urlscan.io logo urlscan.io
SecurityTrails logo

byavia.net Open in urlscan Pro
54.36.109.71  Public Scan

Go To Rescan Add Verdict Report
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Submission: On December 17 via manual from PL — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 29 HTTP transactions. The main IP is 54.36.109.71, located in France and belongs to OVH, FR. The main domain is byavia.net.
This is the only time byavia.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 54.36.109.71 16276 (OVH)
1 5.57.16.90 43996 (BOOKING-B...)
1 3 37.10.0.220 43996 (BOOKING-B...)
13 2600:9000:215... 16509 (AMAZON-02)
29 4
Apex Domain
Subdomains		 Transfer
14 bstatic.com
aff.bstatic.com
cf.bstatic.com
99 KB
13 byavia.net
byavia.net
61 KB
3 booking.com
www.booking.com
39 KB
29 3
Domain Requested by
13 cf.bstatic.com www.booking.com
cf.bstatic.com
13 byavia.net byavia.net
3 www.booking.com 1 redirects aff.bstatic.com
cf.bstatic.com
1 aff.bstatic.com byavia.net
29 4

This site contains links to these domains. Also see Links.

Domain
www.byavia.net
socolive.org
Subject Issuer Validity Valid
*.booking.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-28 -
2022-09-28		 a year crt.sh
*.bstatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-20		 a year crt.sh

This page contains 2 frames:

Primary Page: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Frame ID: 7119AEA3292874EBAF1E6CBA5AB9B408
Requests: 14 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Frame ID: C8EC6C27CF593E24E83F55A6FA9820C8
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

C.A.S HACKED :: Просмотр профиля

Detected technologies

Overall confidence: 100%
Detected patterns
  • <table class="[^"]*forumline
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

29
Requests

52 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

199 kB
Transfer

394 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • http://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854& HTTP 301
  • https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request profile.php
byavia.net/forum/ 		16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx / PHP/5.3.29
Resource Hash
a3f747d376ea2cc66ef392e34131549bbc905da1883e1505703437bd6dc3b2e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9

Response headers

Server
nginx
Date
Fri, 17 Dec 2021 06:35:14 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/5.3.29
Cache-Control
private, pre-check=0, post-check=0, max-age=0
Expires
0
Pragma
no-cache
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache-Status
EXPIRED
X-Server-Powered-By
Engintron
Content-Encoding
gzip
ProWhite.css
byavia.net/forum/templates/ProWhite/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://byavia.net/forum/templates/ProWhite/ProWhite.css
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
3e2256f7d232e1b23d01ae115dc0d7bf5263af2399435935b6194f6a2ddfc2b3

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Content-Encoding
gzip
Last-Modified
Sat, 22 Oct 2011 12:17:00 GMT
Server
nginx
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Sun, 16 Jan 2022 06:35:14 GMT
hdr_left.jpg
byavia.net/image/ 		1018 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/hdr_left.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
ba8e5dc1e79e1e61dab9dc7baf632a033064392c07479957a39e76c06ac222ed

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:36:39 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1018
Expires
Tue, 15 Feb 2022 06:35:14 GMT
LOGO.jpg
byavia.net/image/ 		33 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/LOGO.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
22f3a547554c0188c44a9aa22b831f1b03ef51a439fd10d8a22b76cbd60a785f

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:36:43 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
34082
Expires
Tue, 15 Feb 2022 06:35:14 GMT
hdr_right.jpg
byavia.net/image/ 		1015 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/hdr_right.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
b38abcb94bd44621572664c2c854565d7aaa72b05b754d6363fe4089f21d079d

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:36:39 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1015
Expires
Tue, 15 Feb 2022 06:35:14 GMT
menu1.gif
byavia.net/forum/templates/ProWhite/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/forum/templates/ProWhite/images/menu1.gif
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
fa3c58c6892af465160cf12425d2c555c2f41e828d4f1447f08eb50abda50a30

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 12:17:48 GMT
Server
nginx
Content-Type
image/gif
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1040
Expires
Tue, 15 Feb 2022 06:35:14 GMT
91973276861ba1a07a8f68.jpg
byavia.net/forum/images/avatars// 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/forum/images/avatars//91973276861ba1a07a8f68.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
aa153de31dd0652f904b284ace7dccc3166a63060ef803251c8b4d1442e5c019

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Wed, 15 Dec 2021 16:38:31 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7209
Expires
Tue, 15 Feb 2022 06:35:14 GMT
icon_pm.gif
byavia.net/forum/templates/ProWhite/images/lang_english/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/forum/templates/ProWhite/images/lang_english/icon_pm.gif
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
737cc1ba458946d0037fb910f6e31bc281dd4ec516dfaf21a263cb0f6f257d42

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 12:18:01 GMT
Server
nginx
Content-Type
image/gif
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1556
Expires
Tue, 15 Feb 2022 06:35:14 GMT
bg.gif
byavia.net/image/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/bg.gif
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
57a86b7eca3bebba65045401f76790cdf4500347ea96fbf2902d5b7fade3a358

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:36:34 GMT
Server
nginx
Content-Type
image/gif
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3505
Expires
Tue, 15 Feb 2022 06:35:14 GMT
hdr_bg.jpg
byavia.net/image/ 		650 B
948 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/hdr_bg.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
4a970e866b1924e34092e9988a4208c53a4e6c98a23d455ece4e36bc63e54005

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:36:39 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
650
Expires
Tue, 15 Feb 2022 06:35:14 GMT
top_center.jpg
byavia.net/image/ 		638 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/image/top_center.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/templates/ProWhite/ProWhite.css
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
a4af0f98317154894aef0cc92e6077ffd98a7e634d5dc3fd2e9ba00e8baf7dde

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/templates/ProWhite/ProWhite.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 22:37:00 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
638
Expires
Tue, 15 Feb 2022 06:35:14 GMT
cellpic3.jpg
byavia.net/forum/templates/ProWhite/images/ 		638 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/forum/templates/ProWhite/images/cellpic3.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/templates/ProWhite/ProWhite.css
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
605bbdbe43058ee5b21535b3be3228de6dae242868dcc17ca261b95efe577061

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/templates/ProWhite/ProWhite.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 12:17:32 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
638
Expires
Tue, 15 Feb 2022 06:35:14 GMT
cellpic1.jpg
byavia.net/forum/templates/ProWhite/images/ 		684 B
982 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://byavia.net/forum/templates/ProWhite/images/cellpic1.jpg
Requested by
Host: byavia.net
URL: http://byavia.net/forum/templates/ProWhite/ProWhite.css
Protocol
HTTP/1.1
Server
54.36.109.71 , France, ASN16276 (OVH, FR),
Reverse DNS
s6002.avahost.net
Software
nginx /
Resource Hash
e394a707ca069f80fc694cda2101dfea68ca2af5e71d200deac99943598d0146

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/forum/templates/ProWhite/ProWhite.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Fri, 17 Dec 2021 06:35:14 GMT
Last-Modified
Sat, 22 Oct 2011 12:17:31 GMT
Server
nginx
Content-Type
image/jpeg
Cache-Control
max-age=5184000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
684
Expires
Tue, 15 Feb 2022 06:35:14 GMT
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1639722913758
Requested by
Host: byavia.net
URL: http://byavia.net/forum/profile.php?mode=viewprofile&u=14312
Protocol
HTTP/1.1
Server
5.57.16.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
bstatic.com
Software
nginx /
Resource Hash
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 06:35:13 GMT
content-encoding
gzip
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-186e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
transfer-encoding
chunked
timing-allow-origin
*
nel
{"report_to":"default","max_age":600}
x-xss-protection
1; mode=block
expires
Sun, 16 Jan 2022 06:35:13 GMT
flexiproduct.html
www.booking.com/ Frame C8EC
Redirect Chain
  • http://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
  • https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
94 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Requested by
Host: aff.bstatic.com
URL: http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1639722913758
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
cbf96bc7c882243671480c1fd8c197b7226a8f894776dae0f1eab93ff3cb82cc
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
http://byavia.net/

Response headers

server
nginx
date
Fri, 17 Dec 2021 06:35:14 GMT
content-type
text/html; charset=UTF-8
content-length
37796
cache-control
private
vary
User-Agent, Accept-Encoding
content-encoding
br
nel
{"report_to":"default","max_age":604800}
report-to
{"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":604800}
strict-transport-security
max-age=604800
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

server
nginx
date
Fri, 17 Dec 2021 06:35:13 GMT
transfer-encoding
chunked
location
https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
content-security-policy-report-only
frame-ancestors 'none'; report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=38322e509a410083&e=UmFuZG9tSVYkc2RlIyh9YRXtvWBsZHB6V-Jh6sqVBe9ea37Z1nxzfP7MfD5kruZ8mcZxBaCnUf4&f=0&s=0;
x-xss-protection
1; mode=block
82b674edb949dddf78e02d76e8593771bf2e85d5.css
cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/ Frame C8EC 		1 KB
1015 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 04:26:42 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1217312
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-51a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
MQPVMAyufnk5NANs5HN4gHxtKb7LYYmjwgSy-VQIBAZ8ktOWHRmMdg==
expires
Sun, 02 Jan 2022 04:26:42 GMT
f6d29e089da85314827d24b5e412d273b710cf84.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/ Frame C8EC 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/f6d29e089da85314827d24b5e412d273b710cf84.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 01:00:43 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1748071
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 14:42:31 GMT
server
nginx
etag
W/"5eda59d7-2ae3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
CLE35LN3fJKN8pBxA5Q0Cq-zcUOsJQl0R3vBzPysxpG7Ogi9KsqL1Q==
expires
Mon, 27 Dec 2021 01:00:43 GMT
0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/ Frame C8EC 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 12 Dec 2021 01:28:08 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
450615
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
W/"5cadd1af-32e1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
1IQEE7c2VVW1RoYT5cZ-VfvwnAEDjIaEhYA5ykjQfkf52Z0fPD0IPQ==
expires
Tue, 11 Jan 2022 01:24:59 GMT
cc3c3bb07577b243628b6437fe31264026e19804.css
cf.bstatic.com/static/affiliate_base/css/flexi_product_sbp/ Frame C8EC 		722 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_product_sbp/cc3c3bb07577b243628b6437fe31264026e19804.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
4fd43a4477bcd68debcf4c5c6b943f3fc4fbec14a396573ffb2f7f31b21e914c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:00:36 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1445678
x-cache
Hit from cloudfront
content-length
722
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
"5cadd1af-2d2"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
vJeDaZrrof3phgKcTGe0a-wWaShn6NrDe8xZnv6BzoPztMxcemp8sg==
expires
Thu, 30 Dec 2021 13:00:36 GMT
ebc3273565b5e682ccaf01872d2e046749306442.png
cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ Frame C8EC 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ebc3273565b5e682ccaf01872d2e046749306442.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 04 Dec 2021 16:25:43 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1087783
x-cache
Hit from cloudfront
content-length
2904
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-b58"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
olWS7DI_hRF6dKEebwVKIkR4XBGs0gpd25Q41xDMJme5gLk_ZXeyLw==
expires
Mon, 03 Jan 2022 16:25:31 GMT
8445c6d95d9a59c87b9bfd0c4e8d6d06bae67f9f.png
cf.bstatic.com/static/img/flags/32/fr/ Frame C8EC 		635 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/flags/32/fr/8445c6d95d9a59c87b9bfd0c4e8d6d06bae67f9f.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
18a076ed54c175e4c0d840f127c03b8e307a50c98ef1a2be28b7e89e74443c35
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 21:15:33 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1934381
x-cache
Hit from cloudfront
content-length
635
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:53 GMT
server
nginx
etag
"5cadd1d1-27b"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
PJiixlkFi9ChzsElrBeDaHr3U4gKuuYI2g37Ab_hIqeHRemdlV1b0Q==
expires
Fri, 24 Dec 2021 21:15:33 GMT
61a55c5f6c8f0a16e35cef7ab1b5b5b8a645589a.png
cf.bstatic.com/static/img/flags/32/es/ Frame C8EC 		857 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/flags/32/es/61a55c5f6c8f0a16e35cef7ab1b5b5b8a645589a.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
bd181a983d2b28d18decdb6dff1df9c90f1e04e72fcc09b6d0f4c0cdf4ed4c00
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 02 Dec 2021 05:26:46 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1300108
x-cache
Hit from cloudfront
content-length
857
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:53 GMT
server
nginx
etag
"5cadd1d1-359"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
sYjkmOcmo_Bm0--_4MAQA8JQJ9YHGIBb0D3S-m7fW-pcidqTU9a_yg==
expires
Sat, 01 Jan 2022 05:26:46 GMT
2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/ Frame C8EC 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 01:00:43 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1748071
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-1ecfc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
UHV6O27ZyensKkB_QdgolSKHyj5mBJN2mUS5lKqnuyWdqsQ30XQSwA==
expires
Mon, 27 Dec 2021 01:00:43 GMT
eb78197b2eee9a032c319d91a6e1c581e295f284.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/ Frame C8EC 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/eb78197b2eee9a032c319d91a6e1c581e295f284.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 04 Dec 2021 19:02:14 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1078380
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-84eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
5rJ9EzSgNui_GbfNeNYZsTzypiPvYAe0V8D-eZ0cxY-7b7SFRCRljw==
expires
Mon, 03 Jan 2022 19:02:14 GMT
4b4fae87bf31da220deff9a2b0120bd0552b6fe8.js
cf.bstatic.com/static/affiliate_base/js/flexi_sbp_cloudfront_sd/ Frame C8EC 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexi_sbp_cloudfront_sd/4b4fae87bf31da220deff9a2b0120bd0552b6fe8.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7010c1be3185f588ded1c9f2dad3295ae742a55bcf57d59042965b1020b863b5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 28 Nov 2021 00:04:01 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
1665073
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-112b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
x-amz-cf-id
p2T4wCboISm4Lxc6M9u4MDUwcwjbT7xEW7DnYIijniI2ri4X0FQBXw==
expires
Tue, 28 Dec 2021 00:04:01 GMT
750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
cf.bstatic.com/static/fonts/flexi/flexi/ Frame C8EC 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/flexi/flexi/750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Origin
https://www.booking.com
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 01:00:43 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1748071
x-cache
Hit from cloudfront
content-length
7772
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:49 GMT
server
nginx
etag
"5cadd1cd-1e5c"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
uYZif8VQSreIGqH7qspW8zx3okH9VxExgLkf6IjLd6cTniR5c3W9dg==
expires
Mon, 27 Dec 2021 01:00:43 GMT
844107.webp
cf.bstatic.com/xdata/images/city/square250/ Frame C8EC 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/xdata/images/city/square250/844107.webp?k=d2e327bd37d6b8a5e3b3f8f0a4c218387781b80dbbd5adb2d9e56d10f46c1659&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
aedf7fb86c43f1db2300e13ed0eb7c802d229d4e6da54b86d097c6fb10596acb
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 18 Nov 2021 09:23:11 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
server
nginx
age
2495523
etag
"8ec2259e4305e4b2c8dc57eced5998dab6ce58fa"
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
content-length
10354
x-xss-protection
1; mode=block
x-amz-cf-id
grkSm1qXAhSC3kGVIQYpbioFbgj6ecMz6Rm97nkVl0JfqADhBBw5zg==
expires
Sat, 18 Dec 2021 09:23:11 GMT
693538.webp
cf.bstatic.com/xdata/images/city/square250/ Frame C8EC 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/xdata/images/city/square250/693538.webp?k=a0f59068e765bf5c423e84eb83ccc8ba1bf30eed3b89d5fbfa8c9d17316cdffa&o=
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c043c3609921af8392e12f9e4f305ae56646a5e51bb948f5b7fdc91b4094eadc
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 06:28:38 GMT
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
server
nginx
age
1987596
etag
"fd5cdfd2b95794476b28e84c7d34c6db0414068a"
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
FRA50-C1
timing-allow-origin
*
content-length
11086
x-xss-protection
1; mode=block
x-amz-cf-id
5XZBxWDlde49Ws8Qyy74eWZTF8FB2UjtMU4gaPeS5w-4aGMobBaX-Q==
expires
Fri, 24 Dec 2021 06:28:38 GMT
fp_view
www.booking.com/affiliate/ Frame C8EC 		12 B
882 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/affiliate/fp_view?aid=1133763&target_aid=1132197&product_type=sbp
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
X-Booking-CSRF
4me8YQAAAAA=wGbszsini5SBREC6fzWz32y3iUiT_kQHCGoV4x_vx50-Y1kcCG-rMYaNIlmqrcd228fS50LiRJFscnfcajjhzapRdL_mvHFocKnCzL4Z_bPdfy1X0_6P5MLBBKyxU6fmG56K0U4WH7UkJpaQU33AnglrdQp666WUNVHYd3nw2hImMcJPTzSN8K-wji71KTLwXMS2zInXYc9jhL64
Referer
https://www.booking.com/flexiproduct.html?product=sbp&w=500&h=130&aid=1133763&target_aid=1132197&selected_currency=USD&fid=1639722913854&
X-Requested-With
XMLHttpRequest
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 06:35:15 GMT
transfer-encoding
chunked
x-content-options
nosniff
server
nginx
x-xss-protection
1; mode=block
strict-transport-security
max-age=604800
content-type
application/json; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| _i_ function| _r_ object| BookingAff

3 Cookies

Domain/Path Name / Value
byavia.net/ Name: phpbb2mysql_data
Value: a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D
byavia.net/ Name: phpbb2mysql_sid
Value: fe2996f85a3358a7f434540b9a3f5b4a
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbwcLxQQ4VaCoNYHU4U3SxfTSK8D47Lj7K6A339EjVK4YHODmjqQ7s19yBZKu27uZpQq6F0iWwQu1exA1qBZWKvYV1CjMdAiXg%2FNIXkW6VCZiawuWNdS9DIlNLJVLMGzVpciwqnht2BmFyqkm67XjT7cYg1T375rkO1P9oFrLd9XU%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aff.bstatic.com
byavia.net
cf.bstatic.com
www.booking.com
2600:9000:2156:5a00:1f:e2ee:200:93a1
37.10.0.220
5.57.16.90
54.36.109.71
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
18a076ed54c175e4c0d840f127c03b8e307a50c98ef1a2be28b7e89e74443c35
22f3a547554c0188c44a9aa22b831f1b03ef51a439fd10d8a22b76cbd60a785f
3e2256f7d232e1b23d01ae115dc0d7bf5263af2399435935b6194f6a2ddfc2b3
4a970e866b1924e34092e9988a4208c53a4e6c98a23d455ece4e36bc63e54005
4fd43a4477bcd68debcf4c5c6b943f3fc4fbec14a396573ffb2f7f31b21e914c
57a86b7eca3bebba65045401f76790cdf4500347ea96fbf2902d5b7fade3a358
605bbdbe43058ee5b21535b3be3228de6dae242868dcc17ca261b95efe577061
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
7010c1be3185f588ded1c9f2dad3295ae742a55bcf57d59042965b1020b863b5
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
737cc1ba458946d0037fb910f6e31bc281dd4ec516dfaf21a263cb0f6f257d42
a3f747d376ea2cc66ef392e34131549bbc905da1883e1505703437bd6dc3b2e9
a4af0f98317154894aef0cc92e6077ffd98a7e634d5dc3fd2e9ba00e8baf7dde
aa153de31dd0652f904b284ace7dccc3166a63060ef803251c8b4d1442e5c019
aedf7fb86c43f1db2300e13ed0eb7c802d229d4e6da54b86d097c6fb10596acb
b38abcb94bd44621572664c2c854565d7aaa72b05b754d6363fe4089f21d079d
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
ba8e5dc1e79e1e61dab9dc7baf632a033064392c07479957a39e76c06ac222ed
bd181a983d2b28d18decdb6dff1df9c90f1e04e72fcc09b6d0f4c0cdf4ed4c00
c043c3609921af8392e12f9e4f305ae56646a5e51bb948f5b7fdc91b4094eadc
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
cbf96bc7c882243671480c1fd8c197b7226a8f894776dae0f1eab93ff3cb82cc
e394a707ca069f80fc694cda2101dfea68ca2af5e71d200deac99943598d0146
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
fa3c58c6892af465160cf12425d2c555c2f41e828d4f1447f08eb50abda50a30
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
fe85cceb474303eb80a5ca9a60b16d92208a8e0b38647647654b0c42447b51f7