urlscan.io logo urlscan.io
SecurityTrails logo

booking.travelbeginsat40.com Open in urlscan Pro
2606:4700:3033::681b:a986  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.bookings.travelbeginsat40.com/
Effective URL: https://booking.travelbeginsat40.com/?currency=USD
Submission: On April 06 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 9 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3033::681b:a986, located in United States and belongs to CLOUDFLARENET, US. The main domain is booking.travelbeginsat40.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 3rd 2020. Valid for: 8 months.
This is the only time booking.travelbeginsat40.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 178.128.18.33 14061 (DIGITALOC...)
7 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 23.108.212.76 7979 (SERVERS)
17 8
1    178.128.18.33 (Singapore)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: sg02.hostasean.com
www.bookings.travelbeginsat40.com
7    2606:4700:3033::681b:a986 (United States)

ASN13335 (CLOUDFLARENET, US)
booking.travelbeginsat40.com
www.travelbeginsat40.com
2    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
cdnjs.cloudflare.com
1    2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
4    23.108.212.76 (Netherlands)

ASN7979 (SERVERS, US)
mamka.aviasales.ru
Domain Requested by
5 booking.travelbeginsat40.com booking.travelbeginsat40.com
cdnjs.cloudflare.com
4 mamka.aviasales.ru booking.travelbeginsat40.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 www.travelbeginsat40.com booking.travelbeginsat40.com
1 cdnjs.cloudflare.com booking.travelbeginsat40.com
1 www.google.de booking.travelbeginsat40.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googletagmanager.com booking.travelbeginsat40.com
1 static.cloudflareinsights.com booking.travelbeginsat40.com
1 ajax.cloudflare.com booking.travelbeginsat40.com
1 www.bookings.travelbeginsat40.com 1 redirects
17 12

This site contains links to these domains. Also see Links.

Domain
www.travelbeginsat40.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-03 -
2020-10-09		 8 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
ssl713275.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2020-02-18 -
2020-08-26		 6 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-24 -
2020-06-16		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
*.aviasales.ru
Sectigo RSA Domain Validation Secure Server CA		 2019-08-16 -
2021-08-15		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://booking.travelbeginsat40.com/?currency=USD
Frame ID: 38C35B3F53A21207AC1C624B1DD0419D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.bookings.travelbeginsat40.com/ HTTP 302
    https://booking.travelbeginsat40.com/?currency=USD Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

17
Requests

100 %
HTTPS

80 %
IPv6

9
Domains

12
Subdomains

8
IPs

5
Countries

725 kB
Transfer

3039 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.bookings.travelbeginsat40.com/ HTTP 302
    https://booking.travelbeginsat40.com/?currency=USD Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1059794240&t=pageview&_s=1&dl=https%3A%2F%2Fbooking.travelbeginsat40.com%2F%3Fcurrency%3DUSD&ul=en-us&de=UTF-8&dt=Search%20Flights%20and%20Hotels%20%7C%20Travel%20Begins%20at%2040&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&jid=928948686&gjid=1391207861&cid=2122360234.1586211458&tid=UA-70090146-9&_gid=1636312551.1586211458&_r=1&gtm=2wg3p1M47KB56&z=629594492 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_gid=1636312551.1586211458&gjid=1391207861&_v=j81&z=629594492 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492&slf_rd=1&random=551455045

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
booking.travelbeginsat40.com/
Redirect Chain
  • https://www.bookings.travelbeginsat40.com/
  • https://booking.travelbeginsat40.com/?currency=USD
25 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
213b95a2350b1caf6ef3a32e12ee4ace69253ab57b8d8af0ecf7ec079fbdee65

Request headers

:method
GET
:authority
booking.travelbeginsat40.com
:scheme
https
:path
/?currency=USD
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Mon, 06 Apr 2020 22:17:37 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=df47bf1f37c44b9cb5963e6f4faf883d11586211457; expires=Wed, 06-May-20 22:17:37 GMT; path=/; domain=.travelbeginsat40.com; HttpOnly; SameSite=Lax auid_tp=CtYRWl6LqoFNdgckEjplAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/ auid_ab=fwAAAV6LqoFNsgcnLcTVAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/ wl_auid=CtYRWl6LqoFNmgcmJGTvAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
vary
Accept-Encoding
last-modified
Fri, 27 Mar 2020 15:54:18 GMT
x-request-id
53990dccf308d6a139829ea62bcffa58
expires
Mon, 06 Apr 2020 22:17:36 GMT
cache-control
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57fee14b08badfd3-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

Redirect headers

Date
Mon, 06 Apr 2020 22:17:37 GMT
Server
Apache
Vary
Accept-Encoding,User-Agent
Location
https://booking.travelbeginsat40.com/?currency=USD
Cache-Control
max-age=21600
Expires
Tue, 07 Apr 2020 04:17:37 GMT
Strict-Transport-Security
max-age=7776000
Referrer-Policy
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
main.en.js
booking.travelbeginsat40.com/ 		767 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.travelbeginsat40.com/main.en.js?r=0.5533915026330618
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88da6d85a684709e5adb2f1ad3d2e364ca1e86713d5e315bfc9ef1ced7044aa4

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:37 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 27 Mar 2020 11:38:58 GMT
server
cloudflare
etag
W/"5e7de5d2-2b9d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=28800
cf-ray
57fee14bda2ddfd3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
main.css
booking.travelbeginsat40.com/ 		2 MB
425 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.travelbeginsat40.com/main.css?r=0.9608762439947731
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b74f26651e23bd86e30794adcfae8ffa17a7d1d12ad967bcaac56f4e91af59cf

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 27 Mar 2020 11:39:05 GMT
server
cloudflare
etag
W/"5e7de5d9-6ea3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=28800
cf-ray
57fee14bda30dfd3-FRA
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
whitelabel_en.js
booking.travelbeginsat40.com/widgets/ 		323 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.travelbeginsat40.com/widgets/whitelabel_en.js
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68e33803fdead59266f49c981a8d9e0d2e2cc6417c9bed929101e5176d745cf0

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
content-encoding
br
cf-cache-status
MISS
x-real-ip
141.101.104.130
x-forwarded-for
2a01:4f8:192:5414::2, 141.101.104.130, 10.214.17.90, 141.101.104.130
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 13 Feb 2020 13:09:09 GMT
server
cloudflare
host
www.travelpayouts.com
etag
W/"5e454a75-50d25"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=28800
cf-ray
57fee14bda32dfd3-FRA
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:37 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 02 Apr 2020 11:45:47 GMT
server
cloudflare
etag
W/"5e85d06b-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
57fee14bd94263fb-FRA
expires
Wed, 08 Apr 2020 22:17:37 GMT
TBA40-Logo-White-500px.png
www.travelbeginsat40.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.travelbeginsat40.com/TBA40-Logo-White-500px.png
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9379bdcd261f5dcab9a61ed2167ccb4f77d3d27ad3e3b5d6f5a6dd7c48ab054d
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
cf-cache-status
MISS
status
200
strict-transport-security
max-age=7776000
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
7377
pragma
public
referrer-policy
last-modified
Sat, 23 Mar 2019 15:47:47 GMT
server
cloudflare
etag
"1cd1-584c4e4a23aa4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
content-type
image/png
cache-control
public, max-age=7776000
accept-ranges
bytes
cf-ray
57fee14c1a95dfd3-FRA
expires
Sun, 05 Jul 2020 22:17:38 GMT
TBA40-Logo-500px.png
www.travelbeginsat40.com/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.travelbeginsat40.com/TBA40-Logo-500px.png
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07217e458d263b5472da976a105962dbd2de59963c0833bfd3142ebb381e4211
Security Headers
Name Value
Strict-Transport-Security max-age=7776000

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
cf-cache-status
MISS
status
200
strict-transport-security
max-age=7776000
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
8470
pragma
public
referrer-policy
last-modified
Sat, 23 Mar 2019 15:53:37 GMT
server
cloudflare
etag
"2116-584c4f97dc3e4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
X-Forwarded-Proto,Accept-Encoding
content-type
image/png
cache-control
public, max-age=7776000
accept-ranges
bytes
cf-ray
57fee14c1a93dfd3-FRA
expires
Sun, 05 Jul 2020 22:17:38 GMT
beacon.min.js
static.cloudflareinsights.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
09b2e724df0f0cf1e698fb41c181badca91e1dce58f4904203b8779d2397440e

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:37 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
status
200
cf-ray
57fee14c1a35dffb-FRA
gtm.js
www.googletagmanager.com/ 		62 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M47KB56
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
98e4b179a36408376dade5dd127ff15e4511152e8aa01626c3eaa6b1b3153e0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:37 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
22621
x-xss-protection
0
last-modified
Mon, 06 Apr 2020 21:25:25 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 Apr 2020 22:17:37 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dbbc2905b71a77be23c6d759a7a1f09f92529841308f594eb7c4593be6f514a1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M47KB56
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5942
date
Mon, 06 Apr 2020 20:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Mon, 06 Apr 2020 22:38:35 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1059794240&t=pageview&_s=1&dl=https%3A%2F%2Fbooking.travelbeginsat40.com%2F%3Fcurrency%3DUSD&ul=en-us&de=UTF-8&dt=Search%20Flights%20and%20Ho...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_gid=1636312551.1586211458&gjid=1391207861&_v=j81&z=629594492
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492&slf_rd=1&random=551455045
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492&slf_rd=1&random=551455045
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 Apr 2020 22:17:38 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 06 Apr 2020 22:17:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70090146-9&cid=2122360234.1586211458&jid=928948686&_v=j81&z=629594492&slf_rd=1&random=551455045
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rollbar.min.js
cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.3.9/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.3.9/rollbar.min.js
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/main.en.js?r=0.5533915026330618
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ee21873f0f644e948c8ccc8cbb2647d2691a94b1a36b3ed9980672b103d71d4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
Origin
https://booking.travelbeginsat40.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
content-encoding
br
cf-cache-status
HIT
age
5147979
cf-ray
57fee14c9d57c2e5-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:30 GMT
server
cloudflare
etag
W/"5afd4a8a-e9f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 27 Mar 2021 22:17:38 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.003
set
mamka.aviasales.ru/third_party_cookies/ 		95 B
817 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mamka.aviasales.ru/third_party_cookies/set?mamka_version=0.0.13&mamka_utc_datetime=2020-04-06T22%3A17%3A38.018Z
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.108.212.76 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
Microsoft-IIS/7.5 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
server
Microsoft-IIS/7.5
access-control-allow-origin
https://booking.travelbeginsat40.com
etag
"0ec63b140374ba704a58fa0c743cb357683313dd"
access-control-max-age
1728000
access-control-allow-methods
GET,POST,OPTIONS
p3p
policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", CP="CAO PSA OUR"
status
200
cache-control
public, max-age=1
access-control-allow-credentials
true
content-type
image/png
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length
95
check
mamka.aviasales.ru/third_party_cookies/ 		28 B
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mamka.aviasales.ru/third_party_cookies/check?mamka_version=0.0.13&mamka_utc_datetime=2020-04-06T22%3A17%3A38.202Z&callback=mamka_get_param_magjG0
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/main.en.js?r=0.5533915026330618
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.108.212.76 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
Microsoft-IIS/7.5 /
Resource Hash
88f7d5a1f0260c73a015ead738415193559c5016ab805893066217f8b28c39bf

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
server
Microsoft-IIS/7.5
access-control-allow-origin
https://booking.travelbeginsat40.com
etag
"2483112bbd9c5240badc53282fd331bf37e53ac7"
access-control-max-age
1728000
access-control-allow-methods
GET,POST,OPTIONS
p3p
policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", CP="CAO PSA OUR"
status
200
access-control-allow-credentials
true
content-type
text/javascript
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length
28
event
mamka.aviasales.ru/ 		95 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mamka.aviasales.ru/event?mamka_version=0.0.13&mamka_utc_datetime=2020-04-06T22%3A17%3A38.239Z&goal=mamka_page_view&project_name=wl_search&page_view_id=dh694xWOVI5vAFzgkaTjn6YCsZRJdaBr&url=https%3A%2F%2Fbooking.travelbeginsat40.com%2F%3Fcurrency%3DUSD&referer=&data=%7B%22viewport_size%22%3A%7B%22width%22%3A1600%2C%22height%22%3A1200%7D%7D
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.108.212.76 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
Microsoft-IIS/7.5 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
server
Microsoft-IIS/7.5
access-control-allow-origin
https://booking.travelbeginsat40.com
etag
"0ec63b140374ba704a58fa0c743cb357683313dd"
access-control-max-age
1728000
access-control-allow-methods
GET,POST,OPTIONS
p3p
policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", CP="CAO PSA OUR"
status
200
cache-control
public, max-age=1
access-control-allow-credentials
true
content-type
image/png
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length
95
event
mamka.aviasales.ru/ 		95 B
977 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mamka.aviasales.ru/event?mamka_version=0.0.13&mamka_utc_datetime=2020-04-06T22%3A17%3A38.278Z&goal=TP_WL_FRONTPAGE_LOAD&project_name=wl_search&url=https%3A%2F%2Fbooking.travelbeginsat40.com%2F%3Fcurrency%3DUSD&referer=&data=%7B%22device%22%3A%22desktop%22%2C%22version%22%3A1%2C%22ab_group%22%3A%22default%22%2C%22ab_branch%22%3Anull%2C%22engine_type%22%3A%22combined%22%2C%22auid%22%3A%22CtYRWl6LqoFNmgcmJGTvAg%3D%3D%22%2C%22mamka_user_events_count%22%3A0%7D&page_view_id=dh694xWOVI5vAFzgkaTjn6YCsZRJdaBr
Requested by
Host: booking.travelbeginsat40.com
URL: https://booking.travelbeginsat40.com/?currency=USD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.108.212.76 , Netherlands, ASN7979 (SERVERS, US),
Reverse DNS
Software
Microsoft-IIS/7.5 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 06 Apr 2020 22:17:38 GMT
server
Microsoft-IIS/7.5
access-control-allow-origin
https://booking.travelbeginsat40.com
etag
"0ec63b140374ba704a58fa0c743cb357683313dd"
access-control-max-age
1728000
access-control-allow-methods
GET,POST,OPTIONS
p3p
policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", CP="CAO PSA OUR"
status
200
cache-control
public, max-age=1
access-control-allow-credentials
true
content-type
image/png
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since
content-length
95
performance
booking.travelbeginsat40.com/cdn-cgi/beacon/ 		0
53 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.travelbeginsat40.com/cdn-cgi/beacon/performance?req_id=57fee14b08badfd3
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.3.9/rollbar.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a986 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://booking.travelbeginsat40.com/?currency=USD
Origin
https://booking.travelbeginsat40.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type
application/json

Response headers

status
204
date
Mon, 06 Apr 2020 22:17:38 GMT
server
cloudflare
cf-ray
57fee14e7eecdfd3-FRA
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| TPWLCONFIG object| GEOIP object| dataLayer object| __cfQR object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| mamka_queue boolean| mamka_tpc object| _rollbarShims object| _rollbarWrappedError object| Rollbar function| rollbar function| setImmediate function| clearImmediate function| cssx string| TP_WL_LOCALE function| ResizeSensor object| TP_DISPATCHER boolean| SHOW_GOOGLE_ADSENSE boolean| HANDLE_ALL_MARKERS function| f number| _rollbarStartTime boolean| _rollbarDidLoad boolean| _rollbarInitialized boolean| MewtwoIsLoaded function| mamka_get_param_magjG0 function| loadCSS boolean| __cfRLUnblockHandlers

9 Cookies

Domain/Path Name / Value
.travelbeginsat40.com/ Name: mtdc_fZGRi
Value: true
.travelbeginsat40.com/ Name: _gid
Value: GA1.2.1636312551.1586211458
.travelbeginsat40.com/ Name: _gat_UA-70090146-9
Value: 1
.travelbeginsat40.com/ Name: _ga
Value: GA1.2.2122360234.1586211458
booking.travelbeginsat40.com/ Name: auid_ab
Value: fwAAAV6LqoFNsgcnLcTVAg==
booking.travelbeginsat40.com/ Name: auid_tp
Value: CtYRWl6LqoFNdgckEjplAg==
booking.travelbeginsat40.com/ Name: locale
Value: en
booking.travelbeginsat40.com/ Name: wl_auid
Value: CtYRWl6LqoFNmgcmJGTvAg==
.travelbeginsat40.com/ Name: __cfduid
Value: df47bf1f37c44b9cb5963e6f4faf883d11586211457

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
booking.travelbeginsat40.com
cdnjs.cloudflare.com
mamka.aviasales.ru
static.cloudflareinsights.com
stats.g.doubleclick.net
www.bookings.travelbeginsat40.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.travelbeginsat40.com
178.128.18.33
23.108.212.76
2606:4700:3033::681b:a986
2606:4700::6810:5e41
2606:4700::6810:84e5
2a00:1450:4001:800::2008
2a00:1450:4001:817::200e
2a00:1450:4001:81e::2004
2a00:1450:4001:825::2003
2a00:1450:400c:c00::9b
07217e458d263b5472da976a105962dbd2de59963c0833bfd3142ebb381e4211
09b2e724df0f0cf1e698fb41c181badca91e1dce58f4904203b8779d2397440e
0ee21873f0f644e948c8ccc8cbb2647d2691a94b1a36b3ed9980672b103d71d4
213b95a2350b1caf6ef3a32e12ee4ace69253ab57b8d8af0ecf7ec079fbdee65
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
68e33803fdead59266f49c981a8d9e0d2e2cc6417c9bed929101e5176d745cf0
88da6d85a684709e5adb2f1ad3d2e364ca1e86713d5e315bfc9ef1ced7044aa4
88f7d5a1f0260c73a015ead738415193559c5016ab805893066217f8b28c39bf
9379bdcd261f5dcab9a61ed2167ccb4f77d3d27ad3e3b5d6f5a6dd7c48ab054d
98e4b179a36408376dade5dd127ff15e4511152e8aa01626c3eaa6b1b3153e0b
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b74f26651e23bd86e30794adcfae8ffa17a7d1d12ad967bcaac56f4e91af59cf
dbbc2905b71a77be23c6d759a7a1f09f92529841308f594eb7c4593be6f514a1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629