securitys-booking.com Open in urlscan Pro
2606:4700:3037::ac43:8dcf Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://securitys-booking.com/
Effective URL:
https://securitys-booking.com/
Submission Tags: @ecarlesi possiblethreat #phishing #booking Search All
Submission: On September 27 via api (September 27th 2023, 11:59:41 am UTC) from PL — Scanned from FR

Summary HTTP 56 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 10 domains to perform 56 HTTP transactions. The main IP is 2606:4700:3037::ac43:8dcf, located in United States and belongs to CLOUDFLARENET, US. The main domain is securitys-booking.com.
TLS certificate: Issued by GTS CA 1P5 on September 26th 2023. Valid for: 3 months.

This is the only time securitys-booking.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:2708	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:303... 2606:4700:3037::ac43:8dcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.32.121.81 13.32.121.81	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:223... 2600:9000:223f:ce00:1c:d826:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2606:4700::68... 2606:4700::6812:83ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	52.222.236.82 52.222.236.82	16509 (AMAZON-02) (AMAZON-02)
1 1	99.86.4.111 99.86.4.111	16509 (AMAZON-02) (AMAZON-02)
10	13.224.189.65 13.224.189.65	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:38::178	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:e00:1c:d826:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	5.57.16.90 5.57.16.90	43996 (BOOKING-B...) (BOOKING-BV Booking.com)
2	45.130.41.42 45.130.41.42	198610 (BEGET-AS) (BEGET-AS)
1	99.86.4.72 99.86.4.72	16509 (AMAZON-02) (AMAZON-02)
2	35.190.10.96 35.190.10.96	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	47.246.46.207 47.246.46.207	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
56	14

1 2606:4700:3037::6815:2708 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

securitys-booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3037::ac43:8dcf (United States)

ASN13335 (CLOUDFLARENET, US)

securitys-booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.81 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-81.fra60.r.cloudfront.net

www.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:223f:ce00:1c:d826:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cf.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
q-xx.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:83ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.222.236.82 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-82.fra56.r.cloudfront.net

saa.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.111 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-111.fra6.r.cloudfront.net

d8c14d4960ca.edge.sdk.awswaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.224.189.65 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-65.fra2.r.cloudfront.net

d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:38::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:e00:1c:d826:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

q.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.57.16.90 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: bstatic.com

www.bstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.130.41.42 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: ssl.thomas.beget.com

snipp.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.72 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-72.fra6.r.cloudfront.net

account.booking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.10.96 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 96.10.190.35.bc.googleusercontent.com

collector-pxikkul2rm.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.46.207 (San Mateo, United States)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

ls.cdn-gw-dv.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	securitys-booking.com 1 redirects securitys-booking.com	263 KB
11	awswaf.com 1 redirects d8c14d4960ca.edge.sdk.awswaf.com — Cisco Umbrella Rank: 102762 d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com	290 KB
10	booking.com www.booking.com — Cisco Umbrella Rank: 11921 saa.booking.com — Cisco Umbrella Rank: 133437 account.booking.com — Cisco Umbrella Rank: 14316	19 KB
8	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 635	131 KB
7	bstatic.com cf.bstatic.com — Cisco Umbrella Rank: 16216 q.bstatic.com — Cisco Umbrella Rank: 94358 www.bstatic.com — Cisco Umbrella Rank: 89614 q-xx.bstatic.com — Cisco Umbrella Rank: 15221	212 KB
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 958	433 B
2	px-cloud.net collector-pxikkul2rm.px-cloud.net — Cisco Umbrella Rank: 17056	1 KB
2	snipp.ru snipp.ru	29 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96	21 KB
1	cdn-gw-dv.vip ls.cdn-gw-dv.vip — Cisco Umbrella Rank: 143537	769 B
56	10

	Domain	Requested by
13	securitys-booking.com	1 redirects securitys-booking.com
10	d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com	securitys-booking.com d8c14d4960ca.edge.sdk.awswaf.com
8	cdn.cookielaw.org	securitys-booking.com cdn.cookielaw.org
7	saa.booking.com	securitys-booking.com saa.booking.com
4	cf.bstatic.com	securitys-booking.com
2	geolocation.onetrust.com	cdn.cookielaw.org
2	collector-pxikkul2rm.px-cloud.net	q.bstatic.com
2	snipp.ru	securitys-booking.com
2	www.google-analytics.com	securitys-booking.com www.google-analytics.com
2	www.booking.com	securitys-booking.com
1	ls.cdn-gw-dv.vip	securitys-booking.com
1	q-xx.bstatic.com	securitys-booking.com
1	account.booking.com	securitys-booking.com
1	www.bstatic.com	securitys-booking.com
1	q.bstatic.com	securitys-booking.com
1	d8c14d4960ca.edge.sdk.awswaf.com	1 redirects
56	16

This site contains links to these domains. Also see Links.

Domain
partner.booking.com

Subject Issuer	Validity	Valid
securitys-booking.com GTS CA 1P5	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.booking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-12` - `2024-05-18`	a year	crt.sh
*.bstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-13` - `2024-08-31`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
snipp.ru R3	`2023-08-11` - `2023-11-09`	3 months	crt.sh
*.px-cloud.net Sectigo RSA Domain Validation Secure Server CA	`2023-08-15` - `2024-09-13`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.cdn-gw-dv.vip RapidSSL TLS RSA CA G1	`2023-08-01` - `2024-07-31`	a year	crt.sh
*.568c49d2.eu-west-3.token.awswaf.com Amazon RSA 2048 M03	`2023-08-20` - `2024-09-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://securitys-booking.com/
Frame ID: 71D095B64D42C1ECAC0531C0D55FD353
Requests: 53 HTTP requests in this frame

Frame: https://ls.cdn-gw-dv.vip/dedge/zd/zd-service.html
Frame ID: 72041FD415A576D4A9E5E5AA6686E3B2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Booking.com

Page URL History Show full URLs

http://securitys-booking.com/ HTTP 301
https://securitys-booking.com/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

56
Requests

98 %
HTTPS

44 %
IPv6

10
Domains

16
Subdomains

14
IPs

3
Countries

967 kB
Transfer

3591 kB
Size

11
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://partner.booking.com/node/2170?utm_source=account&utm_medium=support_link

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://securitys-booking.com/ HTTP 301
https://securitys-booking.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js HTTP 307
https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js

56 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
securitys-booking.com/
Redirect Chain

http://securitys-booking.com/
https://securitys-booking.com/

271 KB
46 KB

143ms
83ms

Document
text/html

2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19f766dfe024f262671049573c8026f22846abc17c10d659645334ca2f5e2778

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 80d394d2bd790277-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 27 Sep 2023 11:59:34 GMT
last-modified: Wed, 27 Sep 2023 11:06:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s3a1V5C58QtMfbhAW8PHk0%2F9QMdjoAua1cTWXgw1S3aAbyudKtvQUdX0TfZyNhx3SrIDZ8yECtSgmyMbYbQwRstDEtKnh247T2E5VsxoGiwrR2pBLToVcS0bUtCLHY98Q4Va%2BOka5csrp0LlLCskRcs%2B%2BGc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

CF-RAY: 80d394d21ee3026d-CDG
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 27 Sep 2023 11:59:34 GMT
Expires: Wed, 27 Sep 2023 12:59:34 GMT
Location: https://securitys-booking.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsCFJHPy0anDMDjl%2FUIHNwMiEmoFM4l2CgI4EZnrIezMm7KzUlWubGs%2BMZm6WwEDsR0Zi25%2FNVdjGhurEXJCPlxL5VXTXNP9WBX5W8aHEIkpoD3qGrOkoXA4RpTKmuEru1tjU4g7pvW7dHXFbMpCAvxKj%2Bo%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 _etnht
www.booking.com/ 35 B
1 KB 194ms
109ms Image
image/gif 13.32.121.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.booking.com/_etnht?cpr=https&ch=securitys-booking.com&we=we&cpa=%2F

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-81.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
strict-transport-security: max-age=300; includeSubDomains
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
content-security-policy-report-only: frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=1f2f545304a80018&e=UmFuZG9tSVYkc2RlIyh9YVMFwLUCQ8zsS7x9ri8k8teRQo107a9Ki0h0N0YDXXI7FffdJ3zVkGc
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 35
x-xss-protection: 1; mode=block
x-amz-cf-id: NYyZ9RCuAtvrQD-0Be4cGRJSHfYLN4njAFBeCupT75YebAPRJIHdEg==

GET
H2 200 416_1975cbc2f7eaad75f590.css
cf.bstatic.com/psb/accountsportal/assets/ 90 KB
15 KB 103ms
33ms Stylesheet
text/css 2600:9000:223f:ce00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cf.bstatic.com/psb/accountsportal/assets/416_1975cbc2f7eaad75f590.css

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ce00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 09:54:23 GMT
content-encoding: br
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 439512
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-amz-expiration: expiry-date="Fri, 19 Jan 2024 10:48:55 GMT", rule-id=""
last-modified: Thu, 21 Sep 2023 10:48:55 GMT
server: nginx
etag: W/"d2e841cb3b0b0274a4196fd767d65edb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
x-amz-meta-x-deployment-hash: ba5c3ab9140f8f229545f93974b277dd531d7bb78772e82f7ceccb3f2d750654
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: nAVVB3M6Kbv7tgdrmAiFwpJm5PhK3gvi59IY7KnH1eo-saE0YW6FMQ==
expires: Sun, 22 Oct 2023 09:54:23 GMT

GET
H2 200 549_473af0c65e95a32c7dab.css
cf.bstatic.com/psb/accountsportal/assets/ 73 KB
7 KB 105ms
36ms Stylesheet
text/css 2600:9000:223f:ce00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cf.bstatic.com/psb/accountsportal/assets/549_473af0c65e95a32c7dab.css

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ce00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dc40e27fb7e4940d78a22d31e49117ef41cb241f0a4c8a8b20c6e072bf66a3c6

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 14:40:17 GMT
content-encoding: br
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 1891158
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-amz-expiration: expiry-date="Wed, 03 Jan 2024 13:06:04 GMT", rule-id=""
last-modified: Tue, 05 Sep 2023 13:06:04 GMT
server: nginx
etag: W/"7adaf892d5693d25b895600b85072e74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
x-amz-meta-x-deployment-hash: 147619d43eb83f6549f67ded5200ff00505c984782ce490ec80aa28973d592f1
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: L48koB-bU7P8C7UzZJVSi2XOSytJLuhTjTCNg-2BF3HjbHz3fL5Bog==
expires: Thu, 05 Oct 2023 14:40:17 GMT

GET
H2 200 826_253079e92c11f7fb46bd.css
cf.bstatic.com/psb/accountsportal/assets/ 59 KB
11 KB 125ms
56ms Stylesheet
text/css 2600:9000:223f:ce00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cf.bstatic.com/psb/accountsportal/assets/826_253079e92c11f7fb46bd.css

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ce00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f6cf3b2e7de29f886185bc35d78511d7be137ef2d9193b8262c495acdb85a5a0

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Sun, 17 Sep 2023 22:02:48 GMT
content-encoding: br
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 827807
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-amz-expiration: expiry-date="Wed, 16 Aug 2023 09:18:36 GMT", rule-id=""
last-modified: Tue, 18 Apr 2023 09:18:36 GMT
server: nginx
etag: W/"cc544e33fc1537b047f5a3aea46ef0be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: text/css
x-amz-meta-x-deployment-hash: b06fc8bf5e395924dc8d3b27255446e0cd8ef99a
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: OasaQ5xdb4KNsDcC-38eetWVAQrFfP56EmsvVp-Ymu2j_fXDfM4qVA==
expires: Tue, 17 Oct 2023 22:02:48 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 36ms
33ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: h6ThlO7ea17v6JNPXbI1zQ==
age: 62970
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6822
x-ms-lease-status: unlocked
last-modified: Mon, 25 Sep 2023 19:31:33 GMT
server: cloudflare
etag: 0x8DBBDFE06DEE41C
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: a957bdb7-c01e-00a6-14e9-ef8e9d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d4fc7200a2-CDG

GET
H2 200 asset.76f4cfe389ea593cf33909bbcedb7949.js Show response
saa.booking.com/ 39 KB
13 KB 149ms
37ms Script
application/javascript 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

950d7028921f91f48d3242b0eace0b1a0be2e3290714014a3025953c44facb32

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
via: 1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-length: 12485
x-xss-protection: 1; mode=block
last-modified: Mon, 30 Sep 2013 09:36:48 GMT
server: Perl Dancer2 0.300004
etag: 76f4cfe389ea593cf33909bbcedb7949
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
x-amz-cf-id: 4cxetj-hMiGA0xIrtL99Df746n-st5Vm3NBpLzY35TCzwdPwK2XzjA==
expires: Tue, 31 Dec 2030 23:30:45 GMT

GET
H2

200

challenge.js Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/
Redirect Chain

https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js

1 MB
280 KB

181ms
74ms

Script
text/javascript

13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: fe9f6bdce1dc251e30d0242fc1ca3eeca58d3c54f49c548a7a6a05f69e559df2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-65141927-1d0b74af0b80f6c71ef2849d
content-type: text/javascript
cache-control: private, max-age=86400
x-amz-cf-id: ISzMw1wvLPKy5C94qewn62SgNIDlmUHRsSSSLllUayN41jxmBLwZBA==
expires: 0

Redirect headers

date: Wed, 27 Sep 2023 11:59:35 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
access-control-max-age: 86400
access-control-allow-methods: *
x-cache: FunctionGeneratedResponse from cloudfront
access-control-allow-origin: *
location: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
cache-control: max-age=86400
access-control-allow-headers: *
content-length: 0
x-amz-cf-id: Vcm-2lAOgaFaM9o3NkQ623zAxjIrWajW9erUHuJsYdH4vi32ro8I6w==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/ 403 KB
97 KB 40ms
37ms Script
application/javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fuN6EZWNAh2xn3yE+0HSRQ==
age: 68047
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99428
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:48 GMT
server: cloudflare
etag: 0x8DB81B7897E828A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 144c20d3-601e-002b-3b0c-b4ac5e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d4fc7500a2-CDG

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 95ms
20ms Script
text/javascript 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 27 Sep 2023 11:15:00 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2675
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 27 Sep 2023 13:15:00 GMT

GET
H2 200 px.v7.5.3.min.js Show response
q.bstatic.com/libs/asec/btmgmt/ 269 KB
99 KB 143ms
36ms Script
application/javascript 2600:9000:223f:e00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:e00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

0e3cd6436c3188852c7bc0a21b4c6789c22306fe5f5d64c1507d9f24590f7670

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securitys-booking.com/
Origin: https://securitys-booking.com
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Mon, 11 Sep 2023 04:15:01 GMT
content-encoding: br
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 1410273
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Aug 2023 13:54:41 GMT
server: nginx
etag: W/"64e76121-4335e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: LMnMwHZJKOOSTIfBDGSRleBUnJWueHjhxY9TpjIZt7DxQD4Y1OpMTA==
expires: Wed, 11 Oct 2023 04:15:01 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/ 5 KB
3 KB 93ms
45ms Script
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/OtAutoBlock.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d3e2d70e3e3ffb919fd2ce8d89721d4f2931bb069489c075eab2eab978f2bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 22566
content-md5: 1edaYBaUuHR/0XZZX5572w==
content-length: 1991
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jun 2023 05:37:02 GMT
server: cloudflare
etag: 0x8DB67E2632B9BBB
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e04e4e04-901e-0118-24cb-99b326000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d4ec5b00a2-CDG
expires: Thu, 28 Sep 2023 11:59:35 GMT

GET
H/1.1 200
OK cookie-banner.min.js Show response
www.bstatic.com/libs/privacy-consent/1.0.0/partner/ 593 B
1 KB 97ms
22ms Script
application/javascript 5.57.16.90
BOOKING-BV Bookin...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bstatic.com/libs/privacy-consent/1.0.0/partner/cookie-banner.min.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

5.57.16.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),

Reverse DNS

bstatic.com

Software

nginx /

Resource Hash

c900a864b1d5aadef7184740f11b3b5f4caa1ac6a407d7ea59a741a259e01fc4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
last-modified: Thu, 24 Aug 2023 13:54:41 GMT
server: nginx
nel: {"report_to":"default","max_age":600}
etag: "64e76121-251"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
content-length: 593
x-xss-protection: 1; mode=block
expires: Fri, 27 Oct 2023 11:59:35 GMT

GET
H2 200 runtime~index_9239c9c6cbeb2a77c28f.js Show response
securitys-booking.com/js/ 5 KB
2 KB 34ms
33ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/runtime~index_9239c9c6cbeb2a77c28f.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f3b6d872420fb5262782438ec43056204e645915d132e05cdf886d40ae70b15

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130fae-122b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1u7mBjdqha47DN12AWQ3N3YaYgjbzd6zCZVHjLvMPIQtAJtso0RnJsSGdWZCZM7bB5geAZ4Uz1itlEnbF3DhGV%2F%2FpxOb2hJA8XuxeCXqCD%2BcSRuEaveVkNqLm0csqY33b6O1Yrngn5r6EpCIXTLekADYVoI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4a9540277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 326_4e98a27a96e8aa0e2044.js Show response
securitys-booking.com/js/ 31 KB
12 KB 40ms
36ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/326_4e98a27a96e8aa0e2044.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dda2b05de1686cc556ae307d414e0f94854ba22e20ebb9631ee61c454ac5cf71

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130fa8-7da2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbAYe%2BdSlwdD1tnS9wZNYg7k%2FH%2BJD%2FcCH18Jf3yGhq24QGhdD10xM%2Bg54yX4VD8y%2F2DBXOyvkxnB3VP%2ByyJMj2gb4RiM8eBRMfK8rBZay%2FFL61t3nweT9lEMXJUiKFhWXwgkcHvNRaHqz%2FUHyXW%2Fvdin6xA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9ce0277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 416_c0c3ec745d0fd0eb5a66.js Show response
securitys-booking.com/js/ 322 KB
89 KB 69ms
65ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/416_c0c3ec745d0fd0eb5a66.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4373abd944ad961a2d62a4acfd83ce92f38493f56d114c1bbcf08cb1f39c9993

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130faa-5085f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U0VKqaFJZ5o0%2BPAEcDiqS8JXtq5FRaO354Og1jPzHlPlKqfhG%2Fpj83%2FIp11wS5gUXL%2B%2FWmgbmNgvOG84%2BEECjJvavnq5Gz%2Fu5cXOCEGye5%2FqtkHIoRkdXw3pqkfDJtAfSpV9P8HXnAXfYQ9T3yOB5Id5lY4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9d90277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 101_9e220ae0491fe79da0d5.js Show response
securitys-booking.com/js/ 125 KB
32 KB 67ms
64ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/101_9e220ae0491fe79da0d5.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efcd74132a2ca5b1ed4ccd29ea1104082d3e48d040684be31d91c336fc1c0bcc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130fa8-1f544"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66GTeakcSLcmvu45niiduI52lJWWPDoIpodveqRlA9BL8uw90o2WPASDAotiRx1vhsSpDR1OvDNhghPbCPjZrgAhttAsgj4fCFqHsxRzOI9xQob0qKOyVuIjTxU2hLx%2FtnEsizzBd%2FTCWl%2F5ag77kuBeJUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9dd0277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 185_6374f2c626433c4ae706.js Show response
securitys-booking.com/js/ 58 KB
19 KB 68ms
65ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/185_6374f2c626433c4ae706.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e30c24327b1860582d06e2bef832cae8d1b2d2add3acfe9954107c88882ed430

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130fa8-e78b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Vi1BkIwBoEB8h2cnnSKfeT1FCvfId3OxlCSAfx8nnT3h%2FBExTUsSkcNJLEGzxN0pTxtBKrkZB4nHr7CG9GgAS%2F%2FveVbSoCEzDp2gvF5ONzL9YwEeYhAzMZZhgjd3L39NTYgfNpxbwVUIA3B0Poz8EXzNGw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9e40277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 549_e814a0a1e02aa3d5c190.js Show response
securitys-booking.com/js/ 194 KB
54 KB 45ms
42ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/549_e814a0a1e02aa3d5c190.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a3aaea305f497e7188aa16f97fc856b4d40708370a65cdadda7070a5b0edfe9

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130faa-307de"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8M8mKjPzgBS0ZBuUZ5aeJT8xuKkVeCfDW%2FdlpDLwCZIGm4qvB5BVOsIhA6cJSIRsQKZKbx4m7oiGnJkMnXxpiLhNnJ6Qj20I%2B0DkMlehajtUOjIVeP4VTBWFD%2FMlTfcfHnOguUeZn9w%2BRQmo3WBRJbRNY8U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9e70277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 48_a501036cafaf1b1b6586.js Show response
securitys-booking.com/js/ 13 KB
6 KB 38ms
35ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/48_a501036cafaf1b1b6586.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f75b16ced45abf30577dbbbc39de46c69526a9f82044a6001b1daa9517a41674

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3006
etag: W/"65130faa-34a7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSNvbdc73SawH5HOeIvNoRWrsS6yJgNWp2lNXGRs7Q%2F8scpCQ%2B7wytdulObClVqFMFl%2B4muHE3ZHzM7c9wicPumN1MGXD7yqIJi6WnE0wTJ5y%2BBpIlCI%2Bgacq3F2tNxElq0NYg3OPyv5eB37VH2JelADAvI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9ea0277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 analytics_1.js Show response
securitys-booking.com/js/ 339 B
598 B 73ms
71ms Script
application/javascript 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js/analytics_1.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f04ef9b90f98e8e0f419232fba965c8ad8f277bda087d2bc2aba1a53587db9ec

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Sep 2023 17:06:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3174
etag: W/"65130faa-153"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V44BflT14XviRcbJh7iiEwtNPBgkuugWEnalViXrjSGQI4jagrO1kaUAR0g8p3hbLe8ClLfYyX6B2K%2BhzbN9iP3mlvm4ti8KunsRXJArjMWVAGyHNZ0Kyuu9rmV4YVk7y77jlijYyvPqVbmL8%2FhFaFTBeo0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 80d394d4f9ed0277-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
snipp.ru/cdn/jquery/2.1.1/ 82 KB
29 KB 413ms
78ms Script
application/x-javascript 45.130.41.42
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://snipp.ru/cdn/jquery/2.1.1/jquery.min.js
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.42 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.thomas.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
last-modified: Tue, 29 Sep 2020 19:42:10 GMT
server: nginx-reuseport/1.21.1
etag: W/"5f738e12-14915"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Wed, 04 Oct 2023 11:59:35 GMT

GET
H2 200 416_c0c3ec745d0fd0eb5a66.js Show response
cf.bstatic.com/psb/accountsportal/assets/ 322 KB
77 KB 35ms
32ms Script
application/javascript 2600:9000:223f:ce00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cf.bstatic.com/psb/accountsportal/assets/416_c0c3ec745d0fd0eb5a66.js

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ce00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dec0a6e6e4129705e96025f775197ec3e343c61d1944df8a2a3767df4f68a562

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Fri, 22 Sep 2023 09:54:23 GMT
content-encoding: br
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 439512
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
x-amz-expiration: expiry-date="Fri, 19 Jan 2024 10:48:55 GMT", rule-id=""
last-modified: Thu, 21 Sep 2023 10:48:55 GMT
server: nginx
etag: W/"5974be1de21226e6f6a1c1db3b799bad"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
x-amz-meta-x-deployment-hash: ba5c3ab9140f8f229545f93974b277dd531d7bb78772e82f7ceccb3f2d750654
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
x-amz-cf-id: 1EXOHfl_aOz2uH1Y6m700sLvyeORmiBPR_FBwaFwD-TgzaL_thQnnQ==
expires: Sun, 22 Oct 2023 09:54:23 GMT

GET
H2 200 fvtrpw.gif
account.booking.com/_/ 35 B
2 KB 243ms
146ms Image
image/gif 99.86.4.72
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://account.booking.com/_/fvtrpw.gif

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.72 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-72.fra6.r.cloudfront.net

Software

envoy /

Resource Hash

9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=e9425453b475001e&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19YdZpgMenK4D6DWqIgkupBGxX8LVuuvCG0
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-security-policy: frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=e9425453b475001e&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19YdZpgMenK4D6DWqIgkupBGxX8LVuuvCG0
via: 1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
server: envoy
x-amz-cf-pop: FRA6-C1
content-security-policy-report-only: base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=e9425453b475001e&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19YdZpgMenK4D6DWqIgkupBGxX8LVuuvCG0; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-oNlh6LiNbWdWUvX' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
x-cache: Miss from cloudfront
content-type: image/gif
content-disposition: attachment; filename=etnht.gif
x-amz-cf-id: LpwiAUbwgU4V8JZIzI2kU762KUrPmdR5CxY4GKJs9BQe3wZ0gk2zCQ==
x-xss-protection: 1; mode=block

POST
H2 200 collector Show response
collector-pxikkul2rm.px-cloud.net/api/v2/ 543 B
800 B 113ms
54ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxikkul2rm.px-cloud.net/api/v2/collector
Requested by: Host: q.bstatic.com
URL: https://q.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: bb713ee067d2f4627d97f99727a0c605d8ee412196113fd0f912d602a9a8bd55

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 27 Sep 2023 11:59:34 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securitys-booking.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 543

GET
H2 200 a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Show response
cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/ 6 KB
3 KB 108ms
62ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff6a8354e4f8f9ded61eb811d32e1419f77b6d1928b08d2df8bb35c53d0822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: bbvZMmIk+DeKaUU3H9ZMOw==
content-length: 2004
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jun 2023 05:37:02 GMT
server: cloudflare
etag: 0x8DB67E2632C37E5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 58f8faba-b01e-002a-4ebd-f0e693000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d589f3d6fa-CDG
expires: Thu, 28 Sep 2023 11:59:35 GMT

GET
H3 404 view.svg
securitys-booking.com/ 283 B
283 B 72ms
72ms Image
text/html 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securitys-booking.com/view.svg
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aef5724e632ce65211eb410cb1c3f243de547543cc4c254be09802bc8bf55ee1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s05E1j3qDxZ2fso0JiF6OT33dx6U0huE3etbreg58kgnnKrDPYl5mjjJVQY18vCkxLf52Wsl0SJI%2B4WfmKpEnAoZJNiVJaZWXpcuaj9utf1Fb7GL4sAZpCUPX8zo%2BVE5E4CzcnWTGuSS5sWIN1TQ3xLxPXA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 80d394d54871d62a-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 gb.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/ 522 B
1 KB 50ms
29ms Image
image/png 2600:9000:223f:ce00:1c:d826:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/gb.png

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ce00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 22:44:12 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
nel: {"report_to":"default","max_age":600}
x-amz-cf-pop: FRA56-P5
age: 1775723
x-cache: Hit from cloudfront
content-length: 522
x-xss-protection: 1; mode=block
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
server: nginx
etag: "5f560e08-20a"
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: vSjqb2HI8KIcDqzirvU-mbxDT7GgSualD-lB2D8ea-ax65PzoZyoMA==
expires: Fri, 06 Oct 2023 22:44:12 GMT

GET
H2 200 _etnht
www.booking.com/ 35 B
1 KB 111ms
110ms Image
image/gif 13.32.121.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.booking.com/_etnht?cpr=https&ch=securitys-booking.com&cpa=&ad=ad%2F

Requested by

Host: securitys-booking.com
URL: https://securitys-booking.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.81 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-81.fra60.r.cloudfront.net

Software

nginx /

Resource Hash

9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
strict-transport-security: max-age=300; includeSubDomains
via: 1.1 adc51edbb4dc468fb382e40b115a2f62.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA60-P1
content-security-policy-report-only: frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=f49c5453a30c00c9&e=UmFuZG9tSVYkc2RlIyh9YVMFwLUCQ8zsS7x9ri8k8tcVWURu852Imnv2AJC1BpJ9kgKE0DJy6OU
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 35
x-xss-protection: 1; mode=block
x-amz-cf-id: 2Hk2F070m3tWFR1LbXnXkvBF0Irdq_o2ebwIlIQm_JgRhClt7t1EEQ==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
212 B 26ms
25ms XHR
text/plain 2001:4860:4802:38::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1991357528&t=pageview&_s=1&dl=https%3Asecuritys-booking.com%2F&dp=%2F&dh=securitys-booking.com&ul=en-us&de=UTF-8&dt=Booking.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAIg~&cid=604658520.1695815975&tid=UA-6284728-4&_gid=2117552584.1695815975&_slc=1&z=1989992985

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://securitys-booking.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a387750c-a080-4dd0-b2d1-7dbdb601bb14.json Show response
cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/ 6 KB
2 KB 48ms
48ms XHR
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/a387750c-a080-4dd0-b2d1-7dbdb601bb14.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ff6a8354e4f8f9ded61eb811d32e1419f77b6d1928b08d2df8bb35c53d0822f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 0
content-md5: bbvZMmIk+DeKaUU3H9ZMOw==
content-length: 2004
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jun 2023 05:37:02 GMT
server: cloudflare
etag: 0x8DB67E2632C37E5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 58f8faba-b01e-002a-4ebd-f0e693000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d5ea85d6fa-CDG
expires: Thu, 28 Sep 2023 11:59:35 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 87ms
40ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39f7093b64cc148b96e3a8e1a8d849fcd4fda75781388e413014128f3dfffcf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 80d394d63ef32a2c-CDG
access-control-allow-headers: Content-Type

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
138 B 45ms
40ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39f7093b64cc148b96e3a8e1a8d849fcd4fda75781388e413014128f3dfffcf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 80d394d63ef62a2c-CDG
access-control-allow-headers: Content-Type

GET
H2 200 en-gb.json Show response
cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/fb9ba202-6537-4f07-bbc6-40cff4a77aff/ 45 KB
12 KB 63ms
63ms Fetch
application/x-javascript 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/a387750c-a080-4dd0-b2d1-7dbdb601bb14/fb9ba202-6537-4f07-bbc6-40cff4a77aff/en-gb.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5755cf23e696aae2492dc678b429aad65ba3f0fc6bf783b81b3bd459c0a2ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: 3ESsnGlGZRnxBTWeNcug0w==
content-length: 12607
x-ms-lease-status: unlocked
last-modified: Thu, 08 Jun 2023 05:37:19 GMT
server: cloudflare
etag: 0x8DB67E26D41337C
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 5d7c6e8a-901e-005f-26bd-f08dbf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d69c2dd6fa-CDG
expires: Thu, 28 Sep 2023 11:59:35 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 13 KB
3 KB 52ms
51ms Fetch
application/json 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: iCAxFkQWfzfDHevR0IbBjg==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3019
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:41 GMT
server: cloudflare
etag: 0x8DB81B78556557A
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ecb11ccd-901e-003d-26bd-f04f98000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 80d394d71d03d6fa-CDG

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 21 KB
4 KB 55ms
55ms Fetch
text/css 2606:4700::6812:83ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:83ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 27 Sep 2023 11:59:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:52 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 66fad1b7-501e-008b-3dbd-f03dee000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 80d394d71d05d6fa-CDG

POST
H3 404 js_errors Show response
securitys-booking.com/ 283 B
647 B 91ms
91ms XHR
text/html 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/js_errors
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aef5724e632ce65211eb410cb1c3f243de547543cc4c254be09802bc8bf55ee1

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xslkm4Rdgx%2FdSq0vf7ZgySTYOCmc%2B5%2FCuBLWSdyEP5l6eqkxaqGcDMlZXpNQIJ9TL%2F2ZG4Oix%2Bs0nQziTKI50slOAQkBnLtdTloY497fBJQ9uALX3tPiuFcjjRCSBpArZUEIFZnBxO8MWr09ynikAXQJiYY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cf-ray: 80d394d76b4bd62a-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 view.svg
snipp.ru/demo/495/ 212 B
366 B 96ms
96ms Image
image/svg+xml 45.130.41.42
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://snipp.ru/demo/495/view.svg
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.42 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.thomas.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 560441c109fbd81261a1ab3a257835ee45717af63387316f5751fc387776deb3

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
content-encoding: gzip
last-modified: Tue, 29 Sep 2020 19:52:58 GMT
server: nginx-reuseport/1.21.1
etag: W/"5f73909a-d4"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=604800
expires: Wed, 04 Oct 2023 11:59:35 GMT

GET
H2 200 zd-service.html Show response
ls.cdn-gw-dv.vip/dedge/zd/ Frame 7204 1 KB
769 B 380ms
39ms Document
text/html 47.246.46.207
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.cdn-gw-dv.vip/dedge/zd/zd-service.html
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.246.46.207 San Mateo, United States, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 34122cbd823768b7af1197deade03dc1b1b1fc34191094f640f22e9a55df7682

Request headers

Referer: https://securitys-booking.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 859
cache-control: max-age=31536000
content-encoding: gzip
content-length: 592
content-type: text/html
eagleid: 2ff62e9616958159760516675e
last-modified: Mon, 05 Sep 2022 06:00:59 GMT
server: Tengine
timing-allow-origin: *
vary: Origin
via: cache2.it2[1,0]

GET
H2 304 c.html Show response
saa.booking.com/ec/ 0
463 B 105ms
49ms XHR 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/c.html?name=ecid

Requested by

Host: saa.booking.com
URL: https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
server: Perl Dancer2 0.300004
x-amz-cf-pop: FRA56-P4
vary: Origin
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: https://securitys-booking.com
x-cache: Miss from cloudfront
access-control-max-age: 86400
access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
content-length: 0
x-xss-protection: 1; mode=block
x-amz-cf-id: c8etDLhfVLBEsoozG61f0OcG7odWQ3qHPRzp9WUzkoWc7aB2g0vBBw==

GET
H2 200 e.html Show response
saa.booking.com/ec/ 0
463 B 132ms
77ms XHR
image/png 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/e.html?name=ecid

Requested by

Host: saa.booking.com
URL: https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://securitys-booking.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
server: Perl Dancer2 0.300004
x-amz-cf-pop: FRA56-P4
vary: Origin
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: https://securitys-booking.com
x-cache: Miss from cloudfront
access-control-max-age: 86400
access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
content-length: 0
x-xss-protection: 1; mode=block
x-amz-cf-id: Q_Y9yh-VtQjq0hbVBGBDO82dVN9VjYDu2Aw4euVPPbVHbrUw_enHhA==

OPTIONS
H2 200 c.html
saa.booking.com/ec/ Frame 0
0 49ms
49ms Preflight
text/html 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/c.html?name=ecid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-ecc
Access-Control-Request-Method: GET
Origin: https://securitys-booking.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://securitys-booking.com
access-control-max-age: 86400
content-length: 0
content-type: text/html
date: Wed, 27 Sep 2023 11:59:35 GMT
server: Perl Dancer2 0.300004
strict-transport-security: max-age=300; includeSubDomains
vary: Origin
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
x-amz-cf-id: i40-YEvmkARV-VHNXkhoK6uKe-RofkWw7nak_RdCuttPn89IGQlbcQ==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block

OPTIONS
H2 200 e.html
saa.booking.com/ec/ Frame 0
0 52ms
52ms Preflight
text/html 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/e.html?name=ecid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-ece
Access-Control-Request-Method: GET
Origin: https://securitys-booking.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://securitys-booking.com
access-control-max-age: 86400
content-length: 0
content-type: text/html
date: Wed, 27 Sep 2023 11:59:35 GMT
server: Perl Dancer2 0.300004
strict-transport-security: max-age=300; includeSubDomains
vary: Origin
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
x-amz-cf-id: x-Me_4JUuB8Xfj3mCGuEYvhKDkIg90lKmAs2MVH70ddehiVn7b2I2g==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block

GET
H2 200 c.html Show response
saa.booking.com/ec/ 4 B
579 B 52ms
51ms XHR
image/png 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/c.html?name=ecid

Requested by

Host: saa.booking.com
URL: https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
X-ecc: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-length: 4
x-xss-protection: 1; mode=block
last-modified: Mon, 30 Sep 2013 09:36:48 GMT
server: Perl Dancer2 0.300004
vary: Origin
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: https://securitys-booking.com
cache-control: private, max-age=630720000
access-control-max-age: 86400
access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
x-amz-cf-id: s-bkefVdKwizqvii6N2hs_Ekg01euEi1qI7WBEgqVpmsxYNx7NIq9A==
expires: Tue, 31 Dec 2030 23:30:45 GMT

GET
H2 200 e.html Show response
saa.booking.com/ec/ 4 B
515 B 44ms
43ms XHR
image/png 52.222.236.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://saa.booking.com/ec/e.html?name=ecid

Requested by

Host: saa.booking.com
URL: https://saa.booking.com/asset.76f4cfe389ea593cf33909bbcedb7949.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.82 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-82.fra56.r.cloudfront.net

Software

Perl Dancer2 0.300004 /

Resource Hash

74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
X-ece: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 11:59:35 GMT
via: 1.1 94328d2509009edc0657f5c786a93e42.cloudfront.net (CloudFront)
strict-transport-security: max-age=300; includeSubDomains
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
content-length: 4
x-xss-protection: 1; mode=block
server: Perl Dancer2 0.300004
etag: "null"
vary: Origin
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: https://securitys-booking.com
cache-control: private
access-control-max-age: 86400
access-control-allow-headers: Cache-Control, If-None-Match, ETag, X-ecc, X-ece
x-amz-cf-id: jSts5WDEu5lDSyFNHnLIMfzlC8qFHOMlBu9CHDS1mUBFPsJhBMdcJg==

POST
H2 200 collector Show response
collector-pxikkul2rm.px-cloud.net/api/v2/ 597 B
662 B 69ms
68ms XHR
application/json 35.190.10.96
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-pxikkul2rm.px-cloud.net/api/v2/collector
Requested by: Host: q.bstatic.com
URL: https://q.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.10.96 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 96.10.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1f69d790f833625617e8303a8d9906c5f7c08363a34755bd93b8ca288b29b782

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Wed, 27 Sep 2023 11:59:36 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://securitys-booking.com
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 597

POST
H2 200 verify Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 336 B
753 B 147ms
86ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/verify
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: 7db5a0097029e577a3fd4b840766be5c3367ad6167578dfe2aa92eefac08ca64

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:36 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-65141928-2c5590533f983c3204648acd
cache-control: no-cache, no-store, must-revalidate
content-length: 336
x-amz-cf-id: VWv4L20r8DQ5jvx0t0sO8qjmRuN6WsHHgb162I9x2kg37YsisSnauQ==
expires: 0

POST
H2 400 verify
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 16 B
0 124ms
88ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/verify
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:36 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Error from cloudfront
x-amzn-waf-challenge-id: Root=1-65141928-28e654ba010dd28c0cbd8d17
cache-control: no-cache, no-store, must-revalidate
content-length: 16
x-amz-cf-id: 5-cBIOGqVcBnccDDbVqeVqO2D-PnLWrGxpXwZLoN9Sh-pG14JKrcUw==
expires: 0

POST
H2 200 report Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 0
263 B 74ms
74ms Fetch 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/report
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Sep 2023 11:59:36 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
access-control-max-age: 86400
access-control-allow-methods: POST
x-cache: Miss from cloudfront
access-control-allow-origin: *
content-length: 0
x-amz-cf-id: nfuQchp9gdrSSm1ypJ7gB47-nVxu1KdiwM2JKLgc_7J-do5MBoPcgw==

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 904 B
1 KB 64ms
63ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: e445ca304ac9c150d63937b976f7efa91c7290cedff730a27b947467fe092130

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:37 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-65141929-7f995a4f2645dd0f4c3c737b
cache-control: no-cache, no-store, must-revalidate
content-length: 904
x-amz-cf-id: xKpRFet7dU8vauiOo7HhPSCP_nWL0F8bTGb3ZpeSD5t1Ga4LJTNMIw==
expires: 0

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 992 B
1 KB 44ms
43ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: df7dd6a307e865a6f2bb54cf8c90ff79f665d1b622ff1e106698305825550c58

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:37 GMT
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
access-control-max-age: 86400
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-65141929-3d2da75d6a77db096bafe3f8
cache-control: no-cache, no-store, must-revalidate
content-length: 992
x-amz-cf-id: SCIwVCUhWRJ0uj-I2HoFagJVFb1OP-UZTj4LkWyVzz2wS5_wmde7uA==
expires: 0

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 1 KB
1 KB 119ms
118ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: ea2e4dccea448ace09c1c4981a735cb2dec6d8c8ea8a7e5072c0b1ae74f43ca4

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:37 GMT
content-encoding: gzip
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-65141929-6ca1c1b46faf90fb3d6cb3f9
cache-control: no-cache, no-store, must-revalidate
access-control-max-age: 86400
x-amz-cf-id: NAoIYRU-HitQghSBXLwyRMdBjJL3Fynl_2PIQVdKsuOMKiGq7AmzDQ==
expires: 0

POST
H3 404 navigation_times Show response
securitys-booking.com/ 283 B
645 B 52ms
52ms XHR
text/html 2606:4700:3037::ac43:8dcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://securitys-booking.com/navigation_times?sid=&pid=be528e7f6a960107&nts=0,0,1695815974681,0,0,0,0,1695815974762,1695815974764,1695815974765,1695815974765,1695815974823,1695815974787,1695815974823,1695815974906,1695815974940,1695815974909,1695815975693,1695815975791,1695815975900,1695815976678,1695815976678,1695815976678,0&first=&cdn=cf&dc=4&bo=3&lang=en-gb&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt=
Requested by: Host: securitys-booking.com
URL: https://securitys-booking.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:8dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aef5724e632ce65211eb410cb1c3f243de547543cc4c254be09802bc8bf55ee1

Request headers

Referer: https://securitys-booking.com/
X-Booking-CSRF
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 27 Sep 2023 11:59:37 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDMINfa%2F%2FifbymxArTNi3cxsIPj%2Bfzt2kVmmxi2nc3csYbHWQTMQ7Nlpra0co1VAYv03blUgia9kutKQK43wl6YYKy6TuK1VhYTFtUW1v3fv7lTVhKeDbPd5%2FpJdEhmpn2ObghwV99j9w%2B%2B97bJOLlINHY4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cf-ray: 80d394e48e18d62a-CDG
alt-svc: h3=":443"; ma=86400

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 1 KB
1 KB 67ms
66ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: a0a06684cfc30f2debf745637dbf49345a73bba1bbe55dfe5d31acf35ad8e9cf

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:38 GMT
content-encoding: gzip
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-6514192a-48b01b1e3bfc55d1165b8643
cache-control: no-cache, no-store, must-revalidate
access-control-max-age: 86400
x-amz-cf-id: PozGxIpYTQB6pEob7FCNHc5QbIgITrS6ZsoYXaONM8WMtqQdEy7hCg==
expires: 0

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 1 KB
1 KB 43ms
42ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: 53e8dace257cb51bcde64bfc3d3b945d21d16345c1c3b64d987779b29edc3035

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:38 GMT
content-encoding: gzip
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-6514192a-7d4390990abb450258c6fffd
cache-control: no-cache, no-store, must-revalidate
access-control-max-age: 86400
x-amz-cf-id: xEkTEKGiLjSHscsw9UjMjfwixygVoK1or-qOctdV-mR08QU6bZOw2A==
expires: 0

POST
H2 200 telemetry Show response
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/ 1 KB
2 KB 62ms
61ms Fetch
application/json 13.224.189.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by: Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-65.fra2.r.cloudfront.net
Software: /
Resource Hash: ccc17795be5fc103c905884600d6603f835416e2ebbdbd7fc817ab81353015ac

Request headers

Referer: https://securitys-booking.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Sep 2023 11:59:40 GMT
content-encoding: gzip
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
access-control-allow-methods: OPTIONS,GET,POST
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
x-amzn-waf-challenge-id: Root=1-6514192c-16e367914faf540d4ad60382
cache-control: no-cache, no-store, must-revalidate
access-control-max-age: 86400
x-amz-cf-id: RxQ-kIU__zn_EMNnzPT8yKHAXjYFcKRp_YYoyQ4r9I1B3IyKsNiAwA==
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.securitys-booking.com/	1969-12-31 23:59:59	Name: pxcts Value: 53988a8c-5d2d-11ee-9eec-d56acf40e64c
.securitys-booking.com/	1970-01-20 23:49:11	Name: _pxvid Value: 5398752f-5d2d-11ee-9eec-8f471c7f15e3
securitys-booking.com/	1970-01-20 15:03:36	Name: _pxff_cfp Value: 1
securitys-booking.com/	1970-01-20 15:03:36	Name: _pxff_ddtc Value: 1
.securitys-booking.com/	1970-01-21 00:39:35	Name: _ga Value: GA1.2.604658520.1695815975
.securitys-booking.com/	1970-01-20 15:05:02	Name: _gid Value: GA1.2.2117552584.1695815975
.securitys-booking.com/	1970-01-20 15:03:36	Name: _px3 Value: ac11c95048a165f531fe83126ebc080ebba89e639efe777275aab1f06fd1095e:dBjSlmym33QCZDH9gp5JxJ+S9v66tqjxyfxqKTSOki0vuGP8l9XKqZNrlUi1TXYAZI9Pk/O6zCbq7B6xdsRztw==:1000:GpJrMwCYUyFWqOMYgANhWE1CBttKGuEQnk62UGW8spXGVZwC1/GgSDktNKzPXYfttJxFpzCb57JcY7lfKIMFYyr+mQJ8Z+DI0nx2CM9SEfFhWt12NkNy2Me0+lX9YoKZ+aHr60tLrG8iBE9iQrlhyKkn/B2n+HEUURGGm3Eb4pYVeV8sk9ldDD7VNcocup59xoUvr/g4bwvsVqSlT+s6WhbsGFOgo+etgMz3TkiX/gY=
.securitys-booking.com/	1970-01-20 15:03:36	Name: _pxde Value: 5e6ce93aeae749ab06ca6669a4a79083711725220ede6b1dc7a171fdf786aaf5:eyJ0aW1lc3RhbXAiOjE2OTU4MTU5NzY3MDEsImZfa2IiOjAsImlwY19pZCI6WzVdfQ==
securitys-booking.com/	1969-12-31 23:59:59	Name: ecc Value: Ouy5Oahc7hGEwI7DWDAJWQu4
securitys-booking.com/	1969-12-31 23:59:59	Name: ece Value: Ouy5Oahc7hGEwI7DWDAJWQu4
.securitys-booking.com/	1970-01-20 15:09:21	Name: aws-waf-token Value: 27c7b070-1e82-4d77-ad9e-9f6cf74efb56:DAoArVFTl1wPAAAA:xyGBVVOg5AQ89lIoZGXas7FSy0lgWyiXxX+7GptU6NhaebNs9YY1QD/grxFu6pijphlEKTi3EcS4yeMSMAc/wiYvh5RJc1mM5HY8527VY+2np1DoBc9Gw3Yu9Jv7r10LBY75FzovLyyZz7MDFhwIn3TZYkR4MgAAcRx5/6pdV4mV0LjnOv9cJpXFhftaUFJsP18iCnMnhtbQvt224C1SK7vDcF8QMIiJbu7tcb63wXrI5ILDB1AqEqM5rFFoCG93Xy2/dSF257epLAL2DUcz8wYvCt0QoytCURZIKnNtYk82DPWEi98=

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://securitys-booking.com/view.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://securitys-booking.com/js_errors Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com/d8c14d4960ca/c2181391033f/verify Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://securitys-booking.com/navigation_times?sid=&pid=be528e7f6a960107&nts=0,0,1695815974681,0,0,0,0,1695815974762,1695815974764,1695815974765,1695815974765,1695815974823,1695815974787,1695815974823,1695815974906,1695815974940,1695815974909,1695815975693,1695815975791,1695815975900,1695815976678,1695815976678,1695815976678,0&first=&cdn=cf&dc=4&bo=3&lang=en-gb&ref_action=Signin_Index&aid=304142&stype=&route=&ua=&ch=&lt= Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.booking.com
cdn.cookielaw.org
cf.bstatic.com
collector-pxikkul2rm.px-cloud.net
d8c14d4960ca.568c49d2.eu-west-3.token.awswaf.com
d8c14d4960ca.edge.sdk.awswaf.com
geolocation.onetrust.com
ls.cdn-gw-dv.vip
q-xx.bstatic.com
q.bstatic.com
saa.booking.com
securitys-booking.com
snipp.ru
www.booking.com
www.bstatic.com
www.google-analytics.com
13.224.189.65
13.32.121.81
2001:4860:4802:38::178
2600:9000:223f:ce00:1c:d826:cd80:93a1
2600:9000:223f:e00:1c:d826:cd80:93a1
2606:4700:3037::6815:2708
2606:4700:3037::ac43:8dcf
2606:4700:4400::6812:2089
2606:4700::6812:83ec
35.190.10.96
45.130.41.42
47.246.46.207
5.57.16.90
52.222.236.82
99.86.4.111
99.86.4.72
0e3cd6436c3188852c7bc0a21b4c6789c22306fe5f5d64c1507d9f24590f7670
19f766dfe024f262671049573c8026f22846abc17c10d659645334ca2f5e2778
1a3aaea305f497e7188aa16f97fc856b4d40708370a65cdadda7070a5b0edfe9
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1f3b6d872420fb5262782438ec43056204e645915d132e05cdf886d40ae70b15
1f69d790f833625617e8303a8d9906c5f7c08363a34755bd93b8ca288b29b782
2d74100a825fc1a4af9272c442187ca4005d0dc1b7b8b61066e02059ada4ab13
34122cbd823768b7af1197deade03dc1b1b1fc34191094f640f22e9a55df7682
39f7093b64cc148b96e3a8e1a8d849fcd4fda75781388e413014128f3dfffcf0
3d62ad0f23c60258f120e52cf68b2e1adff5c1bf5bde5ac8f8d6e5f4c4c64f34
3ff6a8354e4f8f9ded61eb811d32e1419f77b6d1928b08d2df8bb35c53d0822f
4373abd944ad961a2d62a4acfd83ce92f38493f56d114c1bbcf08cb1f39c9993
53e8dace257cb51bcde64bfc3d3b945d21d16345c1c3b64d987779b29edc3035
560441c109fbd81261a1ab3a257835ee45717af63387316f5751fc387776deb3
6d3e2d70e3e3ffb919fd2ce8d89721d4f2931bb069489c075eab2eab978f2bc7
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7db5a0097029e577a3fd4b840766be5c3367ad6167578dfe2aa92eefac08ca64
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
950d7028921f91f48d3242b0eace0b1a0be2e3290714014a3025953c44facb32
996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a0a06684cfc30f2debf745637dbf49345a73bba1bbe55dfe5d31acf35ad8e9cf
aa355c393e03f831dbdbcc678ba16396aab95930b1bc5b0549695d40cc955ca1
aef5724e632ce65211eb410cb1c3f243de547543cc4c254be09802bc8bf55ee1
bb713ee067d2f4627d97f99727a0c605d8ee412196113fd0f912d602a9a8bd55
c900a864b1d5aadef7184740f11b3b5f4caa1ac6a407d7ea59a741a259e01fc4
ccc17795be5fc103c905884600d6603f835416e2ebbdbd7fc817ab81353015ac
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d5755cf23e696aae2492dc678b429aad65ba3f0fc6bf783b81b3bd459c0a2ea1
dc40e27fb7e4940d78a22d31e49117ef41cb241f0a4c8a8b20c6e072bf66a3c6
dda2b05de1686cc556ae307d414e0f94854ba22e20ebb9631ee61c454ac5cf71
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dec0a6e6e4129705e96025f775197ec3e343c61d1944df8a2a3767df4f68a562
df7dd6a307e865a6f2bb54cf8c90ff79f665d1b622ff1e106698305825550c58
e30c24327b1860582d06e2bef832cae8d1b2d2add3acfe9954107c88882ed430
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e445ca304ac9c150d63937b976f7efa91c7290cedff730a27b947467fe092130
ea2e4dccea448ace09c1c4981a735cb2dec6d8c8ea8a7e5072c0b1ae74f43ca4
ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594
efcd74132a2ca5b1ed4ccd29ea1104082d3e48d040684be31d91c336fc1c0bcc
f04ef9b90f98e8e0f419232fba965c8ad8f277bda087d2bc2aba1a53587db9ec
f6cf3b2e7de29f886185bc35d78511d7be137ef2d9193b8262c495acdb85a5a0
f75b16ced45abf30577dbbbc39de46c69526a9f82044a6001b1daa9517a41674
fe9f6bdce1dc251e30d0242fc1ca3eeca58d3c54f49c548a7a6a05f69e559df2

securitys-booking.com Open in urlscan Pro 2606:4700:3037::ac43:8dcf Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

98 %HTTPS

44 %IPv6

10 Domains

16 Subdomains

14 IPs

3 Countries

967 kBTransfer

3591 kBSize

11 Cookies

1 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

securitys-booking.com Open in urlscan Pro
2606:4700:3037::ac43:8dcf Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

98 %
HTTPS

44 %
IPv6

10
Domains

16
Subdomains

14
IPs

3
Countries

967 kB
Transfer

3591 kB
Size

11
Cookies

56 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!