account.booking.cn Open in urlscan Pro
203.107.55.174  Malicious Activity! Public Scan

Submitted URL: http://account.booking.cn/
Effective URL: https://account.booking.cn/
Submission: On April 15 via manual from IN — Scanned from DE

Summary

This website contacted 13 IPs in 2 countries across 8 domains to perform 46 HTTP transactions. The main IP is 203.107.55.174, located in China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is account.booking.cn.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on February 23rd 2024. Valid for: a year.
This is the only time account.booking.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Booking (Travel)

Domain & IP information

IP Address AS Autonomous System
3 203.107.55.174 37963 (ALIBABA-C...)
2 18.245.60.2 16509 (AMAZON-02)
18 2600:9000:225... 16509 (AMAZON-02)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 99.86.4.128 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
3 52.222.236.42 16509 (AMAZON-02)
1 18.245.60.7 16509 (AMAZON-02)
1 1 18.245.31.103 16509 (AMAZON-02)
4 18.66.122.49 16509 (AMAZON-02)
1 2600:9000:225... 16509 (AMAZON-02)
2 35.190.10.96 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
46 13
Apex Domain
Subdomains
Transfer
19 bstatic.com
cf.bstatic.com — Cisco Umbrella Rank: 15234
www.bstatic.com — Cisco Umbrella Rank: 101003
q-xx.bstatic.com — Cisco Umbrella Rank: 15833
r.bstatic.com — Cisco Umbrella Rank: 106230
xx.bstatic.com — Cisco Umbrella Rank: 22092
2 MB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 309
132 KB
7 booking.com
www.booking.com — Cisco Umbrella Rank: 9698
account.booking.com — Cisco Umbrella Rank: 15721
nellie.booking.com — Cisco Umbrella Rank: 18167
4 KB
5 awswaf.com
d8c14d4960ca.edge.sdk.awswaf.com — Cisco Umbrella Rank: 25589
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com — Cisco Umbrella Rank: 74014
1 MB
3 booking.cn
account.booking.cn
72 KB
2 px-cloud.net
collector-pxikkul2rm.px-cloud.net — Cisco Umbrella Rank: 56089
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 33
21 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 543
425 B
46 8
Domain Requested by
14 cf.bstatic.com account.booking.cn
7 cdn.cookielaw.org account.booking.cn
www.bstatic.com
cdn.cookielaw.org
4 d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com account.booking.cn
d8c14d4960ca.edge.sdk.awswaf.com
3 nellie.booking.com cf.bstatic.com
d8c14d4960ca.edge.sdk.awswaf.com
3 www.booking.com account.booking.cn
cf.bstatic.com
www.bstatic.com
3 account.booking.cn cf.bstatic.com
account.booking.cn
2 collector-pxikkul2rm.px-cloud.net r.bstatic.com
2 xx.bstatic.com
2 www.google-analytics.com account.booking.cn
www.google-analytics.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 r.bstatic.com account.booking.cn
1 d8c14d4960ca.edge.sdk.awswaf.com 1 redirects
1 q-xx.bstatic.com account.booking.cn
1 account.booking.com account.booking.cn
1 www.bstatic.com account.booking.cn
46 15

This site contains links to these domains. Also see Links.

Domain
secure.booking.cn
www.booking.cn
Subject Issuer Validity Valid
*.booking.cn
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-23 -
2025-02-13
a year crt.sh
*.booking.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-12 -
2024-05-18
a year crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-29 -
2024-11-28
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
*.d24e0790.eu-central-1.token.awswaf.com
Amazon RSA 2048 M01
2023-07-26 -
2024-08-23
a year crt.sh
*.px-cloud.net
Sectigo RSA Domain Validation Secure Server CA
2023-08-15 -
2024-09-13
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh

This page contains 2 frames:

Primary Page: https://account.booking.cn/
Frame ID: 6C9DF24332B7DFB430EAE43BFD424E79
Requests: 44 HTTP requests in this frame

Frame: https://www.booking.com/cookiebanner.html
Frame ID: CA6E344949A7DCFA644ED2282828F784
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Booking.com缤客

Page URL History Show full URLs

  1. http://account.booking.cn/ HTTP 307
    https://account.booking.cn/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns

Page Statistics

46
Requests

96 %
HTTPS

38 %
IPv6

8
Domains

15
Subdomains

13
IPs

2
Countries

2915 kB
Transfer

3988 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://account.booking.cn/ HTTP 307
    https://account.booking.cn/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js HTTP 307
  • https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js

46 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
account.booking.cn/
Redirect Chain
  • http://account.booking.cn/
  • https://account.booking.cn/
274 KB
68 KB
Document
General
Full URL
https://account.booking.cn/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.107.55.174 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e0dc60235dba1ab776de33a819d2019ae6b4048eaeb995c776e5b8b1cf24f106
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 15 Apr 2024 10:24:45 GMT
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 f4bb30589808079d1ffdfad78076130e.cloudfront.net (CloudFront)
X-Amz-Cf-Id
IbIG31_k6olo6BoP62eg85W4-5dOWhW-hwoi9vhGv_h93A012hA0zQ==
X-Amz-Cf-Pop
HKG62-C2
X-Cache
Miss from cloudfront
content-security-policy
frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
content-security-policy-report-only
base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-Zf2HT5K3b6FKZ2g' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
strict-transport-security
max-age=2592000; includeSubDomains
x-xss-protection
1; mode=block

Redirect headers

Location
https://account.booking.cn/
Non-Authoritative-Reason
HttpsUpgrades
_etnht
www.booking.com/
35 B
1 KB
Image
General
Full URL
https://www.booking.com/_etnht?cpr=https&ch=account.booking.cn&we=we&cpa=%2F
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-2.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 10:24:46 GMT
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 72500140cb63ff2dee8b57e4476902e6.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA60-P5
content-security-policy-report-only
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=c9954937a6e4039f&e=UmFuZG9tSVYkc2RlIyh9YVMFwLUCQ8zsS7x9ri8k8tfaDG0oo8RGBk537S0PzYu0L8Nc32VumwY
x-cache
Miss from cloudfront
content-type
image/gif
content-length
35
x-xss-protection
1; mode=block
x-amz-cf-id
TA19of3F8ufPw4ULhl9fc8ofDilQ5_RQMbm8cMnII7JtijXTJDX6wQ==
511_0fd724c6bf33b8532901.css
cf.bstatic.com/psb/accountsportal/assets/
242 KB
243 KB
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/511_0fd724c6bf33b8532901.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf3e3110f9f91aa848ae3c0dc257e0e81eef54cdc1ca32f3e0ccff0c0284cc68

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 05:51:02 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
28473
x-amz-server-side-encryption
AES256
etag
"bfda5b874c1662f2a4d67e65808e261d"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
content-length
248251
x-amz-cf-id
wYg83wgSKKtL23MLwHIRDQ1jDpNdlMBILwrdIARPYLW8sQ2d5fMNzw==
534_d69b727ee73ff93236e4.css
cf.bstatic.com/psb/accountsportal/assets/
22 KB
23 KB
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/534_d69b727ee73ff93236e4.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b72d6e12f49955f0e8e002a92fbf35b1b689c7c5c197af401321259ca33d002f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 08:08:53 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
26141
x-amz-server-side-encryption
AES256
etag
"fe8ce93f37bc389b56134dedc17933a2"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
content-length
22664
x-amz-cf-id
moprAiGi6vFUY_DnSNbtJH_lh0M69le9Hx7lAng12wQgwOfzqQW9iA==
57_39298f44d077a144fe18.css
cf.bstatic.com/psb/accountsportal/assets/
21 KB
21 KB
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/57_39298f44d077a144fe18.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33406802ea9dc3de297509fc38072776b0a1562dc0b995f7bc9598a47cd7796e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 02:51:50 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
46667
x-amz-server-side-encryption
AES256
etag
"c90e181f176857b9aa8e27f7bdea7fd0"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
content-length
21395
x-amz-cf-id
PvplHVRt2SXxG1mdQZccErLy6f29Eql_Sv3NjZsMYZYFow3LpAKbZQ==
OtAutoBlock.js
cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/
5 KB
3 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/OtAutoBlock.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d3e2d70e3e3ffb919fd2ce8d89721d4f2931bb069489c075eab2eab978f2bc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3654
content-md5
1edaYBaUuHR/0XZZX5572w==
content-length
1991
x-ms-lease-status
unlocked
last-modified
Wed, 06 Sep 2023 15:31:05 GMT
server
cloudflare
etag
0x8DBAEEE4907C4A7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
59a7727d-701e-0035-1503-745597000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a56dda34db8-FRA
expires
Tue, 16 Apr 2024 10:24:47 GMT
511_0fd724c6bf33b8532901.css
cf.bstatic.com/psb/accountsportal/assets/
242 KB
386 B
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/511_0fd724c6bf33b8532901.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf3e3110f9f91aa848ae3c0dc257e0e81eef54cdc1ca32f3e0ccff0c0284cc68

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 05:51:02 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
28474
x-amz-server-side-encryption
AES256
etag
"bfda5b874c1662f2a4d67e65808e261d"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
9buqV-sWve2kw_gtgx7kR8ow69Mt1pYi06QJaEgJ33m0jXuPOKgM-g==
content-length
248251
534_d69b727ee73ff93236e4.css
cf.bstatic.com/psb/accountsportal/assets/
22 KB
386 B
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/534_d69b727ee73ff93236e4.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b72d6e12f49955f0e8e002a92fbf35b1b689c7c5c197af401321259ca33d002f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 08:08:53 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
26142
x-amz-server-side-encryption
AES256
etag
"fe8ce93f37bc389b56134dedc17933a2"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
48SlZr2SLvUb2UM8idA4rBBfoI8tiKV4ZrUSG4Bpcd_DayMu55pdeA==
content-length
22664
57_39298f44d077a144fe18.css
cf.bstatic.com/psb/accountsportal/assets/
21 KB
387 B
Stylesheet
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/57_39298f44d077a144fe18.css
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33406802ea9dc3de297509fc38072776b0a1562dc0b995f7bc9598a47cd7796e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 02:51:50 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
46668
x-amz-server-side-encryption
AES256
etag
"c90e181f176857b9aa8e27f7bdea7fd0"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
2GWk5lZvkGFLqb_-HyphGwIb42EfFx7ufwwEXzsdiEAK7UQ9jvk0KQ==
content-length
21395
cookie-banner.min.js
www.bstatic.com/libs/privacy-consent/1.0.0/customer/
4 KB
2 KB
Script
General
Full URL
https://www.bstatic.com/libs/privacy-consent/1.0.0/customer/cookie-banner.min.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d84999d183797b4f966cb30922ea78d372a2572ae46e4eb91665c59f211a810c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 11 Apr 2024 06:56:06 GMT
content-encoding
br
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
358121
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 28 Mar 2024 00:50:47 GMT
server
nginx
etag
W/"6604bee7-f17"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
OBSBHofad8Bxh3Vx1sQ_Pi4yBevQBze4vzGAOoE7yyxcPF2BibeMRw==
expires
Sat, 11 May 2024 06:56:06 GMT
runtime~index_59ed85af9b7228cfa1ac.js
cf.bstatic.com/psb/accountsportal/assets/
5 KB
5 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/runtime~index_59ed85af9b7228cfa1ac.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0c272ac742d5b1864c1143219478e17fb721b23503ba0aa980dc287ee04e5a02

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 05:13:15 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
46667
x-amz-server-side-encryption
AES256
etag
"380bcfa05274358668c44aae511957ec"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
4702
x-amz-cf-id
CaV1PAyEi9nZZ8duPEanLn11JYUw6VG25x0Iy4xsVVJ7UTdF-grC3A==
842_e5547ceb6a6b2fb48380.js
cf.bstatic.com/psb/accountsportal/assets/
42 KB
42 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/842_e5547ceb6a6b2fb48380.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0f38146939d9901a8020d9678b310f9a5b0376ac36d49a2bafe8de0ef5b05d41

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 04:18:11 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
23409
x-amz-server-side-encryption
AES256
etag
"05541744ab74cd16abcc50c67722be5d"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
42648
x-amz-cf-id
NtTg9qnwpAEnzxZbZqnh1-3l5NBZ1eMV_pDNiLRF8rE2FjlA2aDFvA==
511_c821cb8b5c2a13b1c9ba.js
cf.bstatic.com/psb/accountsportal/assets/
346 KB
346 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/511_c821cb8b5c2a13b1c9ba.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
69a38bd6af3d28e80705b33027f8743a56f1c301d038ce8f78237f327ea076fe

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 03:58:30 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
28840
x-amz-server-side-encryption
AES256
etag
"72f35c6be15899e7113ef0d54f4c7b23"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
353950
x-amz-cf-id
ebOWrDHfzem7dE_hBjPAWoDUGs5VyPEYjqWRj77jxQdEJIQA7fTf_w==
534_35c0c4879f5895d43042.js
cf.bstatic.com/psb/accountsportal/assets/
197 KB
197 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/534_35c0c4879f5895d43042.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29327314676671126ff9c9b0998e7a2ac03b7d7eda4bd00f6345dae7dff3570b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 04:48:54 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
46516
x-amz-server-side-encryption
AES256
etag
"b8d396f87e942eacdbbc8706861e0f10"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
201531
x-amz-cf-id
UwTz3kbhCIaOYWbmjXTwdc4NXYioLC1txxn_LAg99iLLbYbJMkFx8A==
361_7ae1c6c4ea752f140eb1.js
cf.bstatic.com/psb/accountsportal/assets/
45 KB
45 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/361_7ae1c6c4ea752f140eb1.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2746928035bece5005e99e8510391dfbeee1669ab94d3efdf20969d8dd3eff7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 08:06:57 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
19843
x-amz-server-side-encryption
AES256
etag
"232fd123e18cfc51f4d9a85489e11bac"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
46070
x-amz-cf-id
49jizUSHSaFB6xgO5HhwaY6GWe7KW0uCLQl71Yb_N-rrIZQ5CJjbNw==
373_14c210e2fa24f5558473.js
cf.bstatic.com/psb/accountsportal/assets/
123 KB
123 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/373_14c210e2fa24f5558473.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
532d3981645dfb889edaabf526037d90cafc21f13da2b6c4bedfbf3d7e78b036

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 08:07:01 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
71133
x-amz-server-side-encryption
AES256
etag
"a0683f4cf39bc64273358de62fcc2dbe"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
125588
x-amz-cf-id
r2BrEzD5Q63fZx4wkgWxXLd-Jx9YkgvxiZryaqM7cqY8IgE-voG1XQ==
699_8be78a0b024a1477942d.js
cf.bstatic.com/psb/accountsportal/assets/
13 KB
14 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/699_8be78a0b024a1477942d.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
59c25d214a62606483c6db51694d2ccbbe45f9a18080bc3d50282ec4d6ce68be

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 06:40:31 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
23408
x-amz-server-side-encryption
AES256
etag
"0ca9efba829c2a515ed6c61b76ed1cf6"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
13478
x-amz-cf-id
T1-b7wmbFuWuu20D16d8gb2eGXI3f_w3dankhIPBOaRWojQkSGa2kQ==
index_82356ee3cd58c2e052eb.js
cf.bstatic.com/psb/accountsportal/assets/
443 KB
444 KB
Script
General
Full URL
https://cf.bstatic.com/psb/accountsportal/assets/index_82356ee3cd58c2e052eb.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ca4219d25c2f844695fdfa5beddf194424eacbe8a14b09deb4cd409efbcd8ae

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 06:24:56 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
last-modified
Fri, 12 Apr 2024 07:35:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
46516
x-amz-server-side-encryption
AES256
etag
"3e23337a00841f8e50075a7d4ddcf48f"
vary
Origin
x-cache
Hit from cloudfront
x-amz-meta-x-deployment-hash
be9bbde6c941ef795f879719f8b600ab497ce315f849def5d2496a3ad0a83f5b
content-type
application/javascript
accept-ranges
bytes
content-length
454108
x-amz-cf-id
KdcaEq0GpqhA63KxB79Sx0BVwBiTm7h8bErcv-XmgjldFu2MHaqIaA==
fvtrpw.gif
account.booking.com/_/
35 B
2 KB
Image
General
Full URL
https://account.booking.com/_/fvtrpw.gif
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-128.fra6.r.cloudfront.net
Software
envoy /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=f34d493742860004&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19ZxdlbSYGG_ieHI2XBu5X0-xeuApRAboCg
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
content-security-policy
frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=f34d493742860004&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19ZxdlbSYGG_ieHI2XBu5X0-xeuApRAboCg
via
1.1 f038e7175be9761825b2eefc2b0a832e.cloudfront.net (CloudFront)
strict-transport-security
max-age=2592000; includeSubDomains
server
envoy
x-amz-cf-pop
FRA6-C1
content-security-policy-report-only
base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=f34d493742860004&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgRvqAg3-UlCb1qLTaSWs19ZxdlbSYGG_ieHI2XBu5X0-xeuApRAboCg; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-ajVqF3G4vfAxYJX' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
x-cache
Miss from cloudfront
content-type
image/gif
content-disposition
attachment; filename=etnht.gif
x-amz-cf-id
MZvXRLLAPSM3sz3luZV6xkJ3F9uXhr6UM8GqPjNpZrTQFbaOgeZLNw==
x-xss-protection
1; mode=block
js-metric
account.booking.cn/
12 B
3 KB
Fetch
General
Full URL
https://account.booking.cn/js-metric
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/psb/accountsportal/assets/index_82356ee3cd58c2e052eb.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.107.55.174 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
df95d494b154bc7ea6d978af82b1f1f252652e0093b195ce79c3467de942602c
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=15b9493709ee0019&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTDT2V-m21UMlertjpTp0dBkoiU97ub-lntLbh6x__iwZQ692sYmt83js-kzFHRAzwC1cq_Ln8Cnf2iGXjNE-30
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://account.booking.cn/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 10:24:47 GMT
content-security-policy
frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=15b9493709ee0019&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTDT2V-m21UMlertjpTp0dBkoiU97ub-lntLbh6x__iwZQ692sYmt83js-kzFHRAzwC1cq_Ln8Cnf2iGXjNE-30
Via
1.1 246b44c4747953e35657a81aebd7c7fa.cloudfront.net (CloudFront)
strict-transport-security
max-age=2592000; includeSubDomains
Content-Encoding
gzip
X-Amz-Cf-Pop
HKG62-C2
content-security-policy-report-only
base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=15b9493709ee0019&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgTDT2V-m21UMlertjpTp0dBkoiU97ub-lntLbh6x__iwZQ692sYmt83js-kzFHRAzwC1cq_Ln8Cnf2iGXjNE-30; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-LSxDThyybhftwzD' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
Transfer-Encoding
chunked
Content-Type
application/json; charset=UTF-8
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
sknB8krdsJLPNLBuFfR2svRj7bJe4zQ17ClmuXIjPPHNyi5WCNaLTg==
x-xss-protection
1; mode=block
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 15 Apr 2024 09:48:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2199
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 15 Apr 2024 11:48:08 GMT
us.png
q-xx.bstatic.com/backend_static/common/flags/new/48-squared/
642 B
1 KB
Image
General
Full URL
https://q-xx.bstatic.com/backend_static/common/flags/new/48-squared/us.png
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 02:26:04 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
979123
x-cache
Hit from cloudfront
content-length
642
x-xss-protection
1; mode=block
last-modified
Mon, 07 Sep 2020 09:08:23 GMT
server
nginx
etag
"5f55f887-282"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
dJ4G3biWC85TUhXGlInL7UhOYr2pD2pNqYVerqkB9qycD_CAbBlGZw==
expires
Sat, 04 May 2024 02:26:04 GMT
csp-report-uri
nellie.booking.com/
2 B
318 B
Other
General
Full URL
https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/psb/accountsportal/assets/511_c821cb8b5c2a13b1c9ba.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-42.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
x-amz-cf-id
nE2sDm2v4_PIZt8xhNZQi2hqZDL6xh6P3OEL4ARLwKvwdqUz4ycp7Q==
x-xss-protection
1; mode=block
track
www.booking.com/c360/v1/ Frame
0
0
Preflight
General
Full URL
https://www.booking.com/c360/v1/track
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-2.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-booking-aid,x-booking-csrf,x-booking-et-seed,x-booking-label,x-booking-language-code,x-booking-pageview-id,x-booking-platform,x-booking-session-id,x-booking-sitetype-id
Access-Control-Request-Method
POST
Origin
https://account.booking.cn
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

content-security-policy-report-only
frame-ancestors 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=112&pid=d3a34937945600dc&e=UmFuZG9tSVYkc2RlIyh9YaKT1Ar0s2gSEmakdtrUqstmn3RyBPMeQo1zH8ExuDtb61D7CvBsP7w
date
Mon, 15 Apr 2024 10:24:47 GMT
server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 7dbea139a5c4f501bc4b0e9d19a50c9a.cloudfront.net (CloudFront)
x-amz-cf-id
1zMfr4wA3RZ5noajvSrbGZtpkDGTd6ap6iH4yooDVRZKPmee3OGrxA==
x-amz-cf-pop
FRA60-P5
x-cache
Error from cloudfront
x-xss-protection
1; mode=block
track
www.booking.com/c360/v1/
0
0

cookiebanner.html
www.booking.com/ Frame CA6E
0
0
Document
General
Full URL
https://www.booking.com/cookiebanner.html
Requested by
Host: www.bstatic.com
URL: https://www.bstatic.com/libs/privacy-consent/1.0.0/customer/cookie-banner.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.60.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-60-7.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://account.booking.cn/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
private
content-encoding
br
content-length
836
content-type
text/html; charset=UTF-8
date
Mon, 15 Apr 2024 10:24:47 GMT
nel
{"max_age":604800,"report_to":"default"}
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"group":"default","max_age":604800}
server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
vary
User-Agent, Accept-Encoding
via
1.1 c1e31c801257ebc563cbb890e887cb1e.cloudfront.net (CloudFront)
x-amz-cf-id
_0pnxx6-teVkKpPMtTlDoCQrRScKTRA6e61DPiBoxyJ66wbCnZ8T7A==
x-amz-cf-pop
FRA60-P5
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-recruiting
Like HTTP headers? Come write ours: https://careers.booking.com
x-xss-protection
1; mode=block
challenge.js
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/
Redirect Chain
  • https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
  • https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
1 MB
1 MB
Script
General
Full URL
https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Server
18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-49.fra60.r.cloudfront.net
Software
/
Resource Hash
06d8ce03d4f8447b2d1cb483dcc5f0cd5df4838665cd27b02f28de7b89d377f5

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://account.booking.cn/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 15 Apr 2024 10:24:47 GMT
via
1.1 1d087f24771eb6834b16162f1bb01660.cloudfront.net (CloudFront)
last-modified
Mon, 15 Apr 2024 10:24:47 +0000
x-amz-cf-pop
FRA60-P2
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-661d006f-5dec76ba2f0aa88f635bcada
content-type
text/javascript
cache-control
private, max-age=86400
content-length
1094979
x-amz-cf-id
AzmLAJjQCQlW_UuIa9nEvrOO5xcAuk-dae3-Gmgifdz9dLLD0D9RdA==
expires
0

Redirect headers

date
Mon, 15 Apr 2024 10:24:47 GMT
via
1.1 a96420fb093cd21d1dea3700ef4d43ca.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P8
access-control-max-age
86400
access-control-allow-methods
*
x-cache
FunctionGeneratedResponse from cloudfront
access-control-allow-origin
*
location
https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
cache-control
max-age=86400
access-control-allow-headers
*
content-length
0
x-amz-cf-id
70XNY3tXOHk6PiXpeLInij-o7jwViCdwv9KJJtNvpqIL0LzofAQpdg==
collect
www.google-analytics.com/j/
3 B
210 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1149295602&t=pageview&_s=1&dl=https%3Aaccount.booking.cn%2F&dp=%2F&dh=account.booking.cn&ul=de-de&de=UTF-8&dt=Booking.com%E7%BC%A4%E5%AE%A2&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgAIg~&cid=1587224971.1713176687&tid=UA-116109-18&_gid=1668616299.1713176687&_slc=1&z=23837310
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 15 Apr 2024 10:24:47 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://account.booking.cn
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
px.v7.5.3.min.js
r.bstatic.com/libs/asec/btmgmt/
269 KB
99 KB
Script
General
Full URL
https://r.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:ac00:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0e3cd6436c3188852c7bc0a21b4c6789c22306fe5f5d64c1507d9f24590f7670
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Origin
https://account.booking.cn
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 21 Mar 2024 10:04:00 GMT
content-encoding
br
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
2161247
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 13 Mar 2024 20:18:37 GMT
server
nginx
etag
W/"65f20a1d-4335e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
8YrW2EfGTYrperyQSj4jtFxP31fO67ipM0mVg8sSMq0sF2-w2a2Riw==
expires
Sat, 20 Apr 2024 10:04:00 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.bstatic.com
URL: https://www.bstatic.com/libs/privacy-consent/1.0.0/customer/cookie-banner.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Pg1MHDpg+UGdovxhidM4Kg==
age
67883
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6839
x-ms-lease-status
unlocked
last-modified
Thu, 11 Apr 2024 16:21:20 GMT
server
cloudflare
etag
0x8DC5A436C86EBE4
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
9ac2dbd1-e01e-0037-5af3-8ceb2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a58afbc4db8-FRA
csp-report-uri
nellie.booking.com/
2 B
317 B
Other
General
Full URL
https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
Requested by
Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-42.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
x-amz-cf-id
nJwb70hG-eGFnwNYTq5a45Q5m3GQwBmDrcDzpzPeiyQHZDB_RwClZg==
x-xss-protection
1; mode=block
verify
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/
324 B
742 B
Fetch
General
Full URL
https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/verify
Requested by
Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-49.fra60.r.cloudfront.net
Software
/
Resource Hash
b832c527bbda9261af12c2391160af432b3a0324d4b121cd247258ea20ca2bd3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 15 Apr 2024 10:24:47 GMT
via
1.1 615f944336054ae07b8e7c415ddbad44.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
access-control-max-age
86400
access-control-allow-methods
OPTIONS,GET,POST
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-661d006f-09ea9da825c67eca4cca0c89
cache-control
no-cache, no-store, must-revalidate
content-length
324
x-amz-cf-id
1uLjWXCwfmMqti8bsYq9M0Zr7Jx1uqCF0G89kXjDceRxKp2rNrOsUw==
expires
0
favicon.svg
xx.bstatic.com/static/img/
1 KB
1 KB
Other
General
Full URL
https://xx.bstatic.com/static/img/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c80b9838465a2c5aa19e06c25631cd22d81dd8c76563875ebfb4d35304dfba47
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 27 Mar 2024 04:52:53 GMT
content-encoding
br
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
1661514
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 21 Mar 2023 13:15:52 GMT
server
nginx
etag
W/"6419ae08-4ad"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
g2A9mlwBzEaJhCQ_SNuOQoNpYm0merKq3rbFFmm1sVJR0fjYFERIXQ==
expires
Fri, 26 Apr 2024 04:52:53 GMT
favicon.ico
xx.bstatic.com/static/img/
610 B
1 KB
Other
General
Full URL
https://xx.bstatic.com/static/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:6800:5:bf05:acc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Apr 2024 11:12:51 GMT
via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA60-P3
age
688316
x-cache
Hit from cloudfront
content-length
610
x-xss-protection
1; mode=block
last-modified
Tue, 21 Mar 2023 13:15:51 GMT
server
nginx
etag
"6419ae07-262"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
0SAGGxbW71WLSSos4IPnAGNcL_00gioCo2nG3MtrK533twBJd0I19w==
expires
Tue, 07 May 2024 11:12:51 GMT
22eb94ef-b1f8-4203-be2b-b456ff8e5df3.json
cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/
6 KB
3 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/22eb94ef-b1f8-4203-be2b-b456ff8e5df3.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64fd714597c9fb75e14780197c2d674939eb1f61252aefc29cb36b17abe1ad27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3651
content-md5
xJmB0JgaZTosf5ICFDtYuQ==
content-length
2038
x-ms-lease-status
unlocked
last-modified
Wed, 06 Sep 2023 15:31:05 GMT
server
cloudflare
etag
0x8DBAEEE492CAC5A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
563c1522-001e-0072-4158-793ecc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a58ebe22c00-FRA
expires
Tue, 16 Apr 2024 10:24:47 GMT
collector
collector-pxikkul2rm.px-cloud.net/api/v2/
538 B
784 B
XHR
General
Full URL
https://collector-pxikkul2rm.px-cloud.net/api/v2/collector
Requested by
Host: r.bstatic.com
URL: https://r.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
0b5a5fb76cddf3937186409c4cb95fc1cf9f857716fe30dfe797a2711da1533f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 15 Apr 2024 10:24:46 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://account.booking.cn
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
538
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
68 B
425 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept
application/json
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
874b3a59487f1ca9-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202308.1.0/
411 KB
99 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27ff6f8b30f633a9e1954d6cc94756127292aa99560255e414bbb75b37416594
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
2+I2Cj649lHjQKiedh8F2Q==
age
54192
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
101254
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:47 GMT
server
cloudflare
etag
0x8DBD50E45B16C1C
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
722cf87a-c01e-0042-458a-2f8003000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a59a8c54db8-FRA
en-us.json
cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/5960a206-455d-4495-8981-3d8a43c9b243/
54 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/22eb94ef-b1f8-4203-be2b-b456ff8e5df3/5960a206-455d-4495-8981-3d8a43c9b243/en-us.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5bd53075026f481d98053156145456094449c12c9049008fd78cd1f86887503
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
10125
content-md5
BDiaHoTNInPdD0dIcV4PFw==
content-length
13750
x-ms-lease-status
unlocked
last-modified
Wed, 06 Sep 2023 15:31:28 GMT
server
cloudflare
etag
0x8DBAEEE56D69145
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
aea3e6ef-501e-0050-3ac7-79fbd3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a59dc962c00-FRA
expires
Tue, 16 Apr 2024 10:24:47 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
C2c3Qd8FHm1wstxOFHDJ2w==
age
13710
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:37 GMT
server
cloudflare
etag
0x8DBD50E3F9DEF08
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
de4a06c8-701e-001a-383a-61585c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
874b3a5a1cc42c00-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202308.1.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202308.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202308.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 15 Apr 2024 10:24:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
3650
x-ms-lease-status
unlocked
last-modified
Wed, 25 Oct 2023 03:55:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
1f4c5090-601e-0006-75a0-0b0a3c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
874b3a5a1cc52c00-FRA
csp-report-uri
nellie.booking.com/
2 B
316 B
Other
General
Full URL
https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
Requested by
Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.236.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-236-42.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
FRA56-P4
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
x-amz-cf-id
Jj9a2pLgvk-DtURkOuWwpFas2ItqN5NSyJkXBVC0F3JdacSsu8XJ0Q==
x-xss-protection
1; mode=block
telemetry
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/
888 B
1 KB
Fetch
General
Full URL
https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by
Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-49.fra60.r.cloudfront.net
Software
/
Resource Hash
4b928f885ae9dbe8b399bee58dfecb3a1a7ca2a3c3f0653a6f0ab644e868e811

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 15 Apr 2024 10:24:47 GMT
via
1.1 615f944336054ae07b8e7c415ddbad44.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
access-control-max-age
86400
access-control-allow-methods
OPTIONS,GET,POST
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-661d006f-48e12fe61448df3d2009caab
cache-control
no-cache, no-store, must-revalidate
content-length
888
x-amz-cf-id
N8MvuuHiN24b61tWNbcekbTKWypmskjZeE45P-k1K159nQNgRrGJSw==
expires
0
collector
collector-pxikkul2rm.px-cloud.net/api/v2/
593 B
649 B
XHR
General
Full URL
https://collector-pxikkul2rm.px-cloud.net/api/v2/collector
Requested by
Host: r.bstatic.com
URL: https://r.bstatic.com/libs/asec/btmgmt/px.v7.5.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.10.96 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
96.10.190.35.bc.googleusercontent.com
Software
/
Resource Hash
399e67c92d90ecd50872f302adeda1a2f46485ac53ee97abd4fb18f8a6931900

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 15 Apr 2024 10:24:47 GMT
via
1.1 google
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://account.booking.cn
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
593
navigation_times
account.booking.cn/
0
2 KB
XHR
General
Full URL
https://account.booking.cn/navigation_times?sid=&pid=5d19493654bf0172&nts=0,0,1713176683877,0,0,0,0,1713176683878,1713176684217,1713176684217,1713176684217,1713176684702,1713176684432,1713176684702,1713176685699,1713176687136,1713176685759,1713176687277,1713176687277,1713176687278,1713176687462,1713176687462,1713176687463,0&first=&cdn=cf&dc=16&bo=3&lang=en-us&ref_action=Index&aid=304142&stype=&route=&ua=&ch=&lt=
Requested by
Host: account.booking.cn
URL: https://account.booking.cn/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
203.107.55.174 , China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=eb5a49388bfe0098&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfuR0e-iymiWdq6DtsFT8A4XgeNxALzd1XA2TsTszaYFh5FVYpVX-Uk
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
de-DE,de;q=0.9;q=0.9
X-Booking-CSRF
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://account.booking.cn/
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 10:24:48 GMT
content-security-policy
frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=eb5a49388bfe0098&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfuR0e-iymiWdq6DtsFT8A4XgeNxALzd1XA2TsTszaYFh5FVYpVX-Uk
Via
1.1 0072c09c1cbef528d795dbc2c3fe4560.cloudfront.net (CloudFront)
strict-transport-security
max-age=2592000; includeSubDomains
X-Amz-Cf-Pop
HKG62-C2
content-security-policy-report-only
base-uri 'none'; connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com https://www.google.com bstatic.com www.booking.com secure.booking.com paymentcomponent.booking.com 'self'; img-src 'self' data: www.booking.com graph.facebook.com cdn.cookielaw.org account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net *.px-cloud.net *.perimeterx.net www.gstatic.com; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=213&pid=eb5a49388bfe0098&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgfuR0e-iymiWdq6DtsFT8A4XgeNxALzd1XA2TsTszaYFh5FVYpVX-Uk; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google.com www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com 'self' 'nonce-yzMzWUG5GPrSCVH' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'unsafe-inline'
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Connection
keep-alive
Content-Length
0
x-xss-protection
1; mode=block
X-Amz-Cf-Id
azdd7U7RMHYP2hJC5QIA_sB3AveYwMEHf12benX8517hi13y-c69rw==
telemetry
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/
976 B
1 KB
Fetch
General
Full URL
https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry
Requested by
Host: d8c14d4960ca.edge.sdk.awswaf.com
URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-49.fra60.r.cloudfront.net
Software
/
Resource Hash
75a71cdaacaaff9d859483ba785a6b058d64fd1c1007cdfcab7eaaf32e23188f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://account.booking.cn/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 15 Apr 2024 10:24:48 GMT
via
1.1 615f944336054ae07b8e7c415ddbad44.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
access-control-max-age
86400
access-control-allow-methods
OPTIONS,GET,POST
content-type
application/json
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amzn-waf-challenge-id
Root=1-661d0070-6cbedb0f0525c6db21168510
cache-control
no-cache, no-store, must-revalidate
content-length
976
x-amz-cf-id
7WTdOwqz77TM5e72j2x01nFvSiusy-Jg_ZU-uVdaX5hweMkINzOiTw==
expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.booking.com
URL
https://www.booking.com/c360/v1/track

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Booking (Travel)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| E_ function| onBookingError object| booking object| booking_extra object| B object| $u object| webpackManifest string| webpackPublicPath object| webpackChunkbookings_web_accounts_portal_workspaces object| __core-js_shared__ object| core object| transportHooks function| OptanonWrapper object| PCM object| dataLayer function| handleSocialProviderResult undefined| params undefined| search_params string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| a2_0x7ffe function| a2_0x33bb object| AwsWafIntegration object| ChallengeScript string| _pxAppId string| _pxParam1 object| OneTrustStub object| PXikKuL2RM object| PX undefined| _ikKuL2RMhandler string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| Optanon object| OneTrust

17 Cookies

Domain/Path Name / Value
account.booking.cn/ Name: aliyungf_tc
Value: 4d645b52bd0deb5fc692a3ff96b50fc22c0cda340459740e870810c313d459d9
account.booking.cn/ Name: acw_tc
Value: ac11000117131766848222180e0c250fe65892cd97dd78a3d10291588400cd
.account.booking.cn/ Name: bkng_ap
Value: U2FsdGVkX1%2FztE4GrOzz5UFnuTjHmqmF%2F1u6D43vWZULBv6HK%2FvRpSJhJRSDeOuf4QT8ud%2F0ZXVb%0ACD2tgKv8Xg%3D%3D%0A
.booking.cn/ Name: bkng_sso_session
Value: e30
.booking.cn/ Name: bkng_sso_ses
Value: e30
.booking.cn/ Name: _ga
Value: GA1.2.1587224971.1713176687
.booking.cn/ Name: _gid
Value: GA1.2.1668616299.1713176687
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbof7CEiNviT8hqoqwQz32%2FAxEwqFDrJ%2FqmZ9AvpOa0wtuNwrR3dfCFmW4M8zio%2BAM8UlxA9hox7z21xiSMXB45MfqwLZBJ2bYjCXXRUF3v%2BXvOt0sUU7lu9qSvctjIJ6Z3bkUFzGnMXmMLFEnRM3DmNYlncMvHL4X
.booking.cn/ Name: pxcts
Value: 6281fb97-fb12-11ee-b025-765271b031f6
.booking.cn/ Name: _pxvid
Value: 6281f00c-fb12-11ee-b025-2375d049c9bf
account.booking.cn/ Name: _pxff_cfp
Value: 1
account.booking.cn/ Name: _pxff_ddtc
Value: 1
.account.booking.cn/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Apr+15+2024+12%3A24%3A47+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202308.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=95b3d747-a587-47bf-8c3f-6280fd7e1536&interactionCount=0&landingPath=https%3A%2F%2Faccount.booking.cn%2F&groups=C0001%3A1%2CC0002%3A0
.account.booking.cn/ Name: bkng_ap_sso_session
Value: eyJib29raW5nX2dsb2JhbCI6eyJkYXRhX3N1YmplY3RfaWQiOiIzMTYzOWM3MS04N2ViLTRjOGQtYWE4ZC00NDRkNTBjMjA1MjciLCJzZXNzaW9ucyI6W119fQ
.booking.cn/ Name: _px3
Value: f8b9dbad2f356a50d936d22db4d69cd61442c28a62cf949c7c71be36db89011a:e8ggwIwCQBA8yS2D9mLqfuwdQTO7Q+vdwm4GPoufXHXqgnv5OPiVDC59fxuDuqRUtqqrpXKMIkBVFaUwbyysIg==:1000:N21gUHPkqOUl2fDudd52Xc/96bI61GeXouKqhV9kRd6bdeFLuUKOALs0+UvIfOaasSXjqRU+xtuGls60l74aX10Tv9EtFS1Mu9mHSzKpAmMU8EVfHmUCtNNg22e7V3MyNTwzCUq0oLYyyq7TNkkrA5TNWx59z2f+B2TPwubjSMOVXKkdU2OYQ89SjaBXJdwgKWwj6spEd/iipE3YjIABCrCctXVw6l9nJED0GEBGTOE=
.booking.cn/ Name: _pxde
Value: 5ef0eac891457ce9ab18f6bd183becfa9b94938ba8a904c9dbb0c1ab10cd6d34:eyJ0aW1lc3RhbXAiOjE3MTMxNzY2ODgzODcsImZfa2IiOjAsImlwY19pZCI6W119
.account.booking.cn/ Name: aws-waf-token
Value: 79f7d038-4a4d-4e5a-8f46-7b25bf9c6b84:CQoAijhHo1JPAAAA:CJcRHJsfgQbk3tECAOuuzdvZoeSMAMHqlCdogFhjiI/DKWlM0y6gZ8Qgb1/FAMmIfQ7fQOmSnY2QVnwQ0zoM+BDaNkjTk/WM+mDFaR4plAd78iuc0uYIm7lFlE6BAd2Dp8Ea3Noa+vhSRLyJewwFNDkWEi+csdfhRUPhQTrJBTGrClnbdcUKCyprJ/pLMrK/wnt8I2zOYO3yEqHmz6WzY/8QHkOSLpeD9jYfJhZvxhRSp4LQ5jp68tcC3wQD0GfZvb+EljLllhlEpw/hU5/cNHd0UcHO+TcNYKHT

11 Console Messages

Source Level URL
Text
security error URL: https://cf.bstatic.com/psb/accountsportal/assets/511_c821cb8b5c2a13b1c9ba.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://www.booking.com/c360/v1/track' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://cf.bstatic.com/psb/accountsportal/assets/511_c821cb8b5c2a13b1c9ba.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://www.booking.com/c360/v1/track' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
javascript error URL: https://account.booking.cn/
Message:
Access to fetch at 'https://www.booking.com/c360/v1/track' from origin 'https://account.booking.cn' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://www.booking.com/c360/v1/track
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://account.booking.cn/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/verify' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/verify' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".
security error URL: https://d8c14d4960ca.edge.sdk.awswaf.com/d8c14d4960ca/c2181391033f/challenge.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com/d8c14d4960ca/c2181391033f/telemetry' because it violates the following Content Security Policy directive: "connect-src saa.booking.com secure.booking.com reports.booking.com privacyportal-eu.onetrust.com geolocation.onetrust.com cdn.cookielaw.org www.google-analytics.com *.perimeterx.net *.pxchk.net *.px-cdn.net *.px-client.net *.px-cloud.net 'self' 'report-sample'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri https://nellie.booking.com/csp-report-uri?type=block&tag=212&pid=5d19493654bf0172&e=UmFuZG9tSVYkc2RlIyh9YSWKtKO5TxgOpTwVTPfHZKNW3Hcrm1RLgSxyia5pklYbFK41uc0IK0Ujca39FFpP8ALQYbhclB33
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.booking.cn
account.booking.com
cdn.cookielaw.org
cf.bstatic.com
collector-pxikkul2rm.px-cloud.net
d8c14d4960ca.d24e0790.eu-central-1.token.awswaf.com
d8c14d4960ca.edge.sdk.awswaf.com
geolocation.onetrust.com
nellie.booking.com
q-xx.bstatic.com
r.bstatic.com
www.booking.com
www.bstatic.com
www.google-analytics.com
xx.bstatic.com
www.booking.com
18.245.31.103
18.245.60.2
18.245.60.7
18.66.122.49
2001:4860:4802:36::178
203.107.55.174
2600:9000:2251:6800:5:bf05:acc0:93a1
2600:9000:2251:ac00:5:bf05:acc0:93a1
2606:4700:4400::ac40:9b77
2606:4700::6813:b234
35.190.10.96
52.222.236.42
99.86.4.128
06d8ce03d4f8447b2d1cb483dcc5f0cd5df4838665cd27b02f28de7b89d377f5
0b5a5fb76cddf3937186409c4cb95fc1cf9f857716fe30dfe797a2711da1533f
0c272ac742d5b1864c1143219478e17fb721b23503ba0aa980dc287ee04e5a02
0e3cd6436c3188852c7bc0a21b4c6789c22306fe5f5d64c1507d9f24590f7670
0f38146939d9901a8020d9678b310f9a5b0376ac36d49a2bafe8de0ef5b05d41
1ca4219d25c2f844695fdfa5beddf194424eacbe8a14b09deb4cd409efbcd8ae
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
27ff6f8b30f633a9e1954d6cc94756127292aa99560255e414bbb75b37416594
29327314676671126ff9c9b0998e7a2ac03b7d7eda4bd00f6345dae7dff3570b
33406802ea9dc3de297509fc38072776b0a1562dc0b995f7bc9598a47cd7796e
399e67c92d90ecd50872f302adeda1a2f46485ac53ee97abd4fb18f8a6931900
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b928f885ae9dbe8b399bee58dfecb3a1a7ca2a3c3f0653a6f0ab644e868e811
532d3981645dfb889edaabf526037d90cafc21f13da2b6c4bedfbf3d7e78b036
59c25d214a62606483c6db51694d2ccbbe45f9a18080bc3d50282ec4d6ce68be
64fd714597c9fb75e14780197c2d674939eb1f61252aefc29cb36b17abe1ad27
69a38bd6af3d28e80705b33027f8743a56f1c301d038ce8f78237f327ea076fe
6d3e2d70e3e3ffb919fd2ce8d89721d4f2931bb069489c075eab2eab978f2bc7
75a71cdaacaaff9d859483ba785a6b058d64fd1c1007cdfcab7eaaf32e23188f
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
99af6690771b7b62a1325d0c0b38a9a0300c18921e4877dcf38a239b9c977502
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
b72d6e12f49955f0e8e002a92fbf35b1b689c7c5c197af401321259ca33d002f
b832c527bbda9261af12c2391160af432b3a0324d4b121cd247258ea20ca2bd3
c2746928035bece5005e99e8510391dfbeee1669ab94d3efdf20969d8dd3eff7
c80b9838465a2c5aa19e06c25631cd22d81dd8c76563875ebfb4d35304dfba47
cf3e3110f9f91aa848ae3c0dc257e0e81eef54cdc1ca32f3e0ccff0c0284cc68
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d84999d183797b4f966cb30922ea78d372a2572ae46e4eb91665c59f211a810c
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df95d494b154bc7ea6d978af82b1f1f252652e0093b195ce79c3467de942602c
e0dc60235dba1ab776de33a819d2019ae6b4048eaeb995c776e5b8b1cf24f106
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9433f83f20500145850d5aabddced402dcfc94e310072e9a3f545df0bdb9f96
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
f5bd53075026f481d98053156145456094449c12c9049008fd78cd1f86887503