bookings.omnihotels.com Open in urlscan Pro
34.120.61.157 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.em.omnihotels.com/?qs=964ace02ff584f6c604c7826d43eb9ff8a547a01154ef65294c08d590e3eff042b865793a80c83429f94f84673f7...
Effective URL:
https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_n...
Submission: On November 02 via api (November 2nd 2023, 5:23:49 pm UTC) from US — Scanned from DE

Summary HTTP 161 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 54 IPs in 4 countries across 41 domains to perform 161 HTTP transactions. The main IP is 34.120.61.157, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is bookings.omnihotels.com. The Cisco Umbrella rank of the primary domain is 254324.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 2nd 2022. Valid for: a year.

This is the only time bookings.omnihotels.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.234.80 13.111.234.80	14340 (SALESFORCE) (SALESFORCE)
1 46	34.120.61.157 34.120.61.157	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
7	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:8309	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	99.86.4.17 99.86.4.17	16509 (AMAZON-02) (AMAZON-02)
11	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.174.108 52.222.174.108	16509 (AMAZON-02) (AMAZON-02)
3	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
5	23.37.226.91 23.37.226.91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.53.43.34 23.53.43.34	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:480... 2a02:26f0:480:3::210:ee91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	99.86.116.119 99.86.116.119	16509 (AMAZON-02) (AMAZON-02)
3	107.178.244.119 107.178.244.119	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223d:8200:9:7c30:be80:21	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
6	192.132.33.67 192.132.33.67	18568 (BIDTELLECT) (BIDTELLECT)
2	2a02:26f0:480... 2a02:26f0:480:38f::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:780... 2a02:26f0:780::210:ca73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2.18.161.51 2.18.161.51	16625 (AKAMAI-AS) (AKAMAI-AS)
4	18.184.44.120 18.184.44.120	16509 (AMAZON-02) (AMAZON-02)
1	13.224.245.27 13.224.245.27	16509 (AMAZON-02) (AMAZON-02)
1	34.120.253.250 34.120.253.250	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 4	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2 3	185.89.210.244 185.89.210.244	29990 (ASN-APPNEX) (ASN-APPNEX)
3	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
2	35.168.25.202 35.168.25.202	14618 (AMAZON-AES) (AMAZON-AES)
2	34.196.226.59 34.196.226.59	14618 (AMAZON-AES) (AMAZON-AES)
3	18.66.112.126 18.66.112.126	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9c	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
3 3	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
6	34.98.72.95 34.98.72.95	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.164.52.121 18.164.52.121	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	88.221.110.80 88.221.110.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	151.101.192.84 151.101.192.84	54113 (FASTLY) (FASTLY)
1	2.19.100.4 2.19.100.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.149.14.182 34.149.14.182	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.107.212.52 34.107.212.52	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.203.69 34.102.203.69	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:1901:0:5... 2600:1901:0:56e0::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.111.8.32 34.111.8.32	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.193.48 34.102.193.48	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	18.210.88.137 18.210.88.137	14618 (AMAZON-AES) (AMAZON-AES)
3	3.208.85.172 3.208.85.172	14618 (AMAZON-AES) (AMAZON-AES)
161	54

1 13.111.234.80 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: click.em.omnihotels.com

click.em.omnihotels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 34.120.61.157 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 157.61.120.34.bc.googleusercontent.com

bookings.omnihotels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8309 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-17.fra6.r.cloudfront.net

pixel-library.pmg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.174.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-108.cdg50.r.cloudfront.net

schema.apolloplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.37.226.91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-37-226-91.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.53.43.34 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-43-34.deploy.static.akamaitechnologies.com

aa.trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:3::210:ee91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.116.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-116-119.lhr61.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.244.119 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:8200:9:7c30:be80:21 (United States)

ASN16509 (AMAZON-02, US)

d1n00d49gkbray.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.132.33.67 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 67.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:38f::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:ca73 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.161.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-161-51.deploy.static.akamaitechnologies.com

p.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.184.44.120 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-44-120.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.245.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-245-27.lhr62.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com

tag.wknd.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.38 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.244 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.168.25.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-25-202.compute-1.amazonaws.com

a7tglno5hj.execute-api.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.196.226.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-226-59.compute-1.amazonaws.com

514013529.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.112.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-126.fra56.r.cloudfront.net

cdn.apolloplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.226 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

fcmatch.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fcmatch.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com

assets.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.52.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-52-121.cdg50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.110.80 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a88-221-110-80.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.192.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.100.4 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-100-4.deploy.static.akamaitechnologies.com

t.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.14.182 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 182.14.149.34.bc.googleusercontent.com

data.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.212.52 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 52.212.107.34.bc.googleusercontent.com

page.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.203.69 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 69.203.102.34.bc.googleusercontent.com

view.cdnbasket.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:56e0:: (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

ids.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com

api.bounceexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.193.48 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 48.193.102.34.bc.googleusercontent.com

e.cdnwidget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.210.88.137 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-88-137.compute-1.amazonaws.com

tr2.smarterhq.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.208.85.172 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-85-172.compute-1.amazonaws.com

onsiteshq.smarterhq.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	omnihotels.com 2 redirects click.em.omnihotels.com — Cisco Umbrella Rank: 290318 bookings.omnihotels.com — Cisco Umbrella Rank: 254324	818 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 342	175 KB
9	doubleclick.net 7 redirects ad.doubleclick.net — Cisco Umbrella Rank: 154 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	3 KB
8	bttrack.com bttrack.com — Cisco Umbrella Rank: 826 cdn.bttrack.com — Cisco Umbrella Rank: 7581	8 KB
7	bounceexchange.com assets.bounceexchange.com — Cisco Umbrella Rank: 2091 api.bounceexchange.com — Cisco Umbrella Rank: 2503	129 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 506 p.typekit.net — Cisco Umbrella Rank: 621	84 KB
6	smarterhq.io tr2.smarterhq.io — Cisco Umbrella Rank: 13658 onsiteshq.smarterhq.io — Cisco Umbrella Rank: 54459	2 KB
6	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 105 region1.analytics.google.com — Cisco Umbrella Rank: 3040 fcmatch.google.com — Cisco Umbrella Rank: 4767 www.google.com — Cisco Umbrella Rank: 2	2 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 742	145 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2977	9 KB
4	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1610 insight.adsrvr.org — Cisco Umbrella Rank: 584 match.adsrvr.org — Cisco Umbrella Rank: 353	3 KB
4	apolloplatform.com schema.apolloplatform.com — Cisco Umbrella Rank: 55917 cdn.apolloplatform.com — Cisco Umbrella Rank: 70426	26 KB
3	cdnbasket.net data.cdnbasket.net — Cisco Umbrella Rank: 4377 page.cdnbasket.net — Cisco Umbrella Rank: 4382 view.cdnbasket.net — Cisco Umbrella Rank: 4384	1014 B
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 849	1 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 495 ib.adnxs.com — Cisco Umbrella Rank: 246	2 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 14376 www.google.de — Cisco Umbrella Rank: 6862	991 B
3	teads.tv p.teads.tv — Cisco Umbrella Rank: 5634 cm.teads.tv — Cisco Umbrella Rank: 4853 t.teads.tv — Cisco Umbrella Rank: 2845	8 KB
3	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 5796 pixel.sojern.com — Cisco Umbrella Rank: 8334	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 366	14 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	2 KB
2	cdnwidget.com ids.cdnwidget.com — Cisco Umbrella Rank: 3501 e.cdnwidget.com — Cisco Umbrella Rank: 13451	337 B
2	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377 px4.ads.linkedin.com — Cisco Umbrella Rank: 6003	1 KB
2	igodigital.com 514013529.collect.igodigital.com — Cisco Umbrella Rank: 214973 nova.collect.igodigital.com — Cisco Umbrella Rank: 6377	3 KB
2	amazonaws.com a7tglno5hj.execute-api.us-east-1.amazonaws.com — Cisco Umbrella Rank: 160228	272 B
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 727 script.hotjar.com — Cisco Umbrella Rank: 901	60 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 847	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	89 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 778	7 KB
2	gstatic.com fonts.gstatic.com	46 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	202 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	185 B
1	pangle-ads.com analytics.pangle-ads.com — Cisco Umbrella Rank: 2858	914 B
1	youtube.com fcmatch.youtube.com — Cisco Umbrella Rank: 4758	244 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 590	321 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1417	632 B
1	wknd.ai tag.wknd.ai — Cisco Umbrella Rank: 4420	4 KB
1	cloudfront.net d1n00d49gkbray.cloudfront.net	26 KB
1	trkn.us aa.trkn.us — Cisco Umbrella Rank: 33777	166 B
1	pmg.com pixel-library.pmg.com — Cisco Umbrella Rank: 20326	7 KB
1	fontawesome.com ka-f.fontawesome.com — Cisco Umbrella Rank: 2891	76 KB
161	41

	Domain	Requested by
46	bookings.omnihotels.com	1 redirects bookings.omnihotels.com
11	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org bookings.omnihotels.com
6	assets.bounceexchange.com	tag.wknd.ai assets.bounceexchange.com
6	bttrack.com	www.googletagmanager.com bookings.omnihotels.com cdn.bttrack.com bttrack.com
6	use.typekit.net	bookings.omnihotels.com use.typekit.net
5	analytics.tiktok.com	bookings.omnihotels.com analytics.tiktok.com
4	ad.doubleclick.net	4 redirects
4	tags.srv.stackadapt.com	bookings.omnihotels.com tags.srv.stackadapt.com
3	onsiteshq.smarterhq.io	d1n00d49gkbray.cloudfront.net
3	tr2.smarterhq.io	d1n00d49gkbray.cloudfront.net
3	ct.pinterest.com	s.pinimg.com bookings.omnihotels.com
3	cm.g.doubleclick.net	3 redirects
3	cdn.apolloplatform.com	schema.apolloplatform.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com bookings.omnihotels.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com bookings.omnihotels.com
3	fonts.googleapis.com	bookings.omnihotels.com
2	pixel.sojern.com	bookings.omnihotels.com
2	www.google.de	bookings.omnihotels.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	a7tglno5hj.execute-api.us-east-1.amazonaws.com	bookings.omnihotels.com
2	insight.adsrvr.org	bookings.omnihotels.com js.adsrvr.org
2	secure.adnxs.com	1 redirects bookings.omnihotels.com
2	adservice.google.com	1 redirects bookings.omnihotels.com
2	cdn.bttrack.com	www.googletagmanager.com
2	s.pinimg.com	bookings.omnihotels.com s.pinimg.com
2	connect.facebook.net	bookings.omnihotels.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	bookings.omnihotels.com www.googletagmanager.com
1	e.cdnwidget.com
1	api.bounceexchange.com	assets.bounceexchange.com
1	ids.cdnwidget.com	assets.bounceexchange.com
1	nova.collect.igodigital.com	bookings.omnihotels.com
1	view.cdnbasket.net	assets.bounceexchange.com
1	page.cdnbasket.net	assets.bounceexchange.com
1	data.cdnbasket.net	assets.bounceexchange.com
1	www.facebook.com	bookings.omnihotels.com
1	t.teads.tv	bookings.omnihotels.com
1	analytics.pangle-ads.com	analytics.tiktok.com
1	px4.ads.linkedin.com	bookings.omnihotels.com
1	px.ads.linkedin.com	1 redirects
1	cm.teads.tv	p.teads.tv
1	www.google.com	bookings.omnihotels.com
1	script.hotjar.com	static.hotjar.com
1	match.adsrvr.org	bookings.omnihotels.com
1	ib.adnxs.com	1 redirects
1	fcmatch.youtube.com	bookings.omnihotels.com
1	fcmatch.google.com	1 redirects
1	geolocation.onetrust.com	cdn.cookielaw.org
1	514013529.collect.igodigital.com	bookings.omnihotels.com
1	sp.analytics.yahoo.com	bookings.omnihotels.com
1	adservice.google.de	bookings.omnihotels.com
1	tag.wknd.ai	bookings.omnihotels.com
1	static.hotjar.com	bookings.omnihotels.com
1	p.teads.tv	www.googletagmanager.com
1	d1n00d49gkbray.cloudfront.net	bookings.omnihotels.com
1	beacon.sojern.com	bookings.omnihotels.com
1	js.adsrvr.org	www.googletagmanager.com
1	aa.trkn.us	bookings.omnihotels.com
1	schema.apolloplatform.com	www.googletagmanager.com
1	pixel-library.pmg.com	bookings.omnihotels.com
1	ka-f.fontawesome.com	bookings.omnihotels.com
1	p.typekit.net	use.typekit.net
1	click.em.omnihotels.com	1 redirects
161	65

This site contains links to these domains. Also see Links.

Domain
omnihotels.com
www.omnihotels.com
ssl.omnihotels.com
www.facebook.com
www.instagram.com
www.tiktok.com
www.pinterest.com
www.youtube.com
www.onetrust.com

Subject Issuer	Validity	Valid
bookings.omnihotels.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-02` - `2023-12-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2023-09-10` - `2023-12-09`	3 months	crt.sh
pmg.com Amazon RSA 2048 M02	`2023-03-10` - `2024-04-07`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
cdn.apolloplatform.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-21`	a year	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
cert1-prod.aut.a24365.net R3	`2023-10-30` - `2024-01-28`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-17` - `2024-02-17`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-12` - `2023-11-10`	3 months	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-04` - `2024-04-21`	a year	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-07` - `2024-08-07`	a year	crt.sh
cdn.bttrack.com R3	`2023-10-03` - `2024-01-01`	3 months	crt.sh
teads.tv R3	`2023-10-09` - `2024-01-07`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
tag.wknd.ai R3	`2023-09-21` - `2023-12-20`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-10-24` - `2024-04-17`	6 months	crt.sh
*.execute-api.us-east-1.amazonaws.com Amazon RSA 2048 M02	`2023-07-25` - `2024-08-21`	a year	crt.sh
*.collect.igodigital.com Amazon RSA 2048 M02	`2023-02-21` - `2024-01-13`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
assets.bounceexchange.com GTS CA 1D4	`2023-09-22` - `2023-12-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.pangle-ads.com RapidSSL TLS ECC CA G1	`2023-08-10` - `2024-09-09`	a year	crt.sh
data.cdnbasket.net GTS CA 1D4	`2023-09-14` - `2023-12-13`	3 months	crt.sh
page.cdnbasket.net GTS CA 1D4	`2023-09-16` - `2023-12-15`	3 months	crt.sh
view.cdnbasket.net GTS CA 1D4	`2023-09-22` - `2023-12-21`	3 months	crt.sh
ids.cdnwidget.com R3	`2023-09-14` - `2023-12-13`	3 months	crt.sh
*.wunderkind.co R3	`2023-10-07` - `2024-01-05`	3 months	crt.sh
e.cdnwidget.com R3	`2023-09-07` - `2023-12-06`	3 months	crt.sh
smarterhq.io Amazon RSA 2048 M03	`2023-08-19` - `2024-09-16`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Frame ID: 2D153EEDD200801B96F7545CC5B3D3FF
Requests: 157 HTTP requests in this frame

Frame: https://bttrack.com/Pixel/Conversion/15411/pmg_ohr_pageview
Frame ID: 1840AA3035CA6C08E37E1AA84278588B
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 2D78946F907373523B5D1E40DFF6556D
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 1443F6D8C8BE3967732B5B1DA167E522
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=yfvavnx&ref=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&upid=s2p53hs&upv=1.1.0
Frame ID: 359A38829A0CA3A1F55CF53FA8FFD3F2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Omni Hotels & Resorts | Luxury Hotels, Resorts and Vacation PackagesBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://click.em.omnihotels.com/?qs=964ace02ff584f6c604c7826d43eb9ff8a547a01154ef65294c08d590e3eff042b865793... HTTP 302
https://bookings.omnihotels.com/login/?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisu... HTTP 301
https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisur... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

161
Requests

96 %
HTTPS

41 %
IPv6

41
Domains

65
Subdomains

54
IPs

4
Countries

1992 kB
Transfer

6647 kB
Size

50
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://omnihotels.com/
Title: Home

Search URL Search Domain Scan URL

URL: https://omnihotels.com/destinations
Title: All Hotels & Resorts

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/loyalty

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/specials
Title: offers

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/culinary
Title: dining

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/destinations/golf
Title: golf

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/forms/contact-us
Title: contact us

Search URL Search Domain Scan URL

URL: https://ssl.omnihotels.com/Omni?Phoenix_state=clear&pagedst=RR2
Title: #My Reservation

Search URL Search Domain Scan URL

URL: https://ssl.omnihotels.com/Omni?Phoenix_state=clear&pagedst=RR
Title: #Select Guest

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/shop/gift-cards
Title: Gift Cards

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/media-center
Title: Media Center

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/travel-agents
Title: Travel Agents

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/about-omni-hotels
Title: About Omni Hotels

Search URL Search Domain Scan URL

URL: https://www.omnihotels.com/blog/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.facebook.com/omnihotels/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/omnihotels/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@omnihotels

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/omnihotels/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/omnihotels

Search URL Search Domain Scan URL

URL: https://omnihotels.com/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://omnihotels.com/omni-safe-and-clean
Title: Safe & Clean Program

Search URL Search Domain Scan URL

URL: https://omnihotels.com/site-map
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://omnihotels.com/terms-of-use
Title: Terms

Search URL Search Domain Scan URL

URL: https://omnihotels.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://omnihotels.com/forms/personal-data-request
Title: Do Not Share My Personal Data

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.em.omnihotels.com/?qs=964ace02ff584f6c604c7826d43eb9ff8a547a01154ef65294c08d590e3eff042b865793a80c83429f94f84673f779871fc17cecf5909d82 HTTP 302
https://bookings.omnihotels.com/login/?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email HTTP 301
https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 79

https://ad.doubleclick.net/ddm/activity/src=12702588;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495 HTTP 302
https://adservice.google.com/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495 HTTP 302
https://adservice.google.de/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495

Request Chain 81

https://secure.adnxs.com/px?id=1648638&seg=32474541&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1648638%26seg%3D32474541%26t%3D2

Request Chain 99

https://ad.doubleclick.net/ddm/activity/src=9197352;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID HTTP 302
https://ad.doubleclick.net/ddm/activity/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID HTTP 302
https://adservice.google.com/ddm/fls/z/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID

Request Chain 100

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668&google_tc= HTTP 302
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668&google_gid=CAESEEm-C_r6PCFfDlz9F02RBL0&google_cver=1

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern_adh HTTP 302
https://fcmatch.google.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M HTTP 302
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M

Request Chain 102

https://ib.adnxs.com/getuid?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b HTTP 302
https://pixel.sojern.com/idsync/apn?id=7919032877779125705&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b

Request Chain 118

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&e_ipv6=AQLeRT1EFnTTYQAAAYuRD-QqjYxFeZZ_JvlFKb9oNF3CUD0fiED3nky0NLg3WK5s

161 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
bookings.omnihotels.com/
Redirect Chain

https://click.em.omnihotels.com/?qs=964ace02ff584f6c604c7826d43eb9ff8a547a01154ef65294c08d590e3eff042b865793a80c83429f94f84673f779871fc17cecf5909d82
https://bookings.omnihotels.com/login/?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&ut...
https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm...

41 KB
8 KB

486ms
485ms

Document
text/html

34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

e781d0be05a643795f4669d99808e73e8eb8d87844c5b5f127de3cad38c7d2e0

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security	max-age=15638400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.omnihotels.com
access-control-max-age: 1000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, private
content-encoding: br
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-type: text/html; charset=UTF-8
date: Thu, 02 Nov 2023 17:23:38 GMT
referrer-policy: same-origin
server: ohb-web1
strict-transport-security: max-age=15638400
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.omnihotels.com
access-control-max-age: 1000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162
content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-type: text/html
date: Thu, 02 Nov 2023 17:23:37 GMT
location: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
referrer-policy: same-origin
server: ohb-web1
strict-transport-security: max-age=15638400
via: 1.1 google
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
940 B 100ms
0ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@300;400&display=swap

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2aae121cf9a9b26ee287538baa4e29455f490c98121a3ff1ef2f97d3c0579a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 17:18:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Nov 2023 17:23:38 GMT

GET
H3 200 jquery-ui.min.css
bookings.omnihotels.com/css/ 30 KB
7 KB 66ms
65ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/jquery-ui.min.css?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

cafe94ba60283d2f3973530b64b9b615585263b4cc08cc8687521fb892b75538

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7034
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-7851"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 bootstrap.min.css
bookings.omnihotels.com/css/ 141 KB
18 KB 42ms
37ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/bootstrap.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

f9f1ce2a9079ebe7445ff10ac12b8f049abc43c499f4978297ec5dd23283a2e5

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Wed, 01 Nov 2023 22:31:02 GMT
age: 67956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18163
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-235c0"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick.min.css
bookings.omnihotels.com/css/ 1 KB
422 B 43ms
38ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

50ec747afc45612c45573a7101ecf9adf6dee6e98c2620b22ee3f70144f9548e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 393
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-52f"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick-theme.min.css
bookings.omnihotels.com/css/ 4 KB
882 B 41ms
36ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick-theme.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

aa4bc789142ca61c2faae60acec10c04360e92f0995c4bc6d29b076e39d09e2c

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 853
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-e78"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 font-awesome.min.css
bookings.omnihotels.com/css/ 30 KB
7 KB 64ms
60ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/font-awesome.min.css?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6643
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:28:28 GMT
server: ohb-web1
etag: W/"643d032c-7918"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 datepicker.min.css
bookings.omnihotels.com/vuedatepicker/ 4 KB
1 KB 58ms
54ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/vuedatepicker/datepicker.min.css?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

a7888999fa80868a7f03f4afcc1ab6f9bc8cf16113794978fde1ba006c961ce8

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1140
pragma: public
referrer-policy: same-origin
last-modified: Mon, 24 Apr 2023 16:35:38 GMT
server: ohb-web1
etag: W/"6446afda-10ac"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 gsx0mqu.css
use.typekit.net/ 5 KB
1 KB 81ms
0ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/gsx0mqu.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

80b228f1ee2ce7d0b8f664750e36a5e42107efd3990e69d79cd1e6a9ea699817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 929

GET
H3 200 styles.css
bookings.omnihotels.com/css/scss/ 436 KB
49 KB 42ms
39ms Stylesheet
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

bb89fd7fbd72b6bfa70d976f4daf1fff0cb90ef511666aebb180fde5c0507d49

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50541
pragma: public
referrer-policy: same-origin
last-modified: Wed, 25 Oct 2023 15:29:48 GMT
server: ohb-web1
etag: W/"6539346c-6d083"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 jquery-3.6.1.min.js Show response
bookings.omnihotels.com/js/ 88 KB
29 KB 74ms
71ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/jquery-3.6.1.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30171
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-15e40"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick.min.js Show response
bookings.omnihotels.com/js/ 43 KB
10 KB 74ms
71ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/slick.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

4c53bd4fb46505b90b10e21b4c6e477a14abb0ed61eab0a7b44ee0c351de5b5a

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 07:31:50 GMT
age: 35508
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10035
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-aa39"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 omni-main.svg
bookings.omnihotels.com/images/logos/ 7 KB
2 KB 100ms
95ms Image
image/svg+xml 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/logos/omni-main.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

32984fcae927955ad21b22eba413e78d35b6f75613a52d1ff6cbf9c5c139d0ac

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 16:26:29 GMT
age: 3429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2378
referrer-policy: same-origin
last-modified: Tue, 27 Jun 2023 10:00:03 GMT
server: ohb-web1
etag: W/"649ab323-1a80"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/svg+xml
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 login.svg
bookings.omnihotels.com/images/icons/p3/ 358 B
252 B 100ms
95ms Image
image/svg+xml 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/icons/p3/login.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

e1faec96c5766cc5da452b7c0b8b078b32275ac7ad8dec805a8a25961a9b43df

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 08:00:05 GMT
age: 33813
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 224
referrer-policy: same-origin
last-modified: Tue, 27 Jun 2023 10:00:03 GMT
server: ohb-web1
etag: W/"649ab323-166"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/svg+xml
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 toggle-validation-classes.js Show response
bookings.omnihotels.com/js/form-scripts/ 2 KB
539 B 41ms
34ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/form-scripts/toggle-validation-classes.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

2780ede9598614a57b1265fbfbc739c2c36f0cb7656bb59aa86a08e8ca5a1b95

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 11:29:42 GMT
age: 21236
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 495
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-70b"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 password-reveal.js Show response
bookings.omnihotels.com/js/form-scripts/ 2 KB
468 B 40ms
34ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/form-scripts/password-reveal.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

1bcdc9e45f14a6d08116127ccc767b63a14bd35f7ccb9a747a5cbecb15efcada

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 11:29:41 GMT
age: 21237
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 424
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-615"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 sign-in-banner.png
bookings.omnihotels.com/images/ 220 KB
220 KB 27ms
20ms Image
image/png 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/sign-in-banner.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

3724d91d386a94f5f996109e99b924baa373c2baa4ef06f664a89a023241a251

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
via: 1.1 google
date: Wed, 01 Nov 2023 20:17:03 GMT
age: 75995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225256
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: "643d0373-36fe8"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/png
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 popper.min.js Show response
bookings.omnihotels.com/js/ 19 KB
6 KB 33ms
27ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/popper.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

625b022a42ed5d9c39911e42050f4fd9834ea039af978b7716f7800ade95eb55

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6614
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-4afd"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 lazyload.min.js Show response
bookings.omnihotels.com/js/ 6 KB
2 KB 22ms
17ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/lazyload.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

1cae0b9d70b27cc19083606d3249728c06e567271cef4692d9aa2e6f1e787f96

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2015
pragma: public
referrer-policy: same-origin
last-modified: Mon, 24 Apr 2023 16:35:38 GMT
server: ohb-web1
etag: W/"6446afda-164f"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 jquery-ui.min.js Show response
bookings.omnihotels.com/js/ 249 KB
61 KB 25ms
19ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/jquery-ui.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

c340313fbf7869da6c98fa2d5904983db6d7a1eb5bed7c114c98355eef779ec0

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62768
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-3e467"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 bootstrap.min.js Show response
bookings.omnihotels.com/js/ 50 KB
13 KB 16ms
10ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/bootstrap.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

8713b8c06dbd3b459163d11eef03ef255e09013d8b4bf89b840a5ea411a52753

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13292
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-c736"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 input-mask.min.js Show response
bookings.omnihotels.com/js/ 3 KB
1 KB 32ms
25ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/input-mask.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

591c6bf7ae2840dc3c4bb1da23a9ee7da4a783e78026eda46ce3fcee561422e9

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1148
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-c9d"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 p3core.js Show response
bookings.omnihotels.com/js/ 4 KB
1 KB 29ms
22ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/p3core.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

3091226afe64a0b859a804ab23e0cc8d1e42fd35d0364df8ac044707dce93c84

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1373
pragma: public
referrer-policy: same-origin
last-modified: Tue, 27 Jun 2023 10:00:03 GMT
server: ohb-web1
etag: W/"649ab323-11bc"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 bootstrap-multiselect.js Show response
bookings.omnihotels.com/js/ 67 KB
12 KB 32ms
25ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/bootstrap-multiselect.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

821e680e0e3aaf1443afd405e277a193550d50b434e4485b33dc0e7ab125c117

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12026
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-10d85"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 prefixfree.dynamic-dom.min.js Show response
bookings.omnihotels.com/js/ 1 KB
484 B 40ms
33ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/prefixfree.dynamic-dom.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

7338d5f6e4b935bdc48bea8235a4f3416bd9672dbeddb2320fa0bd27eb16f4ce

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 440
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-47f"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 prefixfree.jquery.js Show response
bookings.omnihotels.com/js/ 322 B
219 B 30ms
24ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/prefixfree.jquery.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

eb17223f872598e6ea9c6c9d29d6990983f3b89feb87118c008dbe4f4e67d7fe

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 179
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-142"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 prefixfree.min.js Show response
bookings.omnihotels.com/js/ 7 KB
3 KB 32ms
26ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

053ee9256952de1016a2fda2d0c73716a23eea78892a78ab3e9ff1766bb1be31

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2537
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-1a64"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 prefixfree.viewport-units.js Show response
bookings.omnihotels.com/js/ 2 KB
844 B 40ms
33ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/prefixfree.viewport-units.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

6078ac7c92005eb0259d8346c715dfb0063f439fbf7146f97b6089725021435e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 800
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-730"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 jquery.validate.min.js Show response
bookings.omnihotels.com/js/ 22 KB
7 KB 39ms
33ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/jquery.validate.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 03:29:57 GMT
age: 50021
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7033
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-58a0"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 custom.js Show response
bookings.omnihotels.com/js/ 17 KB
4 KB 37ms
31ms Script
application/javascript 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/js/custom.js?ca18aa5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

bbdebae3ff8331b2cef57db737c337e32d0cc1052c778818ba28b7d8223e82ed

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:12 GMT
age: 24506
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4089
pragma: public
referrer-policy: same-origin
last-modified: Thu, 03 Aug 2023 10:06:00 GMT
server: ohb-web1
etag: W/"64cb7c08-43c5"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 39ms
1ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=gsx0mqu&ht=tk&f=44870.44872.44873.44874.44875.45404.45407&a=137763107&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/gsx0mqu.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 424 KB
116 KB 153ms
102ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3d1eca0bd8f326fbbf73450c08f5e493c9702d4cc96c9a0fc3c477109092000

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 118418
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 16:35:08 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Nov 2023 17:23:38 GMT

GET
H3 200 icon-dropdown-arrow.svg
bookings.omnihotels.com/images/icons/p3/ 401 B
301 B 30ms
28ms Image
image/svg+xml 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/icons/p3/icon-dropdown-arrow.svg

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

abe92e0a271866d066c160619d758d8106cfba28bea8193b1fa5c6d87722702e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 08:54:29 GMT
age: 30549
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
referrer-policy: same-origin
last-modified: Wed, 19 Jul 2023 11:27:14 GMT
server: ohb-web1
etag: W/"64b7c892-191"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/svg+xml
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 loyalty-banner.jpg
bookings.omnihotels.com/images/ 184 KB
184 KB 30ms
28ms Image
image/jpeg 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/loyalty-banner.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

f25978162118aaa48b4d6ff7c554757680c288adb4dfeaaa179a5d2735e7061e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
via: 1.1 google
date: Wed, 01 Nov 2023 20:17:03 GMT
age: 75995
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187974
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: "643d0373-2de46"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/jpeg
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
24 KB 74ms
6ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 03:38:46 GMT
x-content-type-options: nosniff
age: 49492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:17:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Nov 2024 03:38:46 GMT

GET
H2 200 l
use.typekit.net/af/068d77/00000000000000007735e5a6/30/ 36 KB
37 KB 61ms
25ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/068d77/00000000000000007735e5a6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/gsx0mqu.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 570444a202b6f46379c7b1762efa20c1c90867fd1432bb6b13b9822ab9b12dc1

Request headers

Referer: https://use.typekit.net/gsx0mqu.css
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
etag: "0dc67e8fed9995f1ef95062d080f2222144121ec"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 37192

GET
H2 200 l
use.typekit.net/af/b65d74/00000000000000007735c62d/30/ 21 KB
21 KB 61ms
26ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/b65d74/00000000000000007735c62d/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/gsx0mqu.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: a334534614782c0e1ff21a6d9870e45372fd008677911a4195c517404b503443

Request headers

Referer: https://use.typekit.net/gsx0mqu.css
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
etag: "25dfbce677e3f0f86fc3cf6a56b2e1bfccf2796a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 21472

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 82ms
15ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 07:52:55 GMT
x-content-type-options: nosniff
age: 293443
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23236
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:08:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Oct 2024 07:52:55 GMT

GET
H2 200 free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 75 KB
76 KB 91ms
25ms Font
font/woff2 2606:4700:e2::ac40:8309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-brands-400.woff2
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5be0732ab1cc16692e165a7950810f0c772e400f6a2f63e1026a0b938016813

Request headers

Referer
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
via: 1.1 c24bf4c03d36f2d43fb38710581fa0e6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: AMS1-P2
age: 29452
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 76736
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
server: cloudflare
etag: "4f5ec865a8274ab291b6a42b5f70639e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FgIgjt8U7SiSk39bHUHIGj9%2Fjxk8EsDi0L7EgwSIPh4dLHa99mfs0D1SUZF9SjIwZdwpVYtZbu%2FARvsvzd8iiRe6aJ%2Fz6KNC4yz1toWMXETZVDMk8jGzKk2YlWjQsNUfQJwlYgjkvh%2B5lB9XcPCBnp8qYw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 81fe11061b2b1caa-AMS
access-control-allow-headers: fa-kit-token
x-amz-cf-id: wqfcrSf2PKRjcRrW6G9p03qJ2BIG1FhsMnJEu_3wkflH2RiuEWu3hg==

GET
H2 200 l
use.typekit.net/af/e74318/00000000000000007735c620/30/ 22 KB
22 KB 27ms
26ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e74318/00000000000000007735c620/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/gsx0mqu.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 522e7fe1c9a58bc6742ffc993f258039f8e466de5f696ec0357e06004cbcec28

Request headers

Referer: https://use.typekit.net/gsx0mqu.css
Origin: https://bookings.omnihotels.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
etag: "a9f3a1be5ba95f324a68c1fcee1fe99bdd5a72ec"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22716

GET
H3 200 css2 Show response
fonts.googleapis.com/ 1 KB
422 B 47ms
19ms XHR
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@300;400&display=swap

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2aae121cf9a9b26ee287538baa4e29455f490c98121a3ff1ef2f97d3c0579a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 16:55:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Nov 2023 17:23:38 GMT

GET
H3 200 jquery-ui.min.css Show response
bookings.omnihotels.com/css/ 30 KB
7 KB 22ms
22ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/jquery-ui.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

cafe94ba60283d2f3973530b64b9b615585263b4cc08cc8687521fb892b75538

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7034
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-7851"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 bootstrap.min.css Show response
bookings.omnihotels.com/css/ 141 KB
18 KB 23ms
23ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/bootstrap.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

f9f1ce2a9079ebe7445ff10ac12b8f049abc43c499f4978297ec5dd23283a2e5

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Wed, 01 Nov 2023 22:31:02 GMT
age: 67956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18163
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-235c0"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick.min.css Show response
bookings.omnihotels.com/css/ 1 KB
422 B 23ms
22ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

50ec747afc45612c45573a7101ecf9adf6dee6e98c2620b22ee3f70144f9548e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 393
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-52f"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick-theme.min.css Show response
bookings.omnihotels.com/css/ 4 KB
882 B 27ms
24ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick-theme.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

1a7a9dbf72f51b1231a1feee0639de747ae3c277f91cce3968790f514857b746

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 853
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-e78"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 font-awesome.min.css Show response
bookings.omnihotels.com/css/ 30 KB
7 KB 22ms
21ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/font-awesome.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6643
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:28:28 GMT
server: ohb-web1
etag: W/"643d032c-7918"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 datepicker.min.css Show response
bookings.omnihotels.com/vuedatepicker/ 4 KB
1 KB 21ms
20ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/vuedatepicker/datepicker.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

a7888999fa80868a7f03f4afcc1ab6f9bc8cf16113794978fde1ba006c961ce8

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1140
pragma: public
referrer-policy: same-origin
last-modified: Mon, 24 Apr 2023 16:35:38 GMT
server: ohb-web1
etag: W/"6446afda-10ac"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 gsx0mqu.css Show response
use.typekit.net/ 5 KB
1 KB 16ms
14ms XHR
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/gsx0mqu.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

80b228f1ee2ce7d0b8f664750e36a5e42107efd3990e69d79cd1e6a9ea699817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 929

GET
H3 200 styles.css Show response
bookings.omnihotels.com/css/scss/ 436 KB
49 KB 25ms
24ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

5de489881755911412d7d4cca9853837f9770527c54a3b8541f90d40b0a189ef

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50541
pragma: public
referrer-policy: same-origin
last-modified: Wed, 25 Oct 2023 15:29:48 GMT
server: ohb-web1
etag: W/"6539346c-6d083"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 eye.webp
bookings.omnihotels.com/images/icons/p3/ 416 B
457 B 26ms
25ms Image
image/webp 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bookings.omnihotels.com/images/icons/p3/eye.webp

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

e4019587a58b47600b0c345b48fd9f58af0d1f80ddeecdd67838bf30d72cb882

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
via: 1.1 google
date: Thu, 02 Nov 2023 15:33:53 GMT
age: 6585
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 416
referrer-policy: same-origin
last-modified: Wed, 26 Jul 2023 13:42:00 GMT
server: ohb-web1
etag: "64c122a8-1a0"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: image/webp
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
accept-ranges: bytes
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 css2 Show response
fonts.googleapis.com/ 1 KB
422 B 36ms
20ms XHR
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@300;400&display=swap

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2aae121cf9a9b26ee287538baa4e29455f490c98121a3ff1ef2f97d3c0579a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 17:19:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Nov 2023 17:23:38 GMT

GET
H3 200 jquery-ui.min.css Show response
bookings.omnihotels.com/css/ 30 KB
7 KB 23ms
15ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/jquery-ui.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

cafe94ba60283d2f3973530b64b9b615585263b4cc08cc8687521fb892b75538

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7034
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-7851"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 bootstrap.min.css Show response
bookings.omnihotels.com/css/ 141 KB
18 KB 22ms
13ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/bootstrap.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

f9f1ce2a9079ebe7445ff10ac12b8f049abc43c499f4978297ec5dd23283a2e5

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Wed, 01 Nov 2023 22:31:02 GMT
age: 67956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18163
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:38 GMT
server: ohb-web1
etag: W/"643d0372-235c0"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick.min.css Show response
bookings.omnihotels.com/css/ 1 KB
422 B 28ms
20ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

50ec747afc45612c45573a7101ecf9adf6dee6e98c2620b22ee3f70144f9548e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 393
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-52f"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 slick-theme.min.css Show response
bookings.omnihotels.com/css/ 4 KB
882 B 28ms
21ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/slick-theme.min.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

1a7a9dbf72f51b1231a1feee0639de747ae3c277f91cce3968790f514857b746

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 00:27:11 GMT
age: 60987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 853
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:29:39 GMT
server: ohb-web1
etag: W/"643d0373-e78"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 font-awesome.min.css Show response
bookings.omnihotels.com/css/ 30 KB
7 KB 27ms
20ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/font-awesome.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6643
pragma: public
referrer-policy: same-origin
last-modified: Mon, 17 Apr 2023 08:28:28 GMT
server: ohb-web1
etag: W/"643d032c-7918"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H3 200 datepicker.min.css Show response
bookings.omnihotels.com/vuedatepicker/ 4 KB
1 KB 25ms
19ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/vuedatepicker/datepicker.min.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

a7888999fa80868a7f03f4afcc1ab6f9bc8cf16113794978fde1ba006c961ce8

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1140
pragma: public
referrer-policy: same-origin
last-modified: Mon, 24 Apr 2023 16:35:38 GMT
server: ohb-web1
etag: W/"6446afda-10ac"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 gsx0mqu.css Show response
use.typekit.net/ 5 KB
1 KB 21ms
6ms XHR
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/gsx0mqu.css

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

80b228f1ee2ce7d0b8f664750e36a5e42107efd3990e69d79cd1e6a9ea699817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 02 Nov 2023 17:23:38 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 929

GET
H3 200 styles.css Show response
bookings.omnihotels.com/css/scss/ 436 KB
49 KB 19ms
15ms XHR
text/css 34.120.61.157
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://bookings.omnihotels.com/css/scss/styles.css?ca18aa5

Requested by

Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/js/prefixfree.min.js?ca18aa5

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.61.157 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

157.61.120.34.bc.googleusercontent.com

Software

ohb-web1 /

Resource Hash

5de489881755911412d7d4cca9853837f9770527c54a3b8541f90d40b0a189ef

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
content-encoding: br
via: 1.1 google
date: Thu, 02 Nov 2023 10:35:11 GMT
age: 24507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50541
pragma: public
referrer-policy: same-origin
last-modified: Wed, 25 Oct 2023 15:29:48 GMT
server: ohb-web1
etag: W/"6539346c-6d083"
access-control-max-age: 1000
access-control-allow-methods: GET, POST
content-type: text/css
access-control-allow-origin: https://www.omnihotels.com
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: max-age=3600,public
vary: Accept-Encoding
access-control-allow-headers: x-requested-with,Origin,Content-Type,Accept,Authorization,Client-security-token

GET
H2 200 alli-lib Show response
pixel-library.pmg.com/ 26 KB
7 KB 54ms
7ms Script
application/javascript 99.86.4.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-library.pmg.com/alli-lib
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-17.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e26115d5d30637c0bb28de8548e8dba25eee5be273cd7647c8e528d60a013240

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 16:52:04 GMT
content-encoding: gzip
via: 1.1 b0954612f115b3d0a0db0a669e45ae8e.cloudfront.net (CloudFront)
last-modified: Tue, 05 Sep 2023 19:37:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 1895
etag: W/"2acca1d0036b90667020ea6a806895fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: aTg6UmaxZbPxRdaiSx--ZciQdvMVqR6AfjRCs6OKbmgGLmp5MROtlA==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 56ms
28ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: R1P6TtSHAQZyvOSI/KawHw==
age: 84921
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Tue, 31 Oct 2023 06:38:09 GMT
server: cloudflare
etag: 0x8DBD9DBF28FEFC5
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: cb39ca16-001e-0062-7367-0cfba4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe1107afb618db-FRA

GET
H2 200 apolloDQ.js Show response
schema.apolloplatform.com/clientJS/ 79 KB
23 KB 201ms
30ms Script
application/javascript 52.222.174.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://schema.apolloplatform.com/clientJS/apolloDQ.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.174.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-174-108.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2cb34277a5434f95f67e8db342273633beb965b1e4151781e11145a76526437a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 03:02:43 GMT
content-encoding: gzip
via: 1.1 5330dca0fb4fc616e3711702aab777a8.cloudfront.net (CloudFront)
last-modified: Thu, 17 Mar 2022 17:53:38 GMT
server: AmazonS3
x-amz-cf-pop: CDG50-P2
age: 54788
etag: W/"50f83e3656b9a14af6c7186e53c14586"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jr7Nf4pNUn7kwJPzIVkdJLFjnmGzDY9AquIDzQP1gObeUC7hc_XvAg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 32ms
7ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 02 Nov 2023 15:49:42 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5636
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 02 Nov 2023 17:49:42 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 4 KB
2 KB 282ms
117ms Script
application/javascript 23.37.226.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHH59LBC77U6OCP0SEB0&lib=ttq
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.226.91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-37-226-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f6386536f99178b831c44b2fe7c5879c47526c2d4327a8d6dd142831a372ec7e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 3d7337b4
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-37-226-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=95
content-length: 1328
pragma: no-cache
server: nginx
x-tt-logid: 20231102172339F83CF107BB638B8595CC
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 96,23.37.226.87
x-tt-trace-host: 010faac29b59abee9e69370388057ad9936f11c228fca4eb69d90ac2ac887fbfe523641b9fc781ae9887fb60217dd84f565f806d5c7eba7ca46a68e8ae54ea0e3d09132c41fe3e67b8b4d12488d7cb5f1ce8a5dedf7bd559a7b9e9df2d45a441a7
expires: Thu, 02 Nov 2023 17:23:39 GMT

GET
H/1.1 204
No Content cs.js Show response
aa.trkn.us/1/e/ 0
166 B 264ms
14ms Script
text/plain 23.53.43.34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://aa.trkn.us/1/e/cs.js?cid=c013&evid=3c5e0548-25ae-4ed8-8b01-c4dba7a076f8&suu=1&dmn=bookings.omnihotels.com
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.43.34 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-43-34.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Thu, 02 Nov 2023 17:23:39 GMT
Cache-Control: private, max-age=3600
Connection: keep-alive
Expires: Thu, 02 Nov 2023 18:23:39 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
86 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BELGX2HEXN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

db7e371fd56e11797a1e85c60b1bc9f36a0c8e3577d0c5ffc8fc0f7792b00943

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87769
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 02 Nov 2023 17:23:38 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 191ms
19ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 02 Nov 2023 17:23:39 GMT
last-modified: Fri, 20 Oct 2023 01:13:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 12A043354C0D47DD9B4D8054AA37AA8E Ref B: FRA31EDGE0616 Ref C: 2023-11-02T17:23:39Z
etag: "0125f9ff22da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13079

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 167ms
0ms Script
application/javascript 2a02:26f0:480:3::210:ee91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:3::210:ee91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

672e173a1961506da81fd51463bb8b4aeacf8be4d484d02dca74b3e3a848ab7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 31 Oct 2023 08:37:21 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=37751
accept-ranges: bytes
content-length: 3840

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 150ms
20ms Script
application/x-javascript 99.86.116.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.116.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-116-119.lhr61.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Thu, 02 Nov 2023 04:38:09 GMT
Content-Encoding: gzip
Via: 1.1 368b317059d70e3ee45b9259c7201782.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Aug 2023 20:10:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: LHR61-C1
Age: 45932
x-amz-server-side-encryption: AES256
ETag: W/"b7474eac210849250426a8f6a39d00f3"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: 1HDnYdT56eYas6BSKlPjO--Jfp_7D3QMXM44PQI3VPyPCmmq5jRQrA==

GET
H2 200 193971 Show response
beacon.sojern.com/pixel/p/ 4 KB
978 B 155ms
5ms Script
application/javascript 107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.sojern.com/pixel/p/193971?f_v=v6_js&p_v=2&sha256_eml=&sha1_eml=&md5_eml=&ccid=&vid=hot&cid=
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: 03e15683e7a76ee5bf6322c65cb607c8b74bcef4968973891258e73605e3c2de

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 705

GET
H2 200 omni.js Show response
d1n00d49gkbray.cloudfront.net/js/ 76 KB
26 KB 147ms
0ms Script
application/javascript 2600:9000:223d:8200:9:7c30:be80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:8200:9:7c30:be80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d2c0e1aebf907b85c8790c7910529e00521037df698079cef17489cd7ff37a97

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-amz-version-id: UKgwtaOgohRi53SBv_KYuUM0SS730YAz
content-encoding: gzip
via: 1.1 122731c1a09cfba14dfeeff504946134.cloudfront.net (CloudFront)
date: Thu, 02 Nov 2023 05:01:17 GMT
last-modified: Wed, 03 Nov 2021 21:46:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 44543
x-amz-server-side-encryption: AES256
etag: W/"ba07639de361d72b2d682bae718f1dd7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-cf-id: j9JYex8Fhc4m2j73xotIChqFVVZ1SO4Vdyo56oodg2pt6dcs2y8wbw==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 146ms
0ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 02 Nov 2023 17:23:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 1CJTeDP761GwlAVKEkjaLOGNXyAAbkl/0JZ5HyxuqYYE0gVCmuYzfO6aAOt8lX0HbW8Y0IMGIRwLZj/nRjn7Pg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pmg_ohr_pageview Show response
bttrack.com/Pixel/Conversion/15411/ Frame 1840 105 B
244 B 433ms
197ms Document
text/html 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL

https://bttrack.com/Pixel/Conversion/15411/pmg_ohr_pageview

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

67.bidtellect.com

Software

Resource Hash

7b0d98e2112db70f60d00767b234787b407921197d2b515fc72ec0281417f5a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache
content-length: 105
content-type: text/html; charset=utf-8
date: Thu, 02 Nov 2023 17:22:43 GMT
expires: -1
pragma: no-cache
strict-transport-security: max-age=31536000;
x-servername: Track001-iad

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 4 KB
2 KB 166ms
7ms Script
application/javascript 2a02:26f0:480:38f::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:38f::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fc2560982cfff30fef02aa5d10e4766ff66e34d63c792063cbbbc2b6aedc2d6b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: br
x-cdn: akamai
etag: "fdaf6e0bf2ec044b14167cfb27fb4d9d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1785

GET
H2 200 44641 Show response
cdn.bttrack.com/universal/ 3 KB
3 KB 118ms
27ms Script
application/javascript 2a02:26f0:780::210:ca73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/universal/44641
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:ca73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 36ff8562b6eb7a71acaeb673fe704baefd260365cdd37c9e23bb73c82263b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: assets01-iad
date: Thu, 02 Nov 2023 17:23:39 GMT
cache-control: private, max-age=196
content-length: 2779
content-type: application/javascript; charset=utf-8

GET
H2 200 analytics.min.js Show response
cdn.bttrack.com/js/15411/analytics/1.0/ 599 B
716 B 102ms
43ms Script
text/javascript 2a02:26f0:780::210:ca73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/js/15411/analytics/1.0/analytics.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:ca73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cf83c170fc992166303ac5ee3ad9353ebeff4e41f0bf72f104cc843cc8958471

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: assets01-iad
date: Thu, 02 Nov 2023 17:23:39 GMT
cache-control: private, max-age=12686
content-length: 599
content-type: text/javascript; charset=utf-8

GET
H/1.1 200
OK teads-fellow.js Show response
p.teads.tv/ 19 KB
7 KB 88ms
10ms Script
application/javascript 2.18.161.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p.teads.tv/teads-fellow.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T9DN3NR
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-51.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 36ace6e4c38fc4c8a5904f8acd8359f20b14394d5f6177bde16607d10e0c1f7e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Thu, 02 Nov 2023 17:23:39 GMT
Content-Encoding: gzip
Last-Modified: Thu, 26 Oct 2023 12:54:16 GMT
Server: AmazonS3
x-amz-request-id: 1C20WK9A31SR6BJJ
ETag: "defce75bc9a27c30948c8dc044bb8873"
x-amz-server-side-encryption: AES256
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=276
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6208
x-amz-id-2: C3jufSQt7b+aMwzA5iFWYBRJvbcy6Kpaxi1X+fgecgt7irKqLWmgXyOuizTYYFA1+j46z8ygOfUg/mZbGISNXQ==

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 193ms
112ms Script
text/javascript 18.184.44.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.184.44.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-44-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c51ba9ba00ac523ea8abc8af077067befb6d31bd790fadc37d6066104bddf214

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 02 Nov 2023 17:23:39 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 hotjar-3621851.js Show response
static.hotjar.com/c/ 10 KB
4 KB 125ms
20ms Script
application/javascript 13.224.245.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3621851.js?sv=6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.245.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-245-27.lhr62.r.cloudfront.net

Software

Resource Hash

9b4989f0731a994a63b74e2f547ca53bc02666ae1af21da649b604a779e509e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 02 Nov 2023 17:23:28 GMT
via: 1.1 57f9250ef620b33bc5b87625f8d36f5e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR62-C3
age: 11
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/8d7562391a7aa2cb6f3ccf7ad22968ea
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: 2DsQduGcowH4oMEjVhO0MFO0VUluZoteFynv-l1wnWMzNBtAr_ZLIA==

GET
H2 200 i.js Show response
tag.wknd.ai/5615/ 11 KB
4 KB 90ms
10ms Script
text/plain 34.120.253.250
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.wknd.ai/5615/i.js
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 250.253.120.34.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: 99de5ea64d7b680badf430c6bf799e6186f53aad85bc5407f915f707178070a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:13:21 GMT
content-encoding: gzip
via: 1.1 google
age: 618
x-envoy-upstream-service-time: 0
x-region: us-central1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3722
server: istio-envoy
etag: 746d5903a6e06a
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=60
timing-allow-origin: *
link: <https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect

GET
H2

200

src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1
adservice.google.de/ddm/fls/p/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=12702588;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord...
https://ad.doubleclick.net/ddm/activity/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_c...
https://adservice.google.com/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_co...
https://adservice.google.de/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_con...

42 B
476 B

127ms
51ms

Image
image/gif

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.de/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495

Requested by

Protocol

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://adservice.google.de/ddm/fls/p/src=12702588;dc_pre=CNGvrrDqpYIDFR8PogMde88DJA;type=invmedia;cat=omnih0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1?gtmcb=439099495
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 1673
bttrack.com/pixel/retarget/ 0
0 270ms
198ms Image
text/html 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/retarget/1673
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 67.bidtellect.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1648638&seg=32474541&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1648638%26seg%3D32474541%26t%3D2

43 B
833 B

22ms
20ms

Image
image/gif

185.89.210.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1648638%26seg%3D32474541%26t%3D2

Requested by

Protocol

Server

185.89.210.244 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
an-x-request-uuid: 1bb5eb64-c02e-44f8-b596-92a0c2c13cac
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.39; 81.95.5.39; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
an-x-request-uuid: 88189267-24ae-4b0b-acfd-f9c4052df7d0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1648638%26seg%3D32474541%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.39; 81.95.5.39; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
149 B 143ms
33ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=hxkjicc&ct=0:zmh3z57&fmt=3
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ 43 B
632 B 131ms
35ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10193172&he={INSERT_MACRO_HERE}&auid={INSERT_MACRO_HERE}

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Thu, 02 Nov 2023 17:23:39 GMT

GET
H2 200 pixel
a7tglno5hj.execute-api.us-east-1.amazonaws.com// 43 B
135 B 383ms
148ms Image
image/gif 35.168.25.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a7tglno5hj.execute-api.us-east-1.amazonaws.com//pixel?pid=&event=init
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.168.25.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-168-25-202.compute-1.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-length: 43
apigw-requestid: Nx8sVgWvIAMEJsQ=
content-type: image/gif

GET
H2 200 1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b.json Show response
cdn.cookielaw.org/consent/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/ 4 KB
2 KB 85ms
40ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd6dff39209793a63ef029e04f3e2e31ea67c912fa1c34fa61793023566ab7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 30374
content-md5: a9yh+689i2Pf3wsw1ZuM3A==
content-length: 1488
x-ms-lease-status: unlocked
last-modified: Wed, 25 Oct 2023 15:41:23 GMT
server: cloudflare
etag: 0x8DBD570D7F65FEE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3c581b40-e01e-0037-4259-07eb2f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe11095ab79006-FRA
expires: Fri, 03 Nov 2023 17:23:39 GMT

GET
H2 200 collect.js Show response
514013529.collect.igodigital.com/ 8 KB
2 KB 393ms
102ms Script
application/javascript 34.196.226.59
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://514013529.collect.igodigital.com/collect.js
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.196.226.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-196-226-59.compute-1.amazonaws.com
Software: /
Resource Hash: 463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
last-modified: Wed, 01 Nov 2023 18:59:30 GMT
vary: Accept-Encoding
content-type: application/javascript

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 31ms
0ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=309403034&t=pageview&_s=1&dl=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&ul=en-us&de=UTF-8&dt=Omni%20Hotels%20%26%20Resorts%20%7C%20Luxury%20Hotels%2C%20Resorts%20and%20Vacation%20Packages&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAACAAI~&jid=511574543&gjid=928253814&cid=1410132769.1698945819&tid=UA-33986005-1&_gid=187871237.1698945819&_r=1&_slc=1&gtm=45He3au1n81T9DN3NRv813109288&gcd=11l1l1l1l1&z=893735849

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bookings.omnihotels.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 10ms
9ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=309403034&t=pageview&_s=1&dl=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&ul=en-us&de=UTF-8&dt=Omni%20Hotels%20%26%20Resorts%20%7C%20Luxury%20Hotels%2C%20Resorts%20and%20Vacation%20Packages&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAACAAI~&jid=&gjid=&cid=1410132769.1698945819&tid=UA-33986005-1&_gid=187871237.1698945819&gtm=45He3au1n81T9DN3NRv813109288&gcd=11l1l1l1l1&z=1107182685

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 11:55:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 19703
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
a7tglno5hj.execute-api.us-east-1.amazonaws.com// 43 B
137 B 362ms
130ms Image
image/gif 35.168.25.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a7tglno5hj.execute-api.us-east-1.amazonaws.com//pixel?pid=&event=PageView&eventID=1698945818910.288740.19&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.168.25.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-168-25-202.compute-1.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-length: 43
apigw-requestid: Nx8sVhZzoAMEJEQ=
content-type: image/gif

GET
H2 200 Page%20Load%20Started.json Show response
cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/ 1 KB
2 KB 99ms
20ms Fetch
application/octet-stream 18.66.112.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/Page%20Load%20Started.json
Requested by: Host: schema.apolloplatform.com
URL: https://schema.apolloplatform.com/clientJS/apolloDQ.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-126.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d8a99f7fa226be0d5bcc878f3ad41381727cb2d9dd9012c106e5cedff5e6a085

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 05:35:59 GMT
via: 1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 42461
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1272
last-modified: Wed, 26 Apr 2023 21:28:17 GMT
server: AmazonS3
etag: "8a562bbb55c47c263c38b93aebb70dc2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: Gz7I1pFlpi2pUt6ioaUhLtrsQxXaVozmkM0pKEobymT1IN7MeRKMYA==

GET
H2 200 User%20Detected.json Show response
cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/ 584 B
991 B 99ms
20ms Fetch
application/octet-stream 18.66.112.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/User%20Detected.json
Requested by: Host: schema.apolloplatform.com
URL: https://schema.apolloplatform.com/clientJS/apolloDQ.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-126.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c919ed7913ac55a25e3b84f3995d8fb60de863d9fd4116880d975c2620373323

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 18:21:40 GMT
via: 1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
last-modified: Wed, 26 Apr 2023 21:28:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 82920
x-amz-server-side-encryption: AES256
etag: "f41ff4a57b50f9eb1d3685d9c9778040"
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 584
x-amz-cf-id: 8hWXojm14UnzbbGRoY3e5WPL0eECBSYfILEz0WvC7-SdsdCkkRc3ew==

GET
H2 200 Page%20Load%20Completed.json Show response
cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/ 289 B
714 B 100ms
21ms Fetch
application/octet-stream 18.66.112.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.apolloplatform.com/app/bc866869-b4c9-4916-875d-d8fda445bb82/58b41a92-3880-4bc5-81b0-c32eb95726da/a72a26c6-14b5-46ac-9b9e-f8b8b7471f9f/Page%20Load%20Completed.json
Requested by: Host: schema.apolloplatform.com
URL: https://schema.apolloplatform.com/clientJS/apolloDQ.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-126.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2ab8f34de3ccd3634518dd9188b7ec7cf08e00190b5e56e6606ad3ed2c92b2dd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 08:49:45 GMT
via: 1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 30835
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 289
last-modified: Wed, 26 Apr 2023 21:28:17 GMT
server: AmazonS3
etag: "4856c2ac363ca2cca9a78021417898b6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: nZQ7V6qLeNaQeHHkpZdC-JN-nGwdlQ_yfQsJAQA8thsNbCsn7dxfXA==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 83 B
321 B 69ms
25ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 81fe110a29b765bb-FRA
access-control-allow-headers: Content-Type

POST
H2 204 collect
region1.analytics.google.com/g/ 0
250 B 104ms
6ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-BELGX2HEXN&gtm=45je3au1v892865381z8813109288&_p=309403034&_gaz=1&gcd=11l1l1l1l1&ul=en-US&cid=1410132769.1698945819&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&dl=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Fet_rid%3D60232176%26utm_term%3D%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&dp=%2Flogin&dt=Login&sid=1698945819&sct=1&seg=0&en=detect_user&_fv=1&_ss=1&ep.country=&ep.detailed_event=Page%20Load%20Completed&ep.name=User%20Sign%20In&ep.platform_version=Booking%20Engine&ep.site_section=booking%20engine&ep.weekday_or_weekend=weekday&ep.campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&ep.source=adhoc&ep.medium=email&ep.content=143522&up.custom_user_id=&up.loyalty_id=&up.user_login_state=logged%20out
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BELGX2HEXN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bookings.omnihotels.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 122ms
16ms Ping
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-BELGX2HEXN&cid=1410132769.1698945819&gtm=45je3au1v892865381z8813109288&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BELGX2HEXN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bookings.omnihotels.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 120ms
43ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BELGX2HEXN&cid=1410132769.1698945819&gtm=45je3au1v892865381z8813109288&aip=1&z=67703595

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
354 B 89ms
16ms XHR
text/plain 2a00:1450:400c:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-33986005-1&cid=1410132769.1698945819&jid=511574543&gjid=928253814&_gid=187871237.1698945819&_u=YGBACEAABAAAACAAI~&z=13542740

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bookings.omnihotels.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 47ms
0ms Script
application/x-javascript 2a02:26f0:480:3::210:ee91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:3::210:ee91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 15 Oct 2023 08:32:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=55423
accept-ranges: bytes
content-length: 3272

GET
H2

200

src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=9197352;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID
https://ad.doubleclick.net/ddm/activity/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID
https://adservice.google.com/ddm/fls/z/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID

42 B
118 B

73ms
44ms

Image
image/gif

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID

Requested by

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=9197352;dc_pre=CKuyurDqpYIDFSkPogMd82QO8A;type=track0;cat=omnih0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;npa=;ord=orderID
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

AdX
pixel.sojern.com/idSync/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzA...
https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzA...
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668&google_gid=CAESEEm-C_r6PCFfDlz9F02RBL0&google_cver=1

42 B
283 B

62ms
28ms

Image
image/gif

107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668&google_gid=CAESEEm-C_r6PCFfDlz9F02RBL0&google_cver=1
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
via: 1.1 google
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&sjrn_ula=786550668&google_gid=CAESEEm-C_r6PCFfDlz9F02RBL0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 412
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
fcmatch.youtube.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_hm=G_F6Is-PMmr3WIetS7FYsA&google_nid=sojern_adh
https://fcmatch.google.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M

170 B
244 B

61ms
17ms

Image
image/png

2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M

Requested by

Protocol

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo_x4ltTqnRGQp8o74qNen2is2JGu3A1jV2gU6bC1My6f3UE7wysb-Ug29vep3kCTVyGeWx8Ga6VhPSRL8e-qv8drrZyP9gJ0M1RXh8BZEp-YHg83M
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

apn
pixel.sojern.com/idsync/
Redirect Chain

https://ib.adnxs.com/getuid?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b
https://pixel.sojern.com/idsync/apn?id=7919032877779125705&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b

42 B
265 B

62ms
28ms

Image
image/gif

107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idsync/apn?id=7919032877779125705&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
via: 1.1 google
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
an-x-request-uuid: f8524acc-c598-4f7d-8ffe-910b99d39f43
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://pixel.sojern.com/idsync/apn?id=7919032877779125705&sjrn_id=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b
x-proxy-origin: 81.95.5.39; 81.95.5.39; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
148 B 79ms
44ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=Juoy8Kk5IDUPslDXjq77Y8-98y8VDRGvIhvNDOb3_-vR65fQSzAEf4KKVefqcx8b&ttd_tpi=1
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 main.MTVkMmViMGJhMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 396 KB
106 KB 71ms
24ms Script
application/javascript 23.37.226.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHH59LBC77U6OCP0SEB0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.226.91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-37-226-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a464fee66ea57dd78b38984a50638ac566587f765a12e5a0bb300ef1bafbcbc3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 3d733a56
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2023102413322717DA2DE7A4554ADF9F76
vary: Accept-Encoding
x-cache: TCP_HIT from a23-37-226-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0188c7013a449d46136182da5f6a42aeed61af98fb7f2dda3be3812016ef975413434d5c2a32bf36f29d037e41339a766abe07b430197795cd0e7734aff407aa142d1d891fe3252c08e5409e626c471fa6198643e1b47ae4bd14f710684a88e230
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length: 107967

GET
H2 200 main.a8feadcc.js Show response
s.pinimg.com/ct/lib/ 65 KB
19 KB 136ms
98ms Script
application/javascript 2a02:26f0:480:38f::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.a8feadcc.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:38f::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 399c9bc1b4d8f0f2da17159c0f26939bd202a1cc1425b88ce7e3d55ca49ab9c0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: br
x-cdn: akamai
etag: "87bccb74e0cdf939497ce76e1596bd38"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18897

GET
H2 200 210262292977069 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 162ms
159ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/210262292977069?v=2.9.138&r=stable&domain=bookings.omnihotels.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c81c70bc43ac044bb9d4efeafb806b8e39c3dfe2f8b9c52e47f5dae17f622f42

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 02 Nov 2023 17:23:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: k52PDiBGSfN2HBRe1LE5PhQXApqycMH9tX03islmDtzgi4/VG57IQGwA9nFzRBRn5ZBUq2KiuqnL5x26Rxnc9w==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 27003626.js Show response
bat.bing.com/p/action/ 0
118 B 39ms
35ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/27003626.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 02 Nov 2023 17:23:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 949965E8B42049FAB7DB0CDDA1AF1FCA Ref B: FRA31EDGE0616 Ref C: 2023-11-02T17:23:39Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 52ms
45ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=27003626&tm=gtm002&Ver=2&mid=a4b8a418-0d1e-42dd-98b7-d060dc39ca0f&sid=90176dd079a411eeb2323bddb0fc3ffd&vid=901781c079a411eea8d3015d12028e91&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Omni%20Hotels%20%26%20Resorts%20%7C%20Luxury%20Hotels,%20Resorts%20and%20Vacation%20Packages&p=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&r=&lt=1896&evt=pageLoad&sv=1&rn=129224

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 02 Nov 2023 17:23:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ECF786EDC3934179A9B6642F511597A0 Ref B: FRA31EDGE0616 Ref C: 2023-11-02T17:23:39Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/ 426 KB
103 KB 24ms
22ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 1/fYiRcAkidM+2Rc1fEXtg==
age: 83474
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 104832
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:14 GMT
server: cloudflare
etag: 0x8DBD5D490C850BD
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 8b05493b-801e-0043-4337-08dfdf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe110b6b9318db-FRA

GET
H2 200 js Show response
bttrack.com/engagement/ 10 KB
4 KB 110ms
110ms Script
text/javascript 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL

https://bttrack.com/engagement/js?goalId=15411&cb=1698945819424

Requested by

Host: cdn.bttrack.com
URL: https://cdn.bttrack.com/js/15411/analytics/1.0/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

67.bidtellect.com

Software

Resource Hash

88742cb6546237d30462295c004f0a9be28ed6165784e0a025497033dc9d5f10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: Track003-iad
pragma: no-cache
date: Thu, 02 Nov 2023 17:22:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
content-type: text/javascript; charset=utf-8
cache-control: private,no-cache
expires: -1

GET
H2 200 runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 3 KB
2 KB 107ms
24ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_8b30b4890203fd4144c54b9ffd765f5e.br.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/5615/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 15:24:16 GMT
content-encoding: br
age: 1303163
x-guploader-uploadid: ABPtcPoV7A_98p1Dfqe9sTqRYb9ALjlXBtnZCbj100xvlQJyZpC2BSz9hQuKKuzvZ5xQ7KgVZc_Hbq39u4NH37iufb-WYQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1317
last-modified: Tue, 17 Oct 2023 15:39:33 GMT
server: UploadServer
etag: "dbc90523c425a5d782995c1a39051881"
x-goog-generation: 1695050642582474
x-goog-hash: crc32c=Xs/EYg==, md5=28kFI8QlpdeCmVwaOQUYgQ==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 1317
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 modules.ff7668e49c0d149938c4.js Show response
script.hotjar.com/ 228 KB
56 KB 107ms
27ms Script
application/javascript 18.164.52.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.ff7668e49c0d149938c4.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3621851.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.52.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-52-121.cdg50.r.cloudfront.net

Software

Resource Hash

578e43aee443910dace37bedbf47d21002aed9c9241fb51009e2f034ac05a99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 11:43:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0df1e08a236a7f5d1f4f9f78bdb4bb82.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P4
age: 20433
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56551
last-modified: Thu, 02 Nov 2023 11:42:34 GMT
etag: "d1cd1c4ab472937b7602961ffcc8059d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Oi6aztKpk3MCZ9gMC-_MWW4R9VNpcDdrwSTOwTPFXe8N2RYKNGXPaA==

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 105ms
104ms Stylesheet
text/css 18.184.44.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.184.44.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-44-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bf140dc12f2ed8ec639a4476223803ca6ca9f808d8b9a975b214f6feaf252684

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 02 Nov 2023 17:23:39 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 145ms
106ms Fetch
image/jpeg 18.184.44.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.184.44.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-44-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 02 Nov 2023 17:23:39 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 117ms
35ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-33986005-1&cid=1410132769.1698945819&jid=511574543&_u=YGBACEAABAAAACAAI~&z=1013161239

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 66ms
57ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-33986005-1&cid=1410132769.1698945819&jid=511574543&_u=YGBACEAABAAAACAAI~&z=1013161239

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK advertiser Show response
cm.teads.tv/v2/ 137 B
861 B 117ms
36ms Fetch
application/json 2.18.161.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.teads.tv/v2/advertiser?referer=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&advertiser_id=31741
Requested by: Host: p.teads.tv
URL: https://p.teads.tv/teads-fellow.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.161.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-161-51.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 1c89052083e8c595be70effc2cf71710c134ad82d591593230e2ae13c9c8c4b9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Nov 2023 17:23:39 GMT
Observe-Browsing-Topics: ?1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://bookings.omnihotels.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Origin-Trial: A/ZN3JeVl863wk4gji5LwmyqD8tQETuBB/T7ruSp8OvPp/kIaJGhw4I8mpB3u4vvQoSH2zniTHlhvlBBOA1ZbAkAAAB+eyJvcmlnaW4iOiJodHRwczovL3RlYWRzLnR2OjQ0MyIsImZlYXR1cmUiOiJQcml2YWN5U2FuZGJveEFkc0FQSXMiLCJleHBpcnkiOjE2OTUxNjc5OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
Connection: keep-alive
Content-Length: 137
Expires: Thu, 02 Nov 2023 17:23:39 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-oh...

0
267 B

206ms
158ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&e_ipv6=AQLeRT1EFnTTYQAAAYuRD-QqjYxFeZZ_JvlFKb9oNF3CUD0fiED3nky0NLg3WK5s
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F38FD30CC20C42FFAC4C0520CB71B657 Ref B: DUS30EDGE0411 Ref C: 2023-11-02T17:23:39Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJLqYWsglvF8jMOI69KA==

Redirect headers

date: Thu, 02 Nov 2023 17:23:38 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6C302C641602421892B03852269EFC0B Ref B: DUS30EDGE0422 Ref C: 2023-11-02T17:23:39Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3868034&time=1698945819505&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&e_ipv6=AQLeRT1EFnTTYQAAAYuRD-QqjYxFeZZ_JvlFKb9oNF3CUD0fiED3nky0NLg3WK5s
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYJLqYTHM/oAG0R+WevsQ==

GET
H2 200 identify_72059.js Show response
analytics.tiktok.com/i18n/pixel/static/ 134 KB
36 KB 25ms
13ms Script
application/javascript 23.37.226.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_72059.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.226.91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-37-226-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 70242b7559c38404934267e32fa95b7ab11a7f1f8ec793c34b96e84aed7a42b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-akamai-request-id: 3d733b79
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202310241332098F801DC58C02C336A111
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-37-226-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01b4140947afc16e218ac160c025318f3b87ed6131af8a6623082c6fe882c8d2d2b70839be9d8cb73990ffeb68b2fb2aee0f5b8efce597edf8ff8464da45719c777770acf5e13bb7f776daa1e6109f20ccd94eaaa53aa2a4bb86ca32ca7785497e
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 36067

POST
H2 200 pangle_pixel
analytics.pangle-ads.com/api/v2/ 0
914 B 713ms
533ms Ping
text/plain 88.221.110.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 88.221.110.80 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a88-221-110-80.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 3b6867c6.1a98fd8a
date: Thu, 02 Nov 2023 17:23:40 GMT
x-bytefaas-request-id: 20231102172340F2C5805961119EFE0EDD
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a88-221-110-76.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51934483) (-)
x-parent-response-time: 110,88.221.110.76
server-timing: cdn-cache; desc=MISS, edge; dur=188, origin; dur=6, inner; dur=4
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231102172340F2C5805961119EFE0EDD
x-cache-remote: TCP_MISS from a23-218-219-29.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51934483) (-)
access-control-max-age: 86400
access-control-allow-methods: *
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
x-bytefaas-execution-duration: 3.02
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 01768ba67864575a0c1f9f6eee82962e97ac7b545d99a8c1eaab05ce6996304aa52e0a308370e56303e80c55431aa370ebd0dee177b1f6650b14366a92bc07381b7bdbcfc7afe52d91aadec9fa64633e0178fd16246aa5d42a696ee8c77ef367100497c39c1d51258f0e8d21610d7e8144
x-origin-response-time: 6,23.218.219.29
access-control-allow-headers: *
expires: Thu, 02 Nov 2023 17:23:40 GMT

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
790 B 160ms
160ms Ping
text/plain 23.37.226.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.226.91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-37-226-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 26d72ea1.3d733bf0
date: Thu, 02 Nov 2023 17:23:39 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-37-226-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
x-parent-response-time: 140,23.37.226.87
server-timing: cdn-cache; desc=MISS, edge; dur=90, origin; dur=57, inner; dur=47
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202311021723390B37A17DA90531F7DB85
x-cache-remote: TCP_MISS from a23-44-202-60.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 57,23.44.202.60
x-tt-trace-host: 010faac29b59abee9e69370388057ad99314024dd6eea94cce16c935e10910e44d347429383bc55e1d5e8719a0e87ba36bc62f9564caed6f2b09cd79432083f7020ee3f92dd5803865376fc5c408c9e0861261f4ab9388bd0b5081edd2edcd49587179c87708c45c88a7d87ad947ee0361
access-control-allow-headers: Authorization,*
expires: Thu, 02 Nov 2023 17:23:39 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/ac28045b-6313-4aae-ae01-51ef06f8f87f/ 118 KB
23 KB 31ms
23ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/ac28045b-6313-4aae-ae01-51ef06f8f87f/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13cae1df1d163ed372cef2db31c13865a81dc02df69f58b674b108cad13e5a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3429
content-md5: OTxsGxJeo/UtKY3vUN14zg==
content-length: 23837
x-ms-lease-status: unlocked
last-modified: Wed, 25 Oct 2023 15:41:33 GMT
server: cloudflare
etag: 0x8DBD570DDBB5946
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2e147a31-501e-00a4-2359-073025000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe110cfdeb9006-FRA
expires: Fri, 03 Nov 2023 17:23:39 GMT

GET
H2 200 / Show response
ct.pinterest.com/user/ 298 B
623 B 116ms
40ms XHR
application/json 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2613054820814&cb=1698945819692&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.a8feadcc.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 566440671e0d40ae57027569da3bf5fc051a0d37cbfb16c579b8c48ccfac499e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 0
alt-svc: h3=":443";ma=600
x-pinterest-rid: 6547604305053017
content-length: 173
pin-unauth: dWlkPU5ESTRZbUV6TlRNdE5UQXhZeTAwWXpaakxXRmpNelV0TUdVMVpUTTNaVEV6WTJVeQ
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://bookings.omnihotels.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: d5e81ee886163611a3e8f7face49fee6e4fb67ca
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 451 KB
101 KB 24ms
18ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/5615/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9a93b8c29b96268395bea9ba2c83dbcc5a0a288931298ef7563e25ccb5a19abf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 16:47:21 GMT
content-encoding: br
age: 88578
x-guploader-uploadid: ABPtcPoGPJWtLkeKtCWZ_9B-1ZyDCWYfY55dySWYZy4fA9GAXIuEY9rP7hPEFl6Yf3RnwXC2uAaKxbnX-kQ9pFFvDvvEhg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103041
last-modified: Wed, 01 Nov 2023 16:47:09 GMT
server: UploadServer
etag: "e213c55d97bab568f58fe1d70b5a1c44"
x-goog-generation: 1698857229777081
x-goog-hash: crc32c=cKxbhw==, md5=4hPFXZe6tWj1j+HXC1ocRA==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 103041
accept-ranges: bytes
content-type: text/javascript

GET
H2 200 cjs_min_e56025bf788e01599545a68c3c69921e.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 48 KB
15 KB 29ms
25ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_e56025bf788e01599545a68c3c69921e.js
Requested by: Host: tag.wknd.ai
URL: https://tag.wknd.ai/5615/i.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ab972f6a39ea0cc174d842ee8e05040126ae6ff7a9cb1ba71832891f65b777c9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Mon, 30 Oct 2023 15:16:39 GMT
content-encoding: gzip
age: 266820
x-guploader-uploadid: ABPtcPotyywmCVnoTJphb1bQWwVLxuxGZPvAZzW6TjwIHtJNOz3lf8E6NCdLH1trXwc0_SDI2eE5zllt7OrLT6zIkwo_wkuR1zJU
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15456
last-modified: Mon, 30 Oct 2023 15:16:33 GMT
server: UploadServer
etag: "26c0a67ac86badefc2bd96cdcdb2c5d8"
x-goog-generation: 1698678993576874
x-goog-hash: crc32c=yJ1HXQ==, md5=JsCmeshrre/CvZbNzbLF2A==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000,no-transform
x-goog-stored-content-length: 15456
accept-ranges: bytes
content-type: text/javascript; charset=utf-8

GET
H2 200 track
t.teads.tv/ 23 B
134 B 231ms
126ms Image
image/gif 2.19.100.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.teads.tv/track?action=pageView&env=js-web&tag_version=6.15.2_12a9676&provider=tag&advertiser_id=31741&referer=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%3Dundefined%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&user_session_id=dad51771-d25d-4eeb-a9ae-060f92764663
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.100.4 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-100-4.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires: Sat, 26 Jul 1997 05:00:00 GMT
date: Thu, 02 Nov 2023 17:23:40 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 23
content-type: image/gif

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
185 B 39ms
38ms Image
image/gif 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2613054820814&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22a8feadcc%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1698945819813
Requested by: Host: bookings.omnihotels.com
URL: https://bookings.omnihotels.com/login?utm_medium=email&utm_source=adhoc&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&et_rid=60232176&utm_source=sfmc&utm_term=&utm_content=143522&utm_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_id=60232176&sfmc_activityid=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&utm_medium=email&sfmc_journey_id=7d587f62-a7bd-42d6-8d12-de12791a0ec9&sfmc_journey_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_activity_id=efa86c2a-636e-4339-84b3-f1f67ac7dc2d&sfmc_activity_name=ho-rmeia-lelsiru_eitkctet__oowdnren_vo32&sfmc_asset_id=143522&sfmc_channel=email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:39 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
pinterest-version: d5e81ee886163611a3e8f7face49fee6e4fb67ca
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 4
alt-svc: h3=":443";ma=600
x-pinterest-rid: 1083681237907848
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 event Show response
bttrack.com/engagement/ 0
126 B 297ms
95ms XHR
text/plain 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL

https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215411%22%2C%22sessionId%22%3A%22df222743-326b-4d63-81f4-49ebd6c3b95b%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D

Requested by

Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15411&cb=1698945819424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

67.bidtellect.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: Track004-iad
pragma: no-cache
date: Thu, 02 Nov 2023 17:22:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
content-type: text/plain
access-control-allow-origin: *
cache-control: private,no-cache
content-length: 0
expires: -1

GET
H2 200 getpixels Show response
bttrack.com/engagement/ 0
42 B 299ms
97ms XHR
text/html 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL

https://bttrack.com/engagement/getpixels?gid=15411

Requested by

Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15411&cb=1698945819424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

67.bidtellect.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: Track002-iad
pragma: no-cache
date: Thu, 02 Nov 2023 17:22:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
content-type: text/html
access-control-allow-origin: *
cache-control: private,no-cache
content-length: 0
expires: -1

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 62ms
18ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=210262292977069&ev=PageView&dl=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&rl=&if=false&ts=1698945819832&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1698945819830.903599917&ler=empty&it=1698945819387&coo=false&eid=1698945818910.288740.19&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 02 Nov 2023 17:23:39 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
791 B 221ms
220ms Ping
text/plain 23.37.226.91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTVkMmViMGJhMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.226.91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-37-226-91.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 28c6ea7c.3d733d64
date: Thu, 02 Nov 2023 17:23:40 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-37-226-87.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
x-parent-response-time: 119,23.37.226.87
server-timing: cdn-cache; desc=MISS, edge; dur=88, origin; dur=38, inner; dur=28
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20231102172339F1CD46E07B42093E4AA6
x-cache-remote: TCP_MISS from a23-44-202-78.deploy.akamaitechnologies.com (AkamaiGHost/11.3.0.1-51931778) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 38,23.44.202.78
x-tt-trace-host: 010faac29b59abee9e69370388057ad99314024dd6eea94cce16c935e10910e44d70b3912ecb0db1f402c1fc69f1bc7fc5847269efa282a5b9ce81904099b0b57cffbcb1573d125690f497f13aa84b384197c2379e4fc49f049f9f527efbf5d418206fb8346270691f712fcba03b172bce
access-control-allow-headers: Authorization,*
expires: Thu, 02 Nov 2023 17:23:40 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 13 KB
3 KB 21ms
21ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: gA7tJXNyGFicHKODkM9Iaw==
age: 3429
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:07 GMT
server: cloudflare
etag: 0x8DBD5D48CFC97D7
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9db5531a-301e-0056-0f22-08c86c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe110e9f8e9006-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/ 62 KB
13 KB 18ms
18ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: D6052jlcz/0opqTP4tUV1A==
age: 3429
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12708
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:10 GMT
server: cloudflare
etag: 0x8DBD5D48E5675E0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f88df13c-401e-0011-6523-08a337000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe110e9f909006-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 21 KB
4 KB 18ms
18ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 3429
x-ms-lease-status: unlocked
last-modified: Thu, 26 Oct 2023 03:35:19 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: c912d093-501e-008b-0b23-083dee000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 81fe110e9f919006-FRA

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 94 B
292 B 134ms
134ms XHR
text/plain 18.184.44.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=RyRCfsnbaVa9UDYqPKC--w&is_js=true&landing_url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&t=Omni%20Hotels%20%26%20Resorts%20%7C%20Luxury%20Hotels%2C%20Resorts%20and%20Vacation%20Packages&tip=7LMYEEkFB7oxML9MDd_gW0UiC4apViEFnJDVyaCQmDA&host=https%3A%2F%2Fbookings.omnihotels.com&sa_conv_data_css_value=%270-dff1b18a-91f2-54c7-5217-efe1fa106608%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9dff1b18a91f254c75217efe1fa106608515f0527&sa-user-id-v3=s%253AAQAKIAqTdpk7Om2OUOtZDaK6nyd3Kq-6mbU4HcPD9pfuLSQhEHwYBCCbto-qBjABOgTtVOP9QgTpVdD1.lnxtjQV0l%252BniLbPBtdeaxKweyRO%252BltqrGxrzXhn%252F7hs&sa-user-id-v2=s%253A3_GxipHyVMdSF-_h-hBmCFFfBSc.Eq6EpVgC7xHl4i4QNH9bBP%252FfidluW2oilJaNKvXAAeo&sa-user-id=s%253A0-dff1b18a-91f2-54c7-5217-efe1fa106608.RJhOhlwoFzTMy30gN0Z1k%252Fq30TQj%252FReje80542oESNI
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.184.44.120 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-44-120.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-origin: https://bookings.omnihotels.com
date: Thu, 02 Nov 2023 17:23:40 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 94
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H3 200 inbox-v2_48b3046e5658d067d380731acb25edd9.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 9ms
8ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_48b3046e5658d067d380731acb25edd9.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 13:32:36 GMT
content-encoding: br
age: 1828264
x-guploader-uploadid: ADPycdvX9Eo6YnzcDXhlCjzyHCf59z-iaUno1aqObuO7vpTwVKOIjcysg_IP2S2so6YyNZfzYoH5Y5JUDNkBmU4KZMve2w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4862
last-modified: Tue, 10 Oct 2023 16:03:33 GMT
server: UploadServer
etag: "e08d76c0eee63d930afa55862092fe13"
x-goog-generation: 1694525539645421
x-goog-hash: crc32c=om6Z6Q==, md5=4I12wO7mPZMK+lWGIJL+Ew==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4862
accept-ranges: bytes
content-type: text/javascript

GET
H3 200 onsite-v2_5631bf90701659009118a89f964ae570.br.js Show response
assets.bounceexchange.com/assets/smart-tag/versioned/ 16 KB
5 KB 10ms
10ms Script
text/javascript 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_5631bf90701659009118a89f964ae570.br.js
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 15:24:02 GMT
content-encoding: br
age: 1303178
x-guploader-uploadid: ADPycdt82uaxuizgKCir6qCl0vOQCoY7nzx1jWbzMgtbXXOX00BmtLIGtx6lGy16I5OjOGCKpft99su7Co2t-OfbQcHpaQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4962
last-modified: Tue, 17 Oct 2023 15:39:23 GMT
server: UploadServer
etag: "801d41813e7b11c4986b4ca00307283b"
x-goog-generation: 1695050633424590
x-goog-hash: crc32c=+KL22A==, md5=gB1BgT57EcSYa0ygAwcoOw==
access-control-allow-origin: *
access-control-expose-headers: etag, Content-Type
cache-control: public,max-age=31536000
x-goog-stored-content-length: 4962
accept-ranges: bytes
content-type: text/javascript

GET
H/1.1 200
OK / Show response
data.cdnbasket.net/ 14 B
338 B 640ms
128ms XHR
application/json 34.149.14.182
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_e56025bf788e01599545a68c3c69921e.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.14.182 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 182.14.149.34.bc.googleusercontent.com
Software: /
Resource Hash: 1e70bd3712e4b952de8a31d4b4aaeed68ed73b194458c920a10c01e972b4d304

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Nov 2023 17:23:40 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
page.cdnbasket.net/ 14 B
338 B 307ms
118ms XHR
application/json 34.107.212.52
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://page.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_e56025bf788e01599545a68c3c69921e.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.212.52 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 52.212.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 69a8787bd0fb3c7b7910a9c71ec4b210c7f01351ca3c1fb982807fa8f24ee41c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Nov 2023 17:23:40 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H/1.1 200
OK / Show response
view.cdnbasket.net/ 14 B
338 B 940ms
120ms XHR
application/json 34.102.203.69
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://view.cdnbasket.net/
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_e56025bf788e01599545a68c3c69921e.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.203.69 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 69.203.102.34.bc.googleusercontent.com
Software: /
Resource Hash: 501e025f6f2171a74376b4d0b42f25844470d145ee9ee716301c0272410b121c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 02 Nov 2023 17:23:40 GMT
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, Content-Type, Accept
Expires: 0

GET
H2 202 track_page_view
nova.collect.igodigital.com/c2/514013529/ 43 B
687 B 110ms
102ms Image
image/gif 34.196.226.59
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/514013529/track_page_view?payload=%7B%22title%22%3A%22Omni%20Hotels%20%26%20Resorts%20%7C%20Luxury%20Hotels%2C%20Resorts%20and%20Vacation%20Packages%22%2C%22url%22%3A%22https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail%22%2C%22referrer%22%3A%22%22%7D

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.196.226.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-196-226-59.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-runtime: 0.005613
date: Thu, 02 Nov 2023 17:23:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
x-xss-protection: 1; mode=block
x-request-id: 8766fb9c-bd09-4c26-bb6c-eca63541dc91

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 18ms
18ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bookings.omnihotels.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 33083
x-ms-lease-status: unlocked
last-modified: Tue, 31 Oct 2023 06:38:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 914fb8e4-701e-0035-719b-0c5597000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 81fe1110e8da18db-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
512 B 17ms
17ms Fetch
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 30374
x-ms-lease-status: unlocked
last-modified: Tue, 31 Oct 2023 06:38:16 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 94851778-d01e-005e-5011-0cd263000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 81fe1111197d9006-FRA

GET
H2 200 Omni_Brand_Black_Horizontal.png
cdn.cookielaw.org/logos/01bc6cb4-2f4d-43c2-ac80-72448c017e29/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/9b3642ba-9024-4506-8b8a-1e77b8cc0b9a/ 16 KB
16 KB 19ms
19ms Image
image/png 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/01bc6cb4-2f4d-43c2-ac80-72448c017e29/1b83bbb8-2ce9-4b1b-b46a-2a5f8f5bef7b/9b3642ba-9024-4506-8b8a-1e77b8cc0b9a/Omni_Brand_Black_Horizontal.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51972dd36653cf3ddd803b83c6bf831aa9477716238ede1d396877099de6782c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: GWZHZnCNMCLuNnLLstJQIA==
age: 62797
content-length: 16700
x-ms-lease-status: unlocked
last-modified: Fri, 18 Aug 2023 20:46:33 GMT
server: cloudflare
etag: 0x8DBA02C351DD9A1
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: fb4b6f31-d01e-0095-49b1-06d136000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81fe1111392218db-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 16ms
16ms Image
image/svg+xml 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 02 Nov 2023 17:23:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 40161
x-ms-lease-status: unlocked
last-modified: Thu, 02 Nov 2023 03:31:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 221880fa-b01e-0015-5340-0d2e30000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 81fe1111392918db-FRA

GET
H3 200 local_storage_frame17.min.html Show response
assets.bounceexchange.com/assets/bounce/ Frame 2D78 2 KB
969 B 13ms
13ms Document
text/html 34.98.72.95
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 95.72.98.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: etag Content-Type
age: 288625
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 938
content-type: text/html; charset=UTF-8
date: Mon, 30 Oct 2023 09:13:15 GMT
etag: W/"fc893948c3efc689b5b19d8a77958e23"
last-modified: Wed, 25 Oct 2023 14:44:22 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1698245061960783
x-goog-hash: crc32c=kX4cqg== md5=/Ik5SMPvxom1sZ2Kd5WOIw==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2408
x-guploader-uploadid: ABPtcPpKxtfKfLgQlpDWHMyUZRFtwjmIrECfO8Ia1Hn5_Zpn9DM8o5uXdWZTR9qxjDhml9gtYBPj3i1qiC-8SSpvidCAT6HQcHkm

GET
H3 200 ct.html Show response
ct.pinterest.com/ Frame 1443 565 B
516 B 35ms
34ms Document
text/html 151.101.192.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.a8feadcc.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 151.101.192.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Thu, 02 Nov 2023 17:23:40 GMT
pinterest-version: d6951f45f66563771add4a1e3ca61db071303140
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1004523163221129

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 359A 0
59 B 34ms
34ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=yfvavnx&ref=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&upid=s2p53hs&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
content-type: text/html
date: Thu, 02 Nov 2023 17:23:40 GMT
server: Kestrel

GET
H2 200 c Show response
ids.cdnwidget.com/ 61 B
237 B 202ms
125ms XHR
application/json 2600:1901:0:56e0::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=110005063&GCS2=OTA2NjcwYTAtZDM5OC00NzdkLThiZGQtMzljMDJkZTYwNWUyLmxvY2Fs&pe=false&wsid=5615&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A5615%2C%22loadID%22%3A%229vuki6Z4PnRrp7x%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A77%2C%22IDStageStart%22%3A77%2C%22obsReqpage%22%3A467%2C%22netComplete%22%3A610%2C%22obsReqdata%22%3A719%2C%22obsReqview%22%3A1029%2C%22IDStagePrefire%22%3A1029%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A1%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%2C%22deviceid%22%3A%222533212166316155707%22%2C%22visitid%22%3A%221698945820887734%22%7D
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_e56025bf788e01599545a68c3c69921e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:56e0:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: /
Resource Hash: 9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:41 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: https://bookings.omnihotels.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61

GET
H2 200 init1.js Show response
api.bounceexchange.com/bounce/ 36 B
342 B 104ms
57ms Script
text/html 34.111.8.32
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bounceexchange.com/bounce/init1.js?wklzs=1360&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYBOADmIBYBWUgJiNIHZNgAvEKAWkIAZMB3AKYAjHKmCCA+qgAmUKoXxVMAJ0E4QAGzhoMBXjwAe+Wjz5qYglWpVRsAQ02bUCAOaS4KzVAAWwYAAOOACkAMwAgsG0AGJR0cIgIADWLq44AHQgALYIqD4gEpoZSNlxmiCuLmHROlmSWYIyqHBZYQAigln2qJpRhLWSGp5Igu32MvlIfQNI9lkB3a4I7U1qKJwgPiqcnd2anJqCqDieUmhISYLAkqCS-BgyVpIIIAButKF9V5Iqsu28H3ojEI02AdSGKhG7RwMCyU1o-TBNysrVCbVBdRKCAk2Pa+AooSotFoGOkMnajBkNEYMEItE49kYwhknAotBkhE4pBkJk4jxMjGI+HsPEESGIfRhcLJ-x4gPwwMlsKQknsKFQr3EAE8-mjBDB7KRCEhaPZuKFCIJWaFQsQuRRhKFODB8LTGGrKSbyQiBg0mi12rsekrpWAQJ4EIItTK0ZTqbT6Yzmaz2Zzubz+bRBcLReKQyqwxGo885qM0flOCoGqgzYciqgVHBJEdgEkUN9JIl+DIEGoEJJXiBQiSEVKVWq0JrgNHdR0DUaTWbCBarQTbfbHc7XYR3UhPez86r1VPowhS+0K1WjrXBPXG83xG2JNdOyBu73BP3B8PD-YcDhvlnfFCWJQ8kB8ewEEjXo9S6HpME1MRrhKZJUEEKBgkYAAhKJaE0AJcLCSJiT8QIQloKgIiiIlYgomIElQtwMmyXJ8kKYpSjo6JykqZYKNCGokT9ZpWn4jo4N6OjEXBcNIVGMTxkmaifSRWZ5kWPjKLaVYxWADYth2CSDiOE41BuVALm+W57gQR4VGeN4PmUy1rl+b0tIBYcFRBKSBghKExLHZyBgkKtqLRYLVIwHFgHCtpgKJEciWkmUxLjJgEwZJkWTZDkuR5elM2zEUxQlKSx1Sjy5S8xVyuVI9J21P4xP1Q1jVNc1LWtddSAdJ0XTdD0ZC9SK6mEgMWok5yKsLFRIxndzYypDK6Sy5NcrTAq+UEAUhRKvM6tDWT5pLBo4svasbzvJsWyfDsux7PsByHJLR0I2gAGFcJUQiqNA0DGDabBEhSdDMJw4kmm9Ek-uJSivPoQhlyIJQqEYHhGHer7iU1aGiKIMhKBoUxSCYRhQgoKJsdoV5fsibDcMEV4nh41xGmkPiYfCA0ilGQGqdwmRXGiBscGAAAZEBxjp4BGz5oHXnsFQcAAbVZ9mXAAXVgRwAIQpXVaZlmKjZmQOe1nm9ZQ0GbkSSRNCVtmdd5zBhACKA+Cud2Vc1zAAmAPBgfmZxIJGSQYAd1w7FeCCoCAA
Requested by: Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_10777d6e21f2b5d68696244a0e6a7fd3.br.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 32.8.111.34.bc.googleusercontent.com
Software: /
Resource Hash: fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
date: Thu, 02 Nov 2023 17:23:41 GMT
content-encoding: gzip
x-envoy-upstream-service-time: 17
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=UTF-8

GET
H2 204 cjs-logger
e.cdnwidget.com/ 0
100 B 185ms
139ms Image
image/png 34.102.193.48
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e.cdnwidget.com/cjs-logger?source=ID%20generation%20error&severity=Warning&error=forbidden%253A%2520disallowed%2520country%252C%2520country%2520code%2520is%2520DE&cookieID=&deviceID=&BXWID=5615&warpspeed=2%5EHIykD&loadID=9vuki6Z4PnRrp7x&version=1.5.9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.193.48 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 48.193.102.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:41 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/png

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 31ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-BELGX2HEXN&gtm=45je3au1v892865381z8813109288&_p=309403034&gcd=11l1l1l1l1&ul=en-US&cid=1410132769.1698945819&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&dl=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Fet_rid%3D60232176%26utm_term%3D%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&dp=%2Flogin&dt=Login&sid=1698945819&sct=1&seg=1&en=page_view&ep.country=&ep.detailed_event=Page%20Load%20Completed&ep.name=User%20Sign%20In&ep.platform_version=Booking%20Engine&ep.site_section=booking%20engine&ep.weekday_or_weekend=weekday&ep.campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&ep.source=adhoc&ep.medium=email&ep.content=143522&ep.count_page_load_completed=1&_et=33
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BELGX2HEXN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:44 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bookings.omnihotels.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SmarterHandler.ashx Show response
tr2.smarterhq.io/app1/ 293 B
415 B 300ms
94ms Script
text/javascript 18.210.88.137
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=439782043&i=7b2hrefqup-1&cb=_smtr.postprocess&cu=true&bv=2.7.14&utc=-60&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&pt=5&href=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&hostn=bookings.omnihotels.com&pathn=%2Flogin
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.88.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-88-137.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 5ee6083f0f2bae56f470d7b5745780b8a98bf000f5252b6a40e37668477b963d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:44 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 293
content-type: text/javascript

GET
H2 200 SmarterHandler.ashx Show response
tr2.smarterhq.io/app1/ 292 B
413 B 93ms
92ms Script
text/javascript 18.210.88.137
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tr2.smarterhq.io/app1/SmarterHandler.ashx?r=1761720394&i=7b2hrefqup-1&cb=_smtr.postprocess&code=to&bv=2.7.14&utc=-60&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&pt=5&href=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&hostn=bookings.omnihotels.com&pathn=%2Flogin&modalc=638345426245883835^018b910f-f74c-4763-9470-4e06df498e9d^018b910f-f74c-4ae5-8a65-d94d1627bf46^0^81.95.5.39
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.88.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-88-137.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: d725c2d4cceb3b60263f693f4d04ed431626cb0505d4d487d1efac9f6de147fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:44 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 292
content-type: text/javascript

GET
H2 200 / Show response
onsiteshq.smarterhq.io/api/v3/onsite/ 111 B
225 B 321ms
103ms Script
text/plain 3.208.85.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://onsiteshq.smarterhq.io/api/v3/onsite/?instanceId=7b2hrefqup-1&loiId=018b910f-f74c-4763-9470-4e06df498e9d&sessionId=018b910f-f74c-4ae5-8a65-d94d1627bf46&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&callback=_smtr.postprocess&r=359566068&isNewVisitor=true&accountId=377&campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&medium=email&isEmailProvided=false&espSubIdProvided=false&ref=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.85.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-208-85-172.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 15d6dff53a85e601ddd4a1e658129efdeedaf6d1f5c27ff624a480bdbf491210

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:44 GMT
server: Kestrel
x-request-id: 0HMUF2470OG43:00000753
content-type: text/plain; charset=utf-8

GET
H2 200 smtr1x1.gif
tr2.smarterhq.io/app1/ 43 B
159 B 95ms
94ms Image
image/gif 18.210.88.137
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr2.smarterhq.io/app1/smtr1x1.gif?r=905855814&action=campaign&i=7b2hrefqup-1&modalc=638345426245883835%5E018b910f-f74c-4763-9470-4e06df498e9d%5E018b910f-f74c-4ae5-8a65-d94d1627bf46%5E0%5E81.95.5.39&pageId=0HMUF89FUU4VK%3A00001079&utm_campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&utm_medium=email&utm_source=sfmc&utm_content=143522&href=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&bv=2.7.14
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.88.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-88-137.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Nov 2023 17:23:44 GMT
cache-control: no-store,no-cache
server: Kestrel
content-length: 43
content-type: image/gif

GET
H2 200 / Show response
onsiteshq.smarterhq.io/api/v3/onsite/ 111 B
226 B 225ms
101ms Script
text/plain 3.208.85.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://onsiteshq.smarterhq.io/api/v3/onsite/?instanceId=7b2hrefqup-1&loiId=018b910f-f74c-4763-9470-4e06df498e9d&sessionId=018b910f-f74c-4ae5-8a65-d94d1627bf46&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&callback=_smtr.postprocess&r=164205142&isNewVisitor=true&accountId=377&campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&medium=email&isEmailProvided=false&espSubIdProvided=false&ref=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.85.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-208-85-172.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 15d6dff53a85e601ddd4a1e658129efdeedaf6d1f5c27ff624a480bdbf491210

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:44 GMT
server: Kestrel
x-request-id: 0HMUBTIBD22DH:00000191
content-type: text/plain; charset=utf-8

GET
H2 200 / Show response
onsiteshq.smarterhq.io/api/v3/onsite/ 111 B
225 B 226ms
104ms Script
text/plain 3.208.85.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://onsiteshq.smarterhq.io/api/v3/onsite/?instanceId=7b2hrefqup-1&loiId=018b910f-f74c-4763-9470-4e06df498e9d&sessionId=018b910f-f74c-4ae5-8a65-d94d1627bf46&url=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&callback=_smtr.postprocess&r=1097051791&isNewVisitor=true&accountId=377&campaign=direct-ohr-email-leisure_ticket_to_wonder_nov23&medium=email&isEmailProvided=false&espSubIdProvided=false&ref=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail
Requested by: Host: d1n00d49gkbray.cloudfront.net
URL: https://d1n00d49gkbray.cloudfront.net/js/omni.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.208.85.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-208-85-172.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: 15d6dff53a85e601ddd4a1e658129efdeedaf6d1f5c27ff624a480bdbf491210

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Thu, 02 Nov 2023 17:23:44 GMT
server: Kestrel
x-request-id: 0HMUBTIK82HA3:00000050
content-type: text/plain; charset=utf-8

GET
H2 200 event Show response
bttrack.com/engagement/ 0
46 B 94ms
94ms XHR
text/plain 192.132.33.67
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL

https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215411%22%2C%22sessionId%22%3A%22df222743-326b-4d63-81f4-49ebd6c3b95b%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A2%2C%22url%22%3A%22https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D

Requested by

Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15411&cb=1698945819424

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.67 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

67.bidtellect.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-servername: Track002-iad
pragma: no-cache
date: Thu, 02 Nov 2023 17:22:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;
content-type: text/plain
access-control-allow-origin: *
cache-control: private,no-cache
content-length: 0
expires: -1

Verdicts & Comments Add Verdict or Comment

134 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bookings.omnihotels.com/	1969-12-31 23:59:59	Name: GCLB Value: "f20a4c60726f35f7"
bookings.omnihotels.com/	1970-01-20 15:55:53	Name: XSRF-TOKEN Value: eyJpdiI6IkJkempHaHpNNnk2U1F1SkkvRGdJZGc9PSIsInZhbHVlIjoiS2VqWlpaVWFMK3RWYmRuTlRsdUFoenlTY1JlWHoyaFdYb3ZVUmY4YTlkM3pDZkREQi9jZnlNZncvTGYyMW5yVGZMQXBFUVFhMUFWeGgyVUNPdmRLdzlRQXVROTVRZTZqT3hsd0N6MUFNbXg3bmNZNEE5TFA2RWkvZlMrK0hHSWgiLCJtYWMiOiI3MWJjOTk3NTYxMzhkZDQzYmI0YjY3NzcwZGFjMDA5NTliZjcwNzgzNTE0NTk0MDc5MmJiNzJlYmJmMTVkOTNlIiwidGFnIjoiIn0%3D
bookings.omnihotels.com/	1969-12-31 23:59:59	Name: laravel_session Value: eyJpdiI6IkF3ZDBvZ2FvZ1FheHdVOFpRZ1k3V2c9PSIsInZhbHVlIjoiRFZUdUN4bnZ5YlJFTFZybm96YzFCbmxwR1ZMN1BUTkQ3MFhQZWZxWUxLWGo5QTNYbW5RRmEzTW9GeEE2TFBtNWlkQU1tQkw3MWJjMEFmaU03azMwbGhjaGpybE96R0kyUG80NjRpdkpXZ2MvcGNkSEphRU5KNGhnL1dPUm5relAiLCJtYWMiOiI2ODYwZjg3OWM5NzA0NjVhZmEzNDQ2YTIyYjQyNDcyMTE0NmE2Y2FjZDhiZmE0YjhmMjRmYmRhMzkxZjg4ODAxIiwidGFnIjoiIn0%3D
.omnihotels.com/	1970-01-20 18:05:21	Name: _gcl_au Value: 1.1.2137495.1698945819
.omnihotels.com/	1970-01-20 15:57:12	Name: _gid Value: GA1.2.187871237.1698945819
.tiktok.com/	1970-01-21 01:17:21	Name: _ttp Value: 2Xd4rHlaIs9x26k2CM59nTdivd3
.omnihotels.com/	1970-01-20 15:55:45	Name: _gat_UA-33986005-1 Value: 1
.bookings.omnihotels.com/	1970-01-21 01:31:45	Name: _ga Value: GA1.3.1410132769.1698945819
.bookings.omnihotels.com/	1970-01-20 15:57:12	Name: _gid Value: GA1.3.187871237.1698945819
.adnxs.com/	1970-01-20 18:05:21	Name: uuid2 Value: 7919032877779125705
.omnihotels.com/	1970-01-21 01:31:45	Name: _ga Value: GA1.1.1410132769.1698945819
tags.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id Value: s%3A0-dff1b18a-91f2-54c7-5217-efe1fa106608.RJhOhlwoFzTMy30gN0Z1k%2Fq30TQj%2FReje80542oESNI
.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id Value: s%3A0-dff1b18a-91f2-54c7-5217-efe1fa106608.RJhOhlwoFzTMy30gN0Z1k%2Fq30TQj%2FReje80542oESNI
tags.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id-v2 Value: s%3A3_GxipHyVMdSF-_h-hBmCFFfBSc.Eq6EpVgC7xHl4i4QNH9bBP%2FfidluW2oilJaNKvXAAeo
.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id-v2 Value: s%3A3_GxipHyVMdSF-_h-hBmCFFfBSc.Eq6EpVgC7xHl4i4QNH9bBP%2FfidluW2oilJaNKvXAAeo
tags.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id-v3 Value: s%3AAQAKIAqTdpk7Om2OUOtZDaK6nyd3Kq-6mbU4HcPD9pfuLSQhEHwYBCCbto-qBjABOgTtVOP9QgTpVdD1.lnxtjQV0l%2BniLbPBtdeaxKweyRO%2BltqrGxrzXhn%2F7hs
.srv.stackadapt.com/	1970-01-21 00:41:21	Name: sa-user-id-v3 Value: s%3AAQAKIAqTdpk7Om2OUOtZDaK6nyd3Kq-6mbU4HcPD9pfuLSQhEHwYBCCbto-qBjABOgTtVOP9QgTpVdD1.lnxtjQV0l%2BniLbPBtdeaxKweyRO%2BltqrGxrzXhn%2F7hs
.yahoo.com/	1970-01-21 00:41:43	Name: A3 Value: d=AQABBBvbQ2UCELDndRl6tqfEX_JfWxy05sEFEgEBAQEsRWVNZeAPyiMA_eMAAA&S=AQAAAvmCwixcId4DDCOrUtInaZA
.omnihotels.com/	1970-01-21 01:31:45	Name: _ga_BELGX2HEXN Value: GS1.1.1698945819.1.1.1698945819.60.0.0
.omnihotels.com/	1970-01-20 15:55:47	Name: smtrsession Value: cameFromEmail%7Ctrue
.adnxs.com/	1970-01-20 18:05:21	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2GVTh.KTm!]tbP6j2F-XstGt!@Dgh$p1kt
.omnihotels.com/	1970-01-20 15:57:12	Name: _uetsid Value: 90176dd079a411eeb2323bddb0fc3ffd
.omnihotels.com/	1970-01-21 01:17:21	Name: _uetvid Value: 901781c079a411eea8d3015d12028e91
bookings.omnihotels.com/	1970-01-21 00:41:21	Name: sa-user-id Value: s%253A0-dff1b18a-91f2-54c7-5217-efe1fa106608.RJhOhlwoFzTMy30gN0Z1k%252Fq30TQj%252FReje80542oESNI
bookings.omnihotels.com/	1970-01-21 00:41:21	Name: sa-user-id-v2 Value: s%253A3_GxipHyVMdSF-_h-hBmCFFfBSc.Eq6EpVgC7xHl4i4QNH9bBP%252FfidluW2oilJaNKvXAAeo
bookings.omnihotels.com/	1970-01-21 00:41:21	Name: sa-user-id-v3 Value: s%253AAQAKIAqTdpk7Om2OUOtZDaK6nyd3Kq-6mbU4HcPD9pfuLSQhEHwYBCCbto-qBjABOgTtVOP9QgTpVdD1.lnxtjQV0l%252BniLbPBtdeaxKweyRO%252BltqrGxrzXhn%252F7hs
.bing.com/	1970-01-21 01:17:21	Name: MUID Value: 008C8636E90E6EC5076D958BE8856F72
.doubleclick.net/	1970-01-21 01:17:21	Name: IDE Value: AHWqTUmNNnBLcZQu8EKT1LkEMvjCpC4Pz8RG4Ka8nX2GcTXnu0KzHEURxupahgMwKM0
.sojern.com/	1970-01-21 00:41:21	Name: gid Value: CAESEEm-C_r6PCFfDlz9F02RBL0
.sojern.com/	1970-01-21 00:41:21	Name: cid Value: 1bf17a22-cf8f-326a-f758-87ad4bb158b0#1698883200000
.sojern.com/	1970-01-20 18:05:21	Name: apnid Value: 7919032877779125705
.omnihotels.com/	1970-01-21 01:17:21	Name: _tt_enable_cookie Value: 1
.omnihotels.com/	1970-01-21 01:17:21	Name: _ttp Value: J9NgKLIMTwJCKOPmgoRpMr2IjNn
.linkedin.com/	1970-01-21 00:41:21	Name: bcookie Value: "v=2&7fbe6e61-2573-4d64-8a7e-b2320dbfa14c"
.linkedin.com/	1970-01-20 20:14:57	Name: li_gc Value: MTswOzE2OTg5NDU4MTk7MjswMjE/B4PygJO9D1zHTNu3ff7+DSAQpZLIia914mRozXvRQw==
.linkedin.com/	1970-01-20 15:57:12	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3076:u=1:x=1:i=1698945819:t=1699032219:v=2:sig=AQFT6mkYMcklLNwsnxPCQFY_bI6yW9L2"
.omnihotels.com/	1970-01-21 00:41:21	Name: _hjSessionUser_3621851 Value: eyJpZCI6IjgwYjgxNzY5LWEzMTYtNTc4OC05NTI4LWM4Mjg0N2RmYTBmNCIsImNyZWF0ZWQiOjE2OTg5NDU4MTk3NzksImV4aXN0aW5nIjpmYWxzZX0=
.omnihotels.com/	1970-01-20 15:55:47	Name: _hjFirstSeen Value: 1
.omnihotels.com/	1970-01-20 15:55:47	Name: _hjIncludedInSessionSample_3621851 Value: 0
.omnihotels.com/	1970-01-20 15:55:47	Name: _hjSession_3621851 Value: eyJpZCI6IjY0OTQ4MDQzLTFlOGQtNGFlNi04YWU2LTM5ZDNjNTdhYTE1NyIsImNyZWF0ZWQiOjE2OTg5NDU4MTk3ODUsImluU2FtcGxlIjpmYWxzZSwic2Vzc2lvbml6ZXJCZXRhRW5hYmxlZCI6dHJ1ZX0=
.omnihotels.com/	1970-01-20 15:55:47	Name: _hjAbsoluteSessionInProgress Value: 0
.omnihotels.com/	1970-01-20 15:55:47	Name: tfpsi Value: dad51771-d25d-4eeb-a9ae-060f92764663
.omnihotels.com/	1970-01-20 18:05:21	Name: _fbp Value: fb.1.1698945819830.903599917
.bookings.omnihotels.com/	1970-01-21 00:41:21	Name: _pin_unauth Value: dWlkPU5ESTRZbUV6TlRNdE5UQXhZeTAwWXpaakxXRmpNelV0TUdVMVpUTTNaVEV6WTJVeQ
.pinterest.com/	1970-01-21 00:41:21	Name: ar_debug Value: 1
.omnihotels.com/	1970-01-21 00:41:21	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Thu+Nov+02+2023+18%3A23%3A40+GMT%2B0100+(Central+European+Standard+Time)&version=202310.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=64437533-1c9b-4718-9a95-c7a8780fd376&interactionCount=0&landingPath=https%3A%2F%2Fbookings.omnihotels.com%2Flogin%3Futm_medium%3Demail%26utm_source%3Dadhoc%26utm_campaign%3Ddirect-ohr-email-leisure_ticket_to_wonder_nov23%26et_rid%3D60232176%26utm_source%3Dsfmc%26utm_term%3D%26utm_content%3D143522%26utm_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_id%3D60232176%26sfmc_activityid%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26utm_medium%3Demail%26sfmc_journey_id%3D7d587f62-a7bd-42d6-8d12-de12791a0ec9%26sfmc_journey_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_activity_id%3Defa86c2a-636e-4339-84b3-f1f67ac7dc2d%26sfmc_activity_name%3Dho-rmeia-lelsiru_eitkctet__oowdnren_vo32%26sfmc_asset_id%3D143522%26sfmc_channel%3Demail&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CC0004%3A1%2CC0005%3A1
.igodigital.com/	1970-01-21 01:31:45	Name: igodigitaltc2 Value: 90a3f7c0-79a4-11ee-902b-36fa872327c8
.igodigital.com/	1970-01-20 15:55:49	Name: igodigitalst_514013529 Value: 90a3febe-79a4-11ee-902b-36fa872327c8
.igodigital.com/	1970-01-20 15:55:49	Name: igodigitalstdomain Value: 2000028897
.omnihotels.com/	1970-01-21 01:31:45	Name: smtrrmkr Value: 638345426245883835%5E018b910f-f74c-4763-9470-4e06df498e9d%5E018b910f-f74c-4ae5-8a65-d94d1627bf46%5E0%5E81.95.5.39

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bttrack.com/pixel/retarget/1673 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval' always; connect-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security	max-age=15638400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

514013529.collect.igodigital.com
a7tglno5hj.execute-api.us-east-1.amazonaws.com
aa.trkn.us
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.pangle-ads.com
analytics.tiktok.com
api.bounceexchange.com
assets.bounceexchange.com
bat.bing.com
beacon.sojern.com
bookings.omnihotels.com
bttrack.com
cdn.apolloplatform.com
cdn.bttrack.com
cdn.cookielaw.org
click.em.omnihotels.com
cm.g.doubleclick.net
cm.teads.tv
connect.facebook.net
ct.pinterest.com
d1n00d49gkbray.cloudfront.net
data.cdnbasket.net
e.cdnwidget.com
fcmatch.google.com
fcmatch.youtube.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
ib.adnxs.com
ids.cdnwidget.com
insight.adsrvr.org
js.adsrvr.org
ka-f.fontawesome.com
match.adsrvr.org
nova.collect.igodigital.com
onsiteshq.smarterhq.io
p.teads.tv
p.typekit.net
page.cdnbasket.net
pixel-library.pmg.com
pixel.sojern.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.pinimg.com
schema.apolloplatform.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
sp.analytics.yahoo.com
static.hotjar.com
stats.g.doubleclick.net
t.teads.tv
tag.wknd.ai
tags.srv.stackadapt.com
tr2.smarterhq.io
use.typekit.net
view.cdnbasket.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
107.178.244.119
13.107.42.14
13.111.234.80
13.224.245.27
142.250.185.226
142.250.186.38
151.101.192.84
18.164.52.121
18.184.44.120
18.210.88.137
18.66.112.126
185.89.210.244
192.132.33.67
2.18.161.51
2.19.100.4
2001:4860:4802:32::178
2001:4860:4802:34::36
212.82.100.181
23.37.226.91
23.53.43.34
2600:1901:0:56e0::
2600:9000:223d:8200:9:7c30:be80:21
2606:4700:4400::6812:2089
2606:4700::6812:83ec
2606:4700:e2::ac40:8309
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2008
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2002
2a00:1450:400c:c06::9c
2a02:26f0:3500:16::215:1495
2a02:26f0:480:38f::1931
2a02:26f0:480:3::210:ee91
2a02:26f0:780::210:ca73
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.208.85.172
34.102.193.48
34.102.203.69
34.107.212.52
34.111.8.32
34.120.253.250
34.120.61.157
34.149.14.182
34.196.226.59
34.98.72.95
35.168.25.202
35.71.131.137
52.222.174.108
88.221.110.80
99.86.116.119
99.86.4.17
029b26f8121f14889b98ac012ec687039b9c5f3091e8245490eb8732f805e3ca
03e15683e7a76ee5bf6322c65cb607c8b74bcef4968973891258e73605e3c2de
053ee9256952de1016a2fda2d0c73716a23eea78892a78ab3e9ff1766bb1be31
078f3dd88e751c3c421b2007e1cb27bcb65a95daf278bd25de81ba7b2bf3c4e4
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dc90421cbf6414c9f1ef5e93af3dbe48a4e51899452330f0ae0b2815e38be94
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
115f6a626ca115d4ad5581b59275327e0e860b30330a52b0f785561332dd2429
13cae1df1d163ed372cef2db31c13865a81dc02df69f58b674b108cad13e5a9f
15d6dff53a85e601ddd4a1e658129efdeedaf6d1f5c27ff624a480bdbf491210
1a7a9dbf72f51b1231a1feee0639de747ae3c277f91cce3968790f514857b746
1bcdc9e45f14a6d08116127ccc767b63a14bd35f7ccb9a747a5cbecb15efcada
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c89052083e8c595be70effc2cf71710c134ad82d591593230e2ae13c9c8c4b9
1cae0b9d70b27cc19083606d3249728c06e567271cef4692d9aa2e6f1e787f96
1e70bd3712e4b952de8a31d4b4aaeed68ed73b194458c920a10c01e972b4d304
2780ede9598614a57b1265fbfbc739c2c36f0cb7656bb59aa86a08e8ca5a1b95
2aae121cf9a9b26ee287538baa4e29455f490c98121a3ff1ef2f97d3c0579a2d
2ab8f34de3ccd3634518dd9188b7ec7cf08e00190b5e56e6606ad3ed2c92b2dd
2cb34277a5434f95f67e8db342273633beb965b1e4151781e11145a76526437a
3091226afe64a0b859a804ab23e0cc8d1e42fd35d0364df8ac044707dce93c84
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32984fcae927955ad21b22eba413e78d35b6f75613a52d1ff6cbf9c5c139d0ac
36ace6e4c38fc4c8a5904f8acd8359f20b14394d5f6177bde16607d10e0c1f7e
36ff8562b6eb7a71acaeb673fe704baefd260365cdd37c9e23bb73c82263b855
3724d91d386a94f5f996109e99b924baa373c2baa4ef06f664a89a023241a251
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
399c9bc1b4d8f0f2da17159c0f26939bd202a1cc1425b88ce7e3d55ca49ab9c0
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c53bd4fb46505b90b10e21b4c6e477a14abb0ed61eab0a7b44ee0c351de5b5a
501e025f6f2171a74376b4d0b42f25844470d145ee9ee716301c0272410b121c
50ec747afc45612c45573a7101ecf9adf6dee6e98c2620b22ee3f70144f9548e
51972dd36653cf3ddd803b83c6bf831aa9477716238ede1d396877099de6782c
522e7fe1c9a58bc6742ffc993f258039f8e466de5f696ec0357e06004cbcec28
566440671e0d40ae57027569da3bf5fc051a0d37cbfb16c579b8c48ccfac499e
570444a202b6f46379c7b1762efa20c1c90867fd1432bb6b13b9822ab9b12dc1
578e43aee443910dace37bedbf47d21002aed9c9241fb51009e2f034ac05a99e
591c6bf7ae2840dc3c4bb1da23a9ee7da4a783e78026eda46ce3fcee561422e9
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5de489881755911412d7d4cca9853837f9770527c54a3b8541f90d40b0a189ef
5ee6083f0f2bae56f470d7b5745780b8a98bf000f5252b6a40e37668477b963d
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6078ac7c92005eb0259d8346c715dfb0063f439fbf7146f97b6089725021435e
625b022a42ed5d9c39911e42050f4fd9834ea039af978b7716f7800ade95eb55
672e173a1961506da81fd51463bb8b4aeacf8be4d484d02dca74b3e3a848ab7c
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69a8787bd0fb3c7b7910a9c71ec4b210c7f01351ca3c1fb982807fa8f24ee41c
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
70242b7559c38404934267e32fa95b7ab11a7f1f8ec793c34b96e84aed7a42b1
7338d5f6e4b935bdc48bea8235a4f3416bd9672dbeddb2320fa0bd27eb16f4ce
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b0d98e2112db70f60d00767b234787b407921197d2b515fc72ec0281417f5a0
80b228f1ee2ce7d0b8f664750e36a5e42107efd3990e69d79cd1e6a9ea699817
821e680e0e3aaf1443afd405e277a193550d50b434e4485b33dc0e7ab125c117
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8713b8c06dbd3b459163d11eef03ef255e09013d8b4bf89b840a5ea411a52753
88742cb6546237d30462295c004f0a9be28ed6165784e0a025497033dc9d5f10
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99de5ea64d7b680badf430c6bf799e6186f53aad85bc5407f915f707178070a1
9a93b8c29b96268395bea9ba2c83dbcc5a0a288931298ef7563e25ccb5a19abf
9b4989f0731a994a63b74e2f547ca53bc02666ae1af21da649b604a779e509e0
9f8441024e84c58109845fa52d52c98b3a2a6cde7529d923779fc815053795d4
a334534614782c0e1ff21a6d9870e45372fd008677911a4195c517404b503443
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a464fee66ea57dd78b38984a50638ac566587f765a12e5a0bb300ef1bafbcbc3
a7888999fa80868a7f03f4afcc1ab6f9bc8cf16113794978fde1ba006c961ce8
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
aa4bc789142ca61c2faae60acec10c04360e92f0995c4bc6d29b076e39d09e2c
ab972f6a39ea0cc174d842ee8e05040126ae6ff7a9cb1ba71832891f65b777c9
abe92e0a271866d066c160619d758d8106cfba28bea8193b1fa5c6d87722702e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5be0732ab1cc16692e165a7950810f0c772e400f6a2f63e1026a0b938016813
bb89fd7fbd72b6bfa70d976f4daf1fff0cb90ef511666aebb180fde5c0507d49
bbdebae3ff8331b2cef57db737c337e32d0cc1052c778818ba28b7d8223e82ed
bd6dff39209793a63ef029e04f3e2e31ea67c912fa1c34fa61793023566ab7d2
bf140dc12f2ed8ec639a4476223803ca6ca9f808d8b9a975b214f6feaf252684
c340313fbf7869da6c98fa2d5904983db6d7a1eb5bed7c114c98355eef779ec0
c4fad867557fa65e1a778e915c0b4ed0cd1bbb4443452c8943e5cec6504311e7
c51ba9ba00ac523ea8abc8af077067befb6d31bd790fadc37d6066104bddf214
c81c70bc43ac044bb9d4efeafb806b8e39c3dfe2f8b9c52e47f5dae17f622f42
c919ed7913ac55a25e3b84f3995d8fb60de863d9fd4116880d975c2620373323
cafe94ba60283d2f3973530b64b9b615585263b4cc08cc8687521fb892b75538
cf83c170fc992166303ac5ee3ad9353ebeff4e41f0bf72f104cc843cc8958471
d2c0e1aebf907b85c8790c7910529e00521037df698079cef17489cd7ff37a97
d37545bbfbab30b44e51e630172af7d5d8a717afe66642b3e8eba0f6e1666872
d3d1eca0bd8f326fbbf73450c08f5e493c9702d4cc96c9a0fc3c477109092000
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d725c2d4cceb3b60263f693f4d04ed431626cb0505d4d487d1efac9f6de147fc
d8a99f7fa226be0d5bcc878f3ad41381727cb2d9dd9012c106e5cedff5e6a085
db7e371fd56e11797a1e85c60b1bc9f36a0c8e3577d0c5ffc8fc0f7792b00943
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1faec96c5766cc5da452b7c0b8b078b32275ac7ad8dec805a8a25961a9b43df
e26115d5d30637c0bb28de8548e8dba25eee5be273cd7647c8e528d60a013240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4019587a58b47600b0c345b48fd9f58af0d1f80ddeecdd67838bf30d72cb882
e781d0be05a643795f4669d99808e73e8eb8d87844c5b5f127de3cad38c7d2e0
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
eb17223f872598e6ea9c6c9d29d6990983f3b89feb87118c008dbe4f4e67d7fe
eddc11d8be0ae5311acc08d5f2ebe7ff9426384f6408ecbb56abbd7fb5e03743
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f25978162118aaa48b4d6ff7c554757680c288adb4dfeaaa179a5d2735e7061e
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f6386536f99178b831c44b2fe7c5879c47526c2d4327a8d6dd142831a372ec7e
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f9f1ce2a9079ebe7445ff10ac12b8f049abc43c499f4978297ec5dd23283a2e5
fc2560982cfff30fef02aa5d10e4766ff66e34d63c792063cbbbc2b6aedc2d6b
fe3fcb884394be745dbd11141b6d780028a4d86106b6292d7502db096f582218
feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6

bookings.omnihotels.com Open in urlscan Pro 34.120.61.157 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

161 Requests

96 %HTTPS

41 %IPv6

41 Domains

65 Subdomains

54 IPs

4 Countries

1992 kBTransfer

6647 kBSize

50 Cookies

27 Outgoing links

Page URL History

Redirected requests

161 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bookings.omnihotels.com Open in urlscan Pro
34.120.61.157 Public Scan

Screenshot
Live screenshot

Full Image

161
Requests

96 %
HTTPS

41 %
IPv6

41
Domains

65
Subdomains

54
IPs

4
Countries

1992 kB
Transfer

6647 kB
Size

50
Cookies

161 HTTP transactions
0 data transactions