urlscan.io logo urlscan.io
SecurityTrails logo

crypto.winco.biz Open in urlscan Pro
46.54.226.97  Public Scan

Go To Rescan Add Verdict Report
URL: http://crypto.winco.biz/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On August 10 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 46.54.226.97, located in Nova Gorica, Slovenia and belongs to KATENG-ASN, SI. The main domain is crypto.winco.biz.
This is the only time crypto.winco.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    46.54.226.97 (Nova Gorica, Slovenia)

ASN51615 (KATENG-ASN, SI)
PTR: web.winco.biz
crypto.winco.biz
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:223f:b400:1c:d826:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
aff.bstatic.com
5    2600:9000:223f:8a00:1c:d826:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
aff.bstatic.com
cf.bstatic.com
r.bstatic.com
2    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    13.32.99.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-76.fra60.r.cloudfront.net
www.booking.com
1    13.32.99.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-47.fra60.r.cloudfront.net
www.booking.com
1    2600:9000:223f:da00:1c:d826:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Apex Domain
Subdomains		 Transfer
7 bstatic.com
aff.bstatic.com — Cisco Umbrella Rank: 44492
cf.bstatic.com — Cisco Umbrella Rank: 13420
r.bstatic.com — Cisco Umbrella Rank: 78551
57 KB
2 booking.com
www.booking.com — Cisco Umbrella Rank: 8666
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 54
21 KB
2 winco.biz
crypto.winco.biz
8 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
61 KB
12 5
Domain Requested by
3 r.bstatic.com cf.bstatic.com
2 cf.bstatic.com www.booking.com
2 www.booking.com 1 redirects aff.bstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 aff.bstatic.com 1 redirects crypto.winco.biz
2 crypto.winco.biz crypto.winco.biz
1 www.googletagmanager.com crypto.winco.biz
12 7

This site contains links to these domains. Also see Links.

Domain
www.booking.com
www.binance.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
*.booking.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-12 -
2024-05-18		 a year crt.sh
*.bstatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-21 -
2023-10-11		 a year crt.sh

This page contains 2 frames:

Primary Page: http://crypto.winco.biz/
Frame ID: A19574FBA7ED36A2CCC8266CB33E94EF
Requests: 6 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
Frame ID: BA7F0270519A5F2464AB73583616BB15
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Invest smart

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

12
Requests

75 %
HTTPS

63 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

148 kB
Transfer

293 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152 HTTP 301
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
Request Chain 4
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395& HTTP 301
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crypto.winco.biz/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
46.54.226.97 Nova Gorica, Slovenia, ASN51615 (KATENG-ASN, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) / PHP/7.1.0
Resource Hash
6520f6970b30f6704f339582951eeade10e66710e99be043c2fdf220907780d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Thu, 10 Aug 2023 03:03:22 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.7 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.0
js
www.googletagmanager.com/gtag/ 		164 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fdfd04460e613b3dd76dce0364102a74ce57a8edf58cdd20b59725191414700d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 03:03:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
61682
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 10 Aug 2023 03:03:22 GMT
etoro_logo.PNG
crypto.winco.biz/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://crypto.winco.biz/etoro_logo.PNG
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
46.54.226.97 Nova Gorica, Slovenia, ASN51615 (KATENG-ASN, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
ec0ef6cad89424d3ed7009356ad28c4272d4b5dfa7f2000cca29b0e64a93adbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Thu, 10 Aug 2023 03:03:22 GMT
Last-Modified
Wed, 08 May 2019 14:36:33 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"1a7d-588614293ed92"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6781
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/
Redirect Chain
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Server
2600:9000:223f:8a00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6f2c2164df92670e1f44b40c516e974340a0a4834b5a2b2156faf3f1c6fc0e90
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 13:37:13 GMT
content-encoding
br
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
566769
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 13 Jun 2022 03:41:28 GMT
server
nginx
etag
W/"62a6b1e8-1849"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
ohc7AkmjYO_S3bIDiIOvn_jz4tKL7owjAPGL4jTAadZMhPUQ18uetA==
expires
Sat, 02 Sep 2023 13:37:13 GMT

Redirect headers

Date
Thu, 10 Aug 2023 03:03:22 GMT
Via
1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA56-P5
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
Connection
keep-alive
Content-Length
167
X-Amz-Cf-Id
5d_JONarX9g3Z0M3asg-Iml6SXyZVEIPqfHph7rmJ15XwAaV3agxmw==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 10 Aug 2023 01:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4419
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 10 Aug 2023 03:49:43 GMT
flexiproduct.html
www.booking.com/ Frame BA7F
Redirect Chain
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
Requested by
Host: aff.bstatic.com
URL: http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1691636602152
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-47.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
423b5607d29b55742c10bda47d0406c58c45f3dce2cd5914349647b739fcfe1a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://crypto.winco.biz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
br
content-length
1112
content-type
text/html; charset=UTF-8
date
Thu, 10 Aug 2023 03:03:22 GMT
nel
{"report_to":"default","max_age":604800}
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":604800,"group":"default"}
server
nginx
strict-transport-security
max-age=300; includeSubDomains
vary
Accept-Encoding, User-Agent
via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
x-amz-cf-id
NUa_-bjsvTmOYAd00y5M__iN7zBg3thQ1a7nufHGh__UcY2z05kOCQ==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Thu, 10 Aug 2023 03:03:22 GMT
Location
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
Server
CloudFront
Via
1.1 987865b81ba895db5b3f56f8ae175c84.cloudfront.net (CloudFront)
X-Amz-Cf-Id
4C1DrLQohAfyLa5_1qOOreCy1qrDhM2A5l3M-kWaIFyfHK6Hhv2u7A==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Redirect from cloudfront
collect
www.google-analytics.com/j/ 		1 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=990548062&t=pageview&_s=1&dl=http%3A%2F%2Fcrypto.winco.biz%2F&ul=en-us&de=UTF-8&dt=Invest%20smart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=828566506&gjid=452195873&cid=1703758909.1691636603&tid=UA-1427188-1&_gid=1906944050.1691636603&_r=1&gtm=457e3890&jsscut=1&z=1931579094
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://crypto.winco.biz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 10 Aug 2023 03:03:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://crypto.winco.biz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/ Frame BA7F 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:8a00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
258a405249df1898ae210d562b7a73457c378e5686bc45a66f2bf709bac59e3d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 18:22:48 GMT
content-encoding
br
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1240833
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 04 Aug 2022 14:40:51 GMT
server
nginx
etag
W/"62ebda73-1931"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
O89JOXfp7NX5nwe8p2HvP63MOVVYwP-sSaQ3EgrcWco1YDKf6_J3Cg==
expires
Fri, 25 Aug 2023 18:22:48 GMT
8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/ Frame BA7F 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:8a00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
76f0b5a18dc303c68602fb8f2c374cb22ebdfe2167e3dbbe0d7f534f1bd7f5c0
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 19 Jul 2023 06:48:45 GMT
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1887277
x-cache
Hit from cloudfront
content-length
21876
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-5574"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Hb5gjx5o1yYkdZYdIxiN4x3KO2vvXgXStPVvOlyzb4tDJhDEivVz2Q==
expires
Fri, 18 Aug 2023 06:48:45 GMT
0195055111ead85a393fabc53dd83aeb06040b75.svg
r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/ Frame BA7F 		8 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/0195055111ead85a393fabc53dd83aeb06040b75.svg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:8a00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
754da64c4a7344dc24cfd8a781b834e9c2251b8c0bd218c3b582f745e56f44e1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 04:45:45 GMT
content-encoding
br
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1289857
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 08 Aug 2022 08:50:41 GMT
server
nginx
etag
W/"62f0ce61-2110"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
h29CLg4KyLaiTG43Sy_sfOrNoQZ0eOah6nY__BD9SudepGoWJ9w1Zg==
expires
Fri, 25 Aug 2023 04:45:45 GMT
5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/ Frame BA7F 		450 B
1015 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:8a00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
630ff3f5e3fb3bc8d9f615285a6a9c7cbe291e4500f5db996293a58a65e0ee5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 17 Jul 2023 00:38:55 GMT
via
1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
2082267
x-cache
Hit from cloudfront
content-length
450
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:47 GMT
server
nginx
etag
"5cadd1cb-1c2"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
5b3En3LxOwkuBmGMzSSi3bJQyhSe_-naV_LetA_IofRzUDwbctbdTA==
expires
Wed, 16 Aug 2023 00:38:55 GMT
beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/ Frame BA7F 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1691636602395&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:da00:1c:d826:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f06c5a5a26eed51ed7c0d94bd7bdb822cc503c1e619b463377c44e114e2ca5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 19:04:27 GMT
via
1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1238336
x-cache
Hit from cloudfront
content-length
24852
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-6114"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
hBfAKPy0njkruK8rMycrIkWsQuMqZGYMZ-ZoHxzGKT5WpbfkJH4c2w==
expires
Fri, 25 Aug 2023 19:04:27 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| _i_ function| _r_ object| BookingAff object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.winco.biz/ Name: _ga
Value: GA1.2.1703758909.1691636603
.winco.biz/ Name: _gid
Value: GA1.2.1906944050.1691636603
.winco.biz/ Name: _gat_gtag_UA_1427188_1
Value: 1
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbbmD9q%2B5pe3Vnru6ygZhy70KTGrfWZS3EjAfu8LDyzb9RbRojLaVF1zvdZasguMa0HgNo2uZdwHSlVaIQ7bw0w8jkp4yU6FZVLYjJoOxlYuxykOM9rTFnWcsmraKOCrw2AJ1Rzj6StmRhFlf2%2F5tNGR%2FwQqv38wtplQb4zNTmM4w%3D