec4e8885fd6536bb75
5b850d8d886695722ea6f0c1866af33d5ba6943fa8290ff36f51c698c321177d
60756645bbed6ad3cc3e8be0a057dff15132f22b5b60cbe14e48250980043653
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
950d7028921f91f48d3242b0eace0b1a0be2e3290714014a3025953c44facb32
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a27a9d6ebb1e744b3dd4efa8daa71014b181136f5972c7f6df86cb1ebccd8ee2
ace13c9f88118ee0ab934c4a325036e6c14aa481e84094f23934293a0b79fc6b
b131e2ea2e503333041085f79726960b3186231b174d4522702328aacf9abb04
bd7dcbfd9777096ad47b1c2cc4acb95019a9cec13b9d2eaa857ce040f6a28457
c900a864b1d5aadef7184740f11b3b5f4caa1ac6a407d7ea59a741a259e01fc4
d139c3756ba4ea4e4672c12645de4977faa9ba7e0d550931d2086338fd72dfe9
e877c036b169280e03a9ba64e53c06833c4e3eb36625d555f93568fb09e4e7e7
ebb512fa493ec99ac118ab64e2b9ed6db02b2830e92855de9e4f1c94356d748e
ecb4af69800f31647e5a9ae2e7a681772fca610940127678ded2a4b02a479049
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62