urlscan.io logo urlscan.io
SecurityTrails logo

185.28.223.40 Open in urlscan Pro
185.28.223.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://185.28.223.40/
Effective URL: https://185.28.223.40/
Submission: On October 09 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 185.28.223.40, located in Netherlands and belongs to BOOKING-BV Booking.com, NL. The main domain is 185.28.223.40.
TLS certificate: Issued by DigiCert ECC Secure Server CA on November 14th 2018. Valid for: a year.
This is the only time 185.28.223.40 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 185.28.223.40 43996 (BOOKING-B...)
3 5.57.17.14 43996 (BOOKING-B...)
6 68.232.35.205 15133 (EDGECAST)
1 151.101.14.110 54113 (FASTLY)
3 35.186.220.184 15169 (GOOGLE)
15 5
3    185.28.223.40 (Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
185.28.223.40
3    5.57.17.14 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
account.booking.com
6    68.232.35.205 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
q-ec.bstatic.com
1    151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
client.perimeterx.net
3    35.186.220.184 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 184.220.186.35.bc.googleusercontent.com
collector-pxikkul2rm.perimeterx.net
Domain Requested by
6 q-ec.bstatic.com 185.28.223.40
3 collector-pxikkul2rm.perimeterx.net client.perimeterx.net
3 account.booking.com 185.28.223.40
1 client.perimeterx.net 185.28.223.40
15 4

This site contains links to these domains. Also see Links.

Domain
www.booking.com
secure.booking.com
Subject Issuer Validity Valid
*.booking.com
DigiCert ECC Secure Server CA		 2018-11-14 -
2019-11-19		 a year crt.sh
q-ec.bstatic.com
DigiCert SHA2 Secure Server CA		 2019-07-15 -
2020-05-25		 10 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-04-10 -
2020-03-21		 a year crt.sh
perimeterx.net
GeoTrust RSA CA 2018		 2019-07-03 -
2021-08-31		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://185.28.223.40/
Frame ID: 983F23AC7D6CCF83D23F38B4C80866B7
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://185.28.223.40/ HTTP 301
    https://185.28.223.40/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

270 kB
Transfer

1073 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://185.28.223.40/ HTTP 301
    https://185.28.223.40/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
185.28.223.40/
Redirect Chain
  • http://185.28.223.40/
  • https://185.28.223.40/
93 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://185.28.223.40/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.28.223.40 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
f63d2f9d205c2c170b9efeef8d28cdebc2079cd5197e10d16da8c772d010b52c
Security Headers
Name Value
Content-Security-Policy report-uri /csp_violation?type=block&tag=42&pid=116469c459e702ac&a=page_Index&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Host
185.28.223.40
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Wed, 09 Oct 2019 15:02:32 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Vary
Accept-Encoding
Set-Cookie
_pxhd=8ded6ef065d1086a102bc0332cff911e3ebb9838ac8fd9262242a7da21bf8c32:d1f57a60-eaa5-11e9-96ec-f3b5e7f50c33; Expires=Thu, 08-Oct-20 15:02:32 GMT; Path=/ bkng_ap=U2FsdGVkX19OJAIl8YJf%2BgtNAdD6fWrN3bhlZY6Aqq2pSprsCUxiNkutSILiJy3lLYYwa1jJDvc6%0AQe4d19R%2B7A%3D%3D%0A; domain=account.booking.com; path=/; secure; HttpOnly bkng_ap_sso_session=e30; domain=account.booking.com; path=/; expires=Mon, 07-Oct-2024 15:02:32 GMT; secure; HttpOnly
Content-Security-Policy
report-uri /csp_violation?type=block&tag=42&pid=116469c459e702ac&a=page_Index&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Content-Security-Policy-Report-Only
style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-PiIk5E8yzJaEy1Z'; object-src 'none'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-PiIk5E8yzJaEy1Z' 'report-sample'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample'; report-uri /csp_violation?type=report&tag=41&pid=116469c459e702ac&a=page_Index&p=accounts-portal; default-src *.bstatic.com bstatic.com 'self'; base-uri 'none'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com;
Strict-Transport-Security
max-age=17280000
Content-Encoding
gzip
X-XSS-Protection
1; mode=block

Redirect headers

Content-length
0
Location
https://185.28.223.40/
error_catcher
account.booking.com/ 		35 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.booking.com/error_catcher
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
cd4f42cc325fbfb0485d3878c56fa4d0c0d831b3fd6e69c626c8322758f0c60b
Security Headers
Name Value
Content-Security-Policy report-uri /csp_violation?type=block&tag=42&pid=e30069c4c99d01e9&a=error_catcher&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
report-uri /csp_violation?type=block&tag=42&pid=e30069c4c99d01e9&a=error_catcher&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Content-Encoding
gzip
Content-Security-Policy-Report-Only
connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample'; report-uri /csp_violation?type=report&tag=41&pid=e30069c4c99d01e9&a=error_catcher&p=accounts-portal; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-Op5pud0bRDITYxc' 'report-sample'; default-src *.bstatic.com bstatic.com 'self'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; base-uri 'none'; object-src 'none'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-Op5pud0bRDITYxc'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com;
Server
nginx
Date
Wed, 09 Oct 2019 15:02:33 GMT
Vary
User-Agent, Accept-Encoding
Content-Type
application/x-javascript
Strict-Transport-Security
max-age=17280000
Content-Length
8238
X-XSS-Protection
1; mode=block
7_443e7490752da97fc7b7.css
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		54 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/7_443e7490752da97fc7b7.css
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D64) /
Resource Hash
18f819c5b1bf52f6277b6d1ca66dcea00600fef0d8cd9183a762218ccb9bc445
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:47 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
ba70ff4e-fffe-1fff-b83d-a81e84fac074
x-cache
HIT
status
200
content-length
8357
x-xss-protection
1; mode=block
last-modified
Fri, 27 Sep 2019 10:22:18 GMT
server
ECS (lcy/1D64)
etag
W/"2ce341163637ec86f7d2b7af3de57d6e"
strict-transport-security
max-age=31536000
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:47 GMT
1_a331e155e81beb38c306.css
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		38 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/1_a331e155e81beb38c306.css
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D4E) /
Resource Hash
ab8a7a22987d96b5f9f6d77d3ceef82e3c31a9be44038d452098bb26b5ca0ae9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
da8c99ab-fffe-1fff-b83d-a81e84fac074
x-cache
HIT
status
200
content-length
7101
x-xss-protection
1; mode=block
last-modified
Wed, 09 Oct 2019 13:20:06 GMT
server
ECS (lcy/1D4E)
etag
W/"90da57b6a5dc20f535c5dbaffc28a272"
strict-transport-security
max-age=31536000
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:33 GMT
runtime~Index_c538f27de06b04aa3485.js
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		1 KB
867 B 		Script
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/runtime~Index_c538f27de06b04aa3485.js
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D21) /
Resource Hash
911b07404d738b9dfe3408f9adff477094bed834eec85dceeff2fbd24073b200
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
c7afc76c-fffe-1fff-b83d-a81e84fac074
x-cache
HIT
status
200
content-length
716
x-xss-protection
1; mode=block
last-modified
Tue, 01 Oct 2019 15:58:46 GMT
server
ECS (lcy/1D21)
etag
W/"3a2c265989cbfc4d9a7348a2ba9f0156"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:33 GMT
0_f150fbdcbf63819d1507.js
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/0_f150fbdcbf63819d1507.js
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D53) /
Resource Hash
f8f6f658814615e30c0b07401ab68f2d411fbd0276451a8f774e187665a1230c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
e4f3878a-ffdd-1fff-afb9-d8c4974ce97e
x-cache
HIT
status
200
content-length
15211
x-xss-protection
1; mode=block
last-modified
Tue, 01 Oct 2019 15:58:46 GMT
server
ECS (lcy/1D53)
etag
W/"23e1fbb4a9b6090b59b70ada70f02b58"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:33 GMT
7_f0045d2689e8480c38a7.js
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		299 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/7_f0045d2689e8480c38a7.js
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D47) /
Resource Hash
6bd97d5f364f5fcfc70d9cd1516d7fcccbc710b69ede33980a2032d293c51a0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
e0308f38-ffe7-1fff-bb36-a81e84fabc14
x-cache
HIT
status
200
content-length
91261
x-xss-protection
1; mode=block
last-modified
Fri, 27 Sep 2019 10:22:18 GMT
server
ECS (lcy/1D47)
etag
W/"69d73a74695d069a6ab3b25bbc150e1c"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:33 GMT
1_c39ba75493cebbc84b5f.js
q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/ 		442 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/1_c39ba75493cebbc84b5f.js
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.232.35.205 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (lcy/1D67) /
Resource Hash
c58cb1ceea2fd856d70e467769222bb50e8b1fa7d1c3d8c9c87b900726ff9ba2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-request-id
e45d87e2-fff7-1fff-bd2c-a81e84fabfbe
x-cache
HIT
status
200
content-length
75972
x-xss-protection
1; mode=block
last-modified
Wed, 09 Oct 2019 13:20:06 GMT
server
ECS (lcy/1D67)
etag
W/"f34bb1f8c9611bc32ee6808eee7d83f4"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Nov 2019 15:02:33 GMT
fvtrpw.gif
account.booking.com/_/ 		35 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.booking.com/_/fvtrpw.gif
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Content-Security-Policy report-uri /csp_violation?type=block&tag=42&pid=0b6969c4c9930039&a=phishing_pixel&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 09 Oct 2019 15:02:33 GMT
Server
nginx
Content-Security-Policy-Report-Only
object-src 'none'; report-uri /csp_violation?type=report&tag=41&pid=0b6969c4c9930039&a=phishing_pixel&p=accounts-portal; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-bMkqCmbpzYC5Ejq' 'report-sample'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com; base-uri 'none'; default-src *.bstatic.com bstatic.com 'self'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-bMkqCmbpzYC5Ejq'; connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample';
Content-Type
image/gif
Content-Disposition
attachment; filename=etnht.gif
Transfer-Encoding
chunked
Content-Security-Policy
report-uri /csp_violation?type=block&tag=42&pid=0b6969c4c9930039&a=phishing_pixel&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security
max-age=17280000
X-XSS-Protection
1; mode=block
etnht.gif
account.booking.com/_/ 		35 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.booking.com/_/etnht.gif
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.14 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri /csp_violation?type=block&tag=42&pid=e30069c49066040b&a=phishing_pixel&p=accounts-portal;
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://q-ec.bstatic.com/build/asset-files-bucket/accountsportal/assets/1_a331e155e81beb38c306.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 09 Oct 2019 15:02:33 GMT
Server
nginx
Content-Security-Policy-Report-Only
report-uri /csp_violation?type=report&tag=41&pid=e30069c49066040b&a=phishing_pixel&p=accounts-portal; connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-Xrv87sUu4Zuh4mz'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com; default-src *.bstatic.com bstatic.com 'self'; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-Xrv87sUu4Zuh4mz' 'report-sample'; object-src 'none'; base-uri 'none'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self';
Content-Type
image/gif
Content-Disposition
attachment; filename=etnht.gif
Transfer-Encoding
chunked
Content-Security-Policy
frame-ancestors https://*.booking.com 'self'; report-uri /csp_violation?type=block&tag=42&pid=e30069c49066040b&a=phishing_pixel&p=accounts-portal;
Strict-Transport-Security
max-age=17280000
X-XSS-Protection
1; mode=block
main.min.js
client.perimeterx.net/PXikKuL2RM/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.perimeterx.net/PXikKuL2RM/main.min.js
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
999e5a7dae85ed08f5fe525e1e5799309d482a01b5902fbf35f27a4e626ba64e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
content-encoding
gzip
age
560
x-cache
HIT
status
200
content-length
25331
x-served-by
cache-fra19121-FRA
access-control-allow-origin
*
x-timer
S1570633354.831335,VS0,VE0
etag
W/"10e64-hMSB86MvZZWKD9dRs4xtUvvGobA"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
public, max-age=600
accept-ranges
bytes
x-cache-hits
38
collector
collector-pxikkul2rm.perimeterx.net/api/v1/ 		690 B
989 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxikkul2rm.perimeterx.net/api/v1/collector
Requested by
Host: client.perimeterx.net
URL: https://client.perimeterx.net/PXikKuL2RM/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.186.220.184 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
184.220.186.35.bc.googleusercontent.com
Software
/
Resource Hash
fa4002d830389b9080434724e0b4fffa6a4293e8a65caa401b3c296b93e765fc

Request headers

Sec-Fetch-Mode
cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 09 Oct 2019 15:02:33 GMT
via
1.1 google
status
200
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://185.28.223.40
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
clear
content-length
690
navigation_times
185.28.223.40/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://185.28.223.40/navigation_times?sid=&pid=116469c459e702ac&nts=0,0,1570633351410,0,0,0,0,1570633351732,1570633351733,1570633351733,1570633351733,1570633352060,1570633351754,1570633352060,1570633352973,1570633352980,1570633353431,1570633353723,1570633353723,1570633353723,1570633353729,1570633353729,1570633353729,0&first=&cdn=ec&dc=1&bo=4&lang=en-us&ref_action=Index&aid=375654&stype=&route=&ua=&ch=&lt=
Requested by
Host: 185.28.223.40
URL: https://185.28.223.40/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.28.223.40 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.booking.com 'self'; report-uri /csp_violation?type=block&tag=42&pid=0b6969c5ce050017&a=navigation_times&p=accounts-portal;
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://185.28.223.40/
X-Booking-CSRF
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Content-Security-Policy
frame-ancestors https://*.booking.com 'self'; report-uri /csp_violation?type=block&tag=42&pid=0b6969c5ce050017&a=navigation_times&p=accounts-portal;
Server
nginx
Date
Wed, 09 Oct 2019 15:02:34 GMT
Content-Security-Policy-Report-Only
connect-src saa.booking.com collector-pxikkul2rm.perimeterx.net www.google-analytics.com 'self' 'report-sample'; style-src *.bstatic.com bstatic.com *.static.booking.cn 'self' 'nonce-BXcC3ILcuW5GOL3'; default-src *.bstatic.com bstatic.com 'self'; img-src 'self' data: www.booking.com account.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com www.google.com stats.g.doubleclick.net collector-pxikkul2rm.perimeterx.net www.gstatic.com; base-uri 'none'; object-src 'none'; frame-src https://www.youtube.com/embed/Vv4w5SmRkss *.bstatic.com bstatic.com 'self'; report-uri /csp_violation?type=report&tag=41&pid=0b6969c5ce050017&a=navigation_times&p=accounts-portal; script-src saa.booking.com *.bstatic.com bstatic.com *.static.booking.cn www.google-analytics.com client.perimeterx.net 'self' 'nonce-BXcC3ILcuW5GOL3' 'report-sample';
Content-Type
image/jpeg
Strict-Transport-Security
max-age=17280000
Content-Length
0
X-XSS-Protection
1; mode=block
collector
collector-pxikkul2rm.perimeterx.net/api/v1/ 		520 B
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxikkul2rm.perimeterx.net/api/v1/collector
Requested by
Host: client.perimeterx.net
URL: https://client.perimeterx.net/PXikKuL2RM/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.186.220.184 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
184.220.186.35.bc.googleusercontent.com
Software
/
Resource Hash
0b85c22fa41b699dbe2d0573d36b97ea5e4d026d0a745924c677bf27fc0bd40c

Request headers

Sec-Fetch-Mode
cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 09 Oct 2019 15:02:35 GMT
via
1.1 google
status
200
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://185.28.223.40
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
clear
content-length
520
collector
collector-pxikkul2rm.perimeterx.net/api/v1/ 		520 B
661 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector-pxikkul2rm.perimeterx.net/api/v1/collector
Requested by
Host: client.perimeterx.net
URL: https://client.perimeterx.net/PXikKuL2RM/main.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.186.220.184 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
184.220.186.35.bc.googleusercontent.com
Software
/
Resource Hash
b4bc0256bca8a3d14b593667e9916e382fd9e5d2805948b51b522d444cdfd6f8

Request headers

Sec-Fetch-Mode
cors
Referer
https://185.28.223.40/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 09 Oct 2019 15:02:37 GMT
via
1.1 google
status
200
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://185.28.223.40
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
clear
content-length
520

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| E_ function| onBookingError object| booking object| booking_extra object| B object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime function| handleSocialProviderResult string| _pxAppId string| _pxParam1 object| PXikKuL2RM object| PX

1 Cookies

Domain/Path Name / Value
185.28.223.40/ Name: _pxhd
Value: 8ded6ef065d1086a102bc0332cff911e3ebb9838ac8fd9262242a7da21bf8c32:d1f57a60-eaa5-11e9-96ec-f3b5e7f50c33

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy report-uri /csp_violation?type=block&tag=42&pid=116469c459e702ac&a=page_Index&p=accounts-portal; frame-ancestors https://*.booking.com 'self';
Strict-Transport-Security max-age=17280000
X-Xss-Protection 1; mode=block