urlscan.io logo urlscan.io
SecurityTrails logo

crypto.winco.biz Open in urlscan Pro
195.246.15.91  Public Scan

Go To Rescan Add Verdict Report
URL: http://crypto.winco.biz/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On December 08 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 195.246.15.91, located in Slovenia and belongs to PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI. The main domain is crypto.winco.biz.
This is the only time crypto.winco.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 195.246.15.91 6764 (PERFTECH-...)
1 2a00:1450:400... 15169 (GOOGLE)
1 6 2600:9000:225... 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
1 1 18.245.60.7 16509 (AMAZON-02)
1 18.245.60.68 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
12 6
2    195.246.15.91 (Slovenia)

ASN6764 (PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI)
PTR: web.winco.biz
crypto.winco.biz
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2600:9000:2251:9400:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
aff.bstatic.com
cf.bstatic.com
r.bstatic.com
2    2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    18.245.60.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-7.fra60.r.cloudfront.net
www.booking.com
1    18.245.60.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-68.fra60.r.cloudfront.net
www.booking.com
1    2600:9000:2251:d800:5:bf05:acc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Apex Domain
Subdomains		 Transfer
7 bstatic.com
aff.bstatic.com — Cisco Umbrella Rank: 62238
cf.bstatic.com — Cisco Umbrella Rank: 16074
r.bstatic.com — Cisco Umbrella Rank: 103423
57 KB
2 booking.com
www.booking.com — Cisco Umbrella Rank: 10037
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 winco.biz
crypto.winco.biz
8 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36
64 KB
12 5
Domain Requested by
3 r.bstatic.com cf.bstatic.com
2 cf.bstatic.com www.booking.com
2 www.booking.com 1 redirects aff.bstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 aff.bstatic.com 1 redirects crypto.winco.biz
2 crypto.winco.biz crypto.winco.biz
1 www.googletagmanager.com crypto.winco.biz
12 7

This site contains links to these domains. Also see Links.

Domain
www.booking.com
www.binance.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.booking.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-12 -
2024-05-18		 a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh

This page contains 2 frames:

Primary Page: http://crypto.winco.biz/
Frame ID: EE5E55711A5D591432A044EB8A3D243C
Requests: 6 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
Frame ID: 829B18B088AB7DE736594C9137C8FCE8
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Invest smart

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

12
Requests

75 %
HTTPS

57 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

151 kB
Transfer

303 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831 HTTP 301
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
Request Chain 5
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964& HTTP 301
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crypto.winco.biz/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
195.246.15.91 , Slovenia, ASN6764 (PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) / PHP/7.1.0
Resource Hash
6520f6970b30f6704f339582951eeade10e66710e99be043c2fdf220907780d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 08 Dec 2023 03:03:09 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.7 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.0
js
www.googletagmanager.com/gtag/ 		174 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
03a9ec6cfe469c7070e29eac80727d2fe3e7959f1a6dc96279c641e9c2921610
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Fri, 08 Dec 2023 03:03:09 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
64914
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 08 Dec 2023 03:03:09 GMT
etoro_logo.PNG
crypto.winco.biz/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://crypto.winco.biz/etoro_logo.PNG
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
195.246.15.91 , Slovenia, ASN6764 (PERFTECH-SLOVENIA-AS PERFTECHSI-AS, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
ec0ef6cad89424d3ed7009356ad28c4272d4b5dfa7f2000cca29b0e64a93adbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date
Fri, 08 Dec 2023 03:03:09 GMT
Last-Modified
Wed, 08 May 2019 14:36:33 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"1a7d-588614293ed92"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6781
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/
Redirect Chain
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Server
2600:9000:2251:9400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6f2c2164df92670e1f44b40c516e974340a0a4834b5a2b2156faf3f1c6fc0e90
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 09:45:17 GMT
content-encoding
br
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
1358272
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 13 Jun 2022 03:41:28 GMT
server
nginx
etag
W/"62a6b1e8-1849"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
I2ghjQQzIXvpJ9utuT2CzelV9BPBSprrGZBMeOAssrlWbbZ8Ot1oYA==
expires
Fri, 22 Dec 2023 09:45:17 GMT

Redirect headers

Date
Fri, 08 Dec 2023 03:03:09 GMT
Via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
Connection
keep-alive
Content-Length
167
X-Amz-Cf-Id
f9J5wwz5Idw53D1nsbgC-_qQ9YXDEmgth9eBJgdTgtB3EOiT1mR4Fg==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 08 Dec 2023 01:41:49 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4880
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 08 Dec 2023 03:41:49 GMT
collect
www.google-analytics.com/j/ 		1 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=751135279&t=pageview&_s=1&dl=http%3A%2F%2Fcrypto.winco.biz%2F&ul=en-us&de=UTF-8&dt=Invest%20smart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1165849925&gjid=1982376254&cid=2121034718.1702004590&tid=UA-1427188-1&_gid=1162608756.1702004590&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=2032421337
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://crypto.winco.biz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 Dec 2023 03:03:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://crypto.winco.biz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
flexiproduct.html
www.booking.com/ Frame 829B
Redirect Chain
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
Requested by
Host: aff.bstatic.com
URL: http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1702004589831
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-68.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
5bee58ea18746ee3937af84bd35a886cd0c676afde3c7ed07d909d8078e4a17f
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://crypto.winco.biz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
br
content-length
1110
content-type
text/html; charset=UTF-8
date
Fri, 08 Dec 2023 03:03:10 GMT
nel
{"report_to":"default","max_age":604800}
report-to
{"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":604800}
server
nginx
strict-transport-security
max-age=86400; includeSubDomains
vary
Accept-Encoding, User-Agent
via
1.1 14b30c40b56ef4c9699e1ca92d5cdc08.cloudfront.net (CloudFront)
x-amz-cf-id
lqk4yRFZ6I3XS58DbztdPv4VAqmVi68Y7TcPBW_E_x8dYcc7QjhiBg==
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Fri, 08 Dec 2023 03:03:09 GMT
Location
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
Server
CloudFront
Via
1.1 d147b4a7fe31d4e8683f7d8b15b71906.cloudfront.net (CloudFront)
X-Amz-Cf-Id
txNe2a6NlqqOb6wxdPn5LaSCAy5_vZk8CFxo712s9dO3rGnC9iff3Q==
X-Amz-Cf-Pop
FRA60-P5
X-Cache
Redirect from cloudfront
3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/ Frame 829B 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
258a405249df1898ae210d562b7a73457c378e5686bc45a66f2bf709bac59e3d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 14:14:10 GMT
content-encoding
br
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
737339
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 04 Aug 2022 14:40:51 GMT
server
nginx
etag
W/"62ebda73-1931"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
wGB6fzYEMh6CrxK2PqnOPlqupv78LKsL_EA6kbe04KANogs_XZVISQ==
expires
Fri, 29 Dec 2023 14:14:10 GMT
8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/ Frame 829B 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
76f0b5a18dc303c68602fb8f2c374cb22ebdfe2167e3dbbe0d7f534f1bd7f5c0
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:03:32 GMT
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
1357177
x-cache
Hit from cloudfront
content-length
21876
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-5574"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
tpsxAzk0qo8Da-FPKUEoTBEpEaVSv8-HtURXte69x_jaQsyqKESToA==
expires
Fri, 22 Dec 2023 10:03:32 GMT
0195055111ead85a393fabc53dd83aeb06040b75.svg
r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/ Frame 829B 		8 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/0195055111ead85a393fabc53dd83aeb06040b75.svg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
754da64c4a7344dc24cfd8a781b834e9c2251b8c0bd218c3b582f745e56f44e1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:03:25 GMT
content-encoding
br
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
1357184
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 08 Aug 2022 08:50:41 GMT
server
nginx
etag
W/"62f0ce61-2110"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
rUTL0ZXQvcW8Wj7qm53vODhU3s7XGh8N9pP-ATVE69h6j7rgX2n7SQ==
expires
Fri, 22 Dec 2023 10:03:25 GMT
5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/ Frame 829B 		450 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9400:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
630ff3f5e3fb3bc8d9f615285a6a9c7cbe291e4500f5db996293a58a65e0ee5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:07:09 GMT
via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
1356960
x-cache
Hit from cloudfront
content-length
450
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:47 GMT
server
nginx
etag
"5cadd1cb-1c2"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
wIttdtTzVjTiTvg6UIfFD7X9Cz9kTG2BowiJOiZcNZAwRErS9XmS8Q==
expires
Fri, 22 Dec 2023 10:07:09 GMT
beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/ Frame 829B 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1702004589964&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:d800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f06c5a5a26eed51ed7c0d94bd7bdb822cc503c1e619b463377c44e114e2ca5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 14:14:10 GMT
via
1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
737340
x-cache
Hit from cloudfront
content-length
24852
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-6114"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
FlCMg-iaO7creyrEsOwGBXrLuabI22twaQkZsDmjQ_HusFxSbMqo3Q==
expires
Fri, 29 Dec 2023 14:14:10 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| _i_ function| _r_ object| BookingAff

4 Cookies

Domain/Path Name / Value
.winco.biz/ Name: _ga
Value: GA1.2.2121034718.1702004590
.winco.biz/ Name: _gid
Value: GA1.2.1162608756.1702004590
.winco.biz/ Name: _gat_gtag_UA_1427188_1
Value: 1
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbwcLxQQ4VaCre6BZDz2zIX0HGoeCdhQDtSHW%2Fhn1OeB%2BEfYYE1D28RRXaTAX5Gg6GFI%2BWOZcYb98E1a%2F9rZRNjTT9OqnQJ6BS3W3lMD5OULKovECo7W7ly2%2BD6UMBuDnMjWKOYOxbPvMI7wwKBYbDGMh6NuojdVsd64333bq63Cw%3D