urlscan.io logo urlscan.io
SecurityTrails logo

booking.rj.com Open in urlscan Pro
45.60.124.29  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://emailmg.rj.com/c/eJwUzr1ugzAQAOCnOTaQfWdsPDDQgJcqapVIXaOzORoqaCJMf5--6ht8Y1vbZNAW0mrbECrvHBbXVqLRjtjr5N1Ucxz9ZH...
Effective URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Submission: On May 07 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 45.60.124.29, located in United States and belongs to INCAPSULA, US. The main domain is booking.rj.com. The Cisco Umbrella rank of the primary domain is 926867.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 3rd 2022. Valid for: a year.
This is the only time booking.rj.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.110.180.34 396982 (GOOGLE-CL...)
1 104.47.151.115 8075 (MICROSOFT...)
11 45.60.124.29 19551 (INCAPSULA)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a05:d018:183... 16509 (AMAZON-02)
3 2600:9000:225... 16509 (AMAZON-02)
19 7
1    34.110.180.34 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 34.180.110.34.bc.googleusercontent.com
emailmg.rj.com
1    104.47.151.115 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
fly22.azurewebsites.net
11    45.60.124.29 (United States)

ASN19551 (INCAPSULA, US)
booking.rj.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2a05:d018:183:5c00:f906:9223:782f:aa51 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
api.geetest.com
3    2600:9000:2250:6a00:1:fa24:cf00:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.geetest.com
Apex Domain
Subdomains		 Transfer
12 rj.com
emailmg.rj.com
booking.rj.com — Cisco Umbrella Rank: 926867
181 KB
5 geetest.com
api.geetest.com — Cisco Umbrella Rank: 45526
static.geetest.com — Cisco Umbrella Rank: 28754
99 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 328
87 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 793
20 KB
1 azurewebsites.net
fly22.azurewebsites.net
3 KB
19 5
Domain Requested by
11 booking.rj.com booking.rj.com
static.geetest.com
3 static.geetest.com booking.rj.com
static.geetest.com
2 api.geetest.com booking.rj.com
static.geetest.com
1 ajax.googleapis.com booking.rj.com
1 maxcdn.bootstrapcdn.com booking.rj.com
1 fly22.azurewebsites.net
1 emailmg.rj.com 1 redirects
19 7

This site contains links to these domains. Also see Links.

Domain
www.rj.com
Subject Issuer Validity Valid
*.azurewebsites.net
Microsoft Azure TLS Issuing CA 02		 2023-03-10 -
2024-03-04		 a year crt.sh
booking.rj.com
Sectigo RSA Organization Validation Secure Server CA		 2022-11-03 -
2023-11-26		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-17 -
2023-07-10		 3 months crt.sh
*.geetest.com
GeoTrust TLS RSA CA G1		 2023-03-28 -
2024-04-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Frame ID: 6DF54E57A6D9B42EC2089E8EE60852C1
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Royal Jordanian

Page URL History Show full URLs

  1. http://emailmg.rj.com/c/eJwUzr1ugzAQAOCnOTaQfWdsPDDQgJcqapVIXaOzORoqaCJMf5--6ht8Y1vbZNAW0mrbECrvHB... HTTP 302
    https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2... Page URL
  2. https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action Page URL
  3. https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

57 %
IPv6

5
Domains

7
Subdomains

7
IPs

4
Countries

390 kB
Transfer

1057 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://emailmg.rj.com/c/eJwUzr1ugzAQAOCnOTaQfWdsPDDQgJcqapVIXaOzORoqaCJMf5--6ht8Y1vbZNAW0mrbECrvHBbXVqLRjtjr5N1Ucxz9ZH3ikbTXtjFczC0qJFUro422GisSVma0pESNNTkLRm1vVbqtxdJe9_2egTrAABim5Qex4t-PTb4k5nmXXL3LDhjOsn3OSTJgOB4fAEPXHQED83qRleclV5zv30DhPJxegPrDRR16QHt46gegvpFYSzSxjOhdaUhc6ZsRS804icOUPNpia4fzqaueh8fhBEZNc35dbpGXf-pfAAAA___FTU19 HTTP 302
    https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2fe72cc926 Page URL
  2. https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action Page URL
  3. https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://emailmg.rj.com/c/eJwUzr1ugzAQAOCnOTaQfWdsPDDQgJcqapVIXaOzORoqaCJMf5--6ht8Y1vbZNAW0mrbECrvHBbXVqLRjtjr5N1Ucxz9ZH3ikbTXtjFczC0qJFUro422GisSVma0pESNNTkLRm1vVbqtxdJe9_2egTrAABim5Qex4t-PTb4k5nmXXL3LDhjOsn3OSTJgOB4fAEPXHQED83qRleclV5zv30DhPJxegPrDRR16QHt46gegvpFYSzSxjOhdaUhc6ZsRS804icOUPNpia4fzqaueh8fhBEZNc35dbpGXf-pfAAAA___FTU19 HTTP 302
  • https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2fe72cc926

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
aam_emails.aspx
fly22.azurewebsites.net/Services/MMB/AAM/
Redirect Chain
  • http://emailmg.rj.com/c/eJwUzr1ugzAQAOCnOTaQfWdsPDDQgJcqapVIXaOzORoqaCJMf5--6ht8Y1vbZNAW0mrbECrvHBbXVqLRjtjr5N1Ucxz9ZH3ikbTXtjFczC0qJFUro422GisSVma0pESNNTkLRm1vVbqtxdJe9_2egTrAABim5Qex4t-PTb4k5nmXX...
  • https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2fe72cc926
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2fe72cc926
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.47.151.115 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Encoding
gzip
Content-Length
2666
Content-Type
text/html; charset=utf-8
Date
Sun, 07 May 2023 13:49:43 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Length
592
Content-Type
text/html
Date
Sun, 07 May 2023 13:49:41 GMT
Location
https://fly22.azurewebsites.net/Services/MMB/AAM/aam_emails.aspx?SERV=C_0CD&CODE=8eb5eb4b-b297-43e7-98d2-1a2fe72cc926
X-Robots-Tag
noindex
X-Xss-Protection
1; mode=block
Override.action
booking.rj.com/plnext/royaljordanianB2CDX/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2881477b24e71efbd710d5a6627d245424a6a9d2b4311bad89801f42b9b8354b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://fly22.azurewebsites.net
Referer
https://fly22.azurewebsites.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
5436
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html
strict-transport-security
max-age=31536000
x-iinfo
9-52524956-0 NNNN RT(1683467383208 35) q(0 0 -1 0) r(0 -1) B10(14,0,0) U6
odaine-the-but-which-you-seescena-Ques-Sist-in-a
booking.rj.com/ 		212 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
68b51261e9d99bbc7ec5facdcb6c61c45c9003e7d322182daa171d8eee790d72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Sun, 07 May 2023 13:49:42 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
server
bon
x-cdn
Imperva
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/javascript
access-control-allow-origin
*
x-iinfo
9-52524956-52522824 PNNN RT(1683467383208 72) q(0 0 0 -1) r(0 0)
cache-control
max-age=60
server-timing
bon, total;dur=0.176372
content-length
69891
odaine-the-but-which-you-seescena-Ques-Sist-in-a
booking.rj.com/ 		926 B
1000 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a?d=booking.rj.com
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
6419abd9b206255eb33aa2e5b9a516969da8c6eba623ca79d08b53d8163f12eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
application/json; charset=utf-8
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Sun, 07 May 2023 13:49:43 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
server
bon
x-cdn
Imperva
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/json
access-control-allow-origin
*
x-iinfo
9-52524956-52522824 PNYN RT(1683467383208 396) q(0 0 0 -1) r(0 0) U6
cache-control
no-cache, no-store
server-timing
bon, total;dur=52.552833
Primary Request Override.action
booking.rj.com/plnext/royaljordanianB2CDX/ 		33 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
83cb0965d13c2091d319579b788985d0646ce62bf93e639f0839478e65ac2944
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://booking.rj.com
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache
content-length
33316
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html
strict-transport-security
max-age=31536000
x-iinfo
9-52524956-0 NNNY RT(1683467383208 482) q(0 1 -1 -1) r(1 -1) B12(14,0,0) U6
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Sun, 07 May 2023 13:49:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617
age
11685772
cdn-cachedat
2021-06-08 14:35:37
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
564c16c132abfdc11043b75cda2465a8
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
7c39ed8edcfb2bdd-FRA
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Fri, 05 May 2023 10:51:40 GMT
x-content-type-options
nosniff
age
183484
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88145
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 04 May 2024 10:51:40 GMT
odaine-the-but-which-you-seescena-Ques-Sist-in-a
booking.rj.com/ 		212 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
68b51261e9d99bbc7ec5facdcb6c61c45c9003e7d322182daa171d8eee790d72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Sun, 07 May 2023 13:49:43 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
x-cdn
Imperva
etag
"e40a7bb9"
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/javascript
x-iinfo
9-52524956-0 0CNN RT(1683467383208 613) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=60, public
content-length
69891
expires
Sun, 07 May 2023 13:50:43 GMT
_Incapsula_Resource
booking.rj.com/ 		9 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/_Incapsula_Resource?NWFURVBO=js/gt.js
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
add1840190041b98d2c3facdfc43ac873a2e7c759fe62034e5d984172acee5bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Sun, 07 May 2023 13:49:43 GMT
cache-control
max-age=86400
content-encoding
gzip
etag
"8a4c0d715e79b5ec"
content-length
2437
content-type
application/javascript
csp_report
booking.rj.com/ 		0
52 B 		Other
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/csp_report
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
application/csp-report

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
0
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b490f780c58f61211d10f15d594a627a512aee04ca01bcece6e7539a0a37c790

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Content-Type
image/png
_Incapsula_Resource
booking.rj.com/ 		126 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/_Incapsula_Resource?SWCNGEEC=tFOFOvvKMxcMf7VVg1PsT7cajfL5PK1pKcirw%2bOMX9Dv4czSU8Yv3YJB2L7usRBz
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6ecfce3a645a63087bdf9976e2b2d213c3f04904b2120c729875e86e6046cc38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
126
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/json
odaine-the-but-which-you-seescena-Ques-Sist-in-a
booking.rj.com/ 		926 B
961 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a?d=booking.rj.com
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/odaine-the-but-which-you-seescena-Ques-Sist-in-a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
bon /
Resource Hash
b7710589a0eba321b7ba7b5bd1acf435ec0e0dfa307f8f8f21cb4ce591c40b04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
application/json; charset=utf-8
Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Sun, 07 May 2023 13:49:43 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
server
bon
x-cdn
Imperva
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/json
access-control-allow-origin
*
x-iinfo
9-52524956-52522824 PNYN RT(1683467383208 680) q(0 0 0 -1) r(0 0) U6
cache-control
no-cache, no-store
server-timing
bon, total;dur=0.523261
csp_report
booking.rj.com/ 		0
28 B 		Other
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/csp_report
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/_Incapsula_Resource?NWFURVBO=js/gt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
application/csp-report

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
0
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
gettype.php
api.geetest.com/ 		460 B
731 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.geetest.com/gettype.php?gt=f2ae6cadcf7886856696502e1d55e00c&callback=geetest_1683467389404
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/_Incapsula_Resource?NWFURVBO=js/gt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:183:5c00:f906:9223:782f:aa51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
2515b90d7a97500136861efeef947f6f57bff85f3ed3e34b0242f5a72933785d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 07 May 2023 13:49:45 GMT
server
openresty
etag
"a2e61ef1d1ba8374169431fb98ea4c443a872a4f"
content-type
text/javascript;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
content-length
460
expires
0
fullpage.9.1.4.js
static.geetest.com/static/js/ 		323 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.geetest.com/static/js/fullpage.9.1.4.js
Requested by
Host: booking.rj.com
URL: https://booking.rj.com/_Incapsula_Resource?NWFURVBO=js/gt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:6a00:1:fa24:cf00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d2c40cf950d02a6e0481f2105909e544b6b8049ccf7c8c68e4f763ff8bcba27f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Fri, 05 May 2023 13:33:40 GMT
content-encoding
gzip
via
1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
last-modified
Thu, 30 Mar 2023 07:00:17 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
419284
x-amz-server-side-encryption
AES256
etag
W/"c0f8f1e10a8aff0e999a36a2d217848f"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
LRUwkW2lZyxqgdmjCx0IGTfmtUdzUxB_UcZa9vSFaYz09X58rQJeCQ==
x-amz-meta-mtime
1680159421
csp_report
booking.rj.com/ 		0
28 B 		Other
General
Check archive.org
Download Go to
Full URL
https://booking.rj.com/csp_report
Requested by
Host: static.geetest.com
URL: https://static.geetest.com/static/js/fullpage.9.1.4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.124.29 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
Content-Type
application/csp-report

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
0
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net; form-action secure.rj.com booking.rj.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
get.php
api.geetest.com/ 		951 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.geetest.com/get.php?gt=f2ae6cadcf7886856696502e1d55e00c&challenge=511f5e74857d458f4691832336e5bb32&lang=de&pt=0&client_type=web&w=kiMk6IQemZFK2e0PCn(7bX6p22xxBcOGReWXn1mut6XWYweq2g)x1HOZygSefzovfi23lzDmydy)M8eEpsqIS(NoqVO2j0TJnbGp12egrcVWstei)S3UBgVIAgVL6Az1SPXnUjk274uRo2ZSFQWwLRuUtLWF)sGUn9)yQq4uSVg0904A639bmNyIx8b78lmD7zGiBN1fGhuPzUVs9ZtKktlTbrX2qU0aA)x)uVx999RvXO16(iUg8KK0YgK4FyI5UDJC24KOGQfbHdl3s690JILIAHdhNQfZQVZhX)xnu6iP4uTbCe(CaMj6mALAWwTtr3)vmZbT(OXvT0zs6qaLVcsBUJkMukxUz)VU8jXjaQhEIvSg02b51bHiTP9v(1tccqLbj4TKk1(pZOTqdqow6FA2jnfksH1zTlc2yE8RI5gQBRO0)H4qdbQfDv(F3WgQcl3A6MMLXwbKoM0mZoH1UhrkGiDKwuUe6guuisdplPAvvdsg8Si9QdxacGPbEyuDLYkqhtKrI7TMGH)YK(2TULljd4KZjuAjUdtvbY9i(8LS2HPdY6HMSrnGxHonvmN2v59F7geJJz2sWqEePgs))lRSee1h3tZNcZeqpfM)9mTuxwr)X7)L3pMuMtLsWTAopl)M1fI4cKJNJtMkmZx5EboMBO7jo0n6m3wPrtH7BPG7vupUJ1m4dFd1MhTY28o(bkq69rwVwXQKneTe8reF51UCL0IXOZgNiY9y3McPYDzIj7awEbrMDFSteRhkyu9)dzARNa0sTVOXuCw6MzUhwVfCmfKunZ9l6rQXpQ6bj2aYKswCF7i7rNI2uhlpR(eCZOHWqZykUI0iauZlgT0jXa)Q2o)qjfi3r4X(AmirgFkGpNSekx)3xO2oDPqEx6NUFrRI54k4)vRgbAAAyaIFWsLkZsWxJqg9iHeimaA(K7kyJf)ru1QOXUnekfdFOvmsrGDSoh8eSvMkO7)laukGZ3L4R(c860KBQ0bhOMK5xUsF)yh)9hoJy2lNH(5yiXa)Drv90NnjWOBLLqAlQCol7KFFg(MExr2lR5g7XWEo(xJi7pfpc3sA7Rs(tI2zGOEYLeh1EygbTRrqzocuWSDz0)ffZuTG1)30EXJdq7rg(b5l)wAnLYyJ3lHu5Dp3koWqfv8qWI6CyStKY9gwd8oWeIHjvQtQUoeU9sH6pW4Ngf9bfaTILRliU(DobbgE7cxD0G28amjb8)JJc35hOXgbv4AJ1BXgblelWEvOE9lCruVkTzYi0WPP0GZpMb7jz7zO9IFUKI2Hbvls1A2BvczOXyatvmvKhZVN3vYUo4WkkLXIJhStQbABWe8DMX(OxOBQm6(2DNIee4ZyymgvW4Cl9tfP6KBPEv9pmLt)f53JNzJgGdkFrHjK1q)jBLyFlNxvlTlBb8tZlg2vDlBelyxsetcomypvBXLZKQukhExHz8cKhcSA4kaZNkPnaxe3KYUu0NurcHIdNsae7LsMibG(6V3)Fc2dVTZij0QPpQZZluW5xbXVxdlPGS0Dgn2LnEGBZxsbiqnvcl(EPfriTaaRfhnviPn6dzJIACb)FY1zElMNDnS00m(bWK0HDtGonDP18Hp6JJGagAMF2F5k9VECvj89MmJXax31uw6hZjIL6UBwSIx52PFMWtoPovDOHqEcmh9jc7xgS29ilmmnQsV0zA..b3c373c0d0f0c44e3ff0b1c0f6e67cc41c2e4bb53cf9efb14aa638674a6a39772b4c17f92e4ae5214d5ec5585ef02e4dcf496a4d5c47b33f842e84700e309cc28f5662d639b48a2b060d591e1e071abfb4fc2bbfc2794d3fa0d1fc33494fef832ba5502ae92ec9e6a8ed549ec852d5d3d4648ffd3b1b11433986ac9c851f7224&callback=geetest_1683467388428
Requested by
Host: static.geetest.com
URL: https://static.geetest.com/static/js/fullpage.9.1.4.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:183:5c00:f906:9223:782f:aa51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
a6dfadb6bf825aff1e05cca4cb82555cb020f5d1a287460cbf60cd163755f239

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 07 May 2023 13:49:45 GMT
server
openresty
etag
"41ac75d75bcc1a58775a0169c16197b7a4c6409c"
content-type
text/javascript;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
content-length
951
expires
0
style_https.1.5.8.css
static.geetest.com/static/wind/ 		40 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.geetest.com/static/wind/style_https.1.5.8.css
Requested by
Host: static.geetest.com
URL: https://static.geetest.com/static/js/fullpage.9.1.4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:6a00:1:fa24:cf00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://booking.rj.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Thu, 04 May 2023 07:47:52 GMT
content-encoding
gzip
via
1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
last-modified
Mon, 07 Mar 2022 03:04:56 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
280914
etag
W/"3fb6aacfd5ae2d3894f2f00b0d5f3236"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/css
x-amz-cf-id
Lw4BnPSO57wejCvrDUbScUISZyUUivKyr8U7WXoJ7FNcAtHVRfbEbw==
x-amz-meta-mtime
1585034197
sprite.1.5.8.png
static.geetest.com/static/wind/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.geetest.com/static/wind/sprite.1.5.8.png
Requested by
Host: static.geetest.com
URL: https://static.geetest.com/static/wind/style_https.1.5.8.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:6a00:1:fa24:cf00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e743066373cce49251230c376f985e34018fabb8f30d8c643a3933c0143dd93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://static.geetest.com/static/wind/style_https.1.5.8.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

date
Thu, 04 May 2023 08:25:25 GMT
via
1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
last-modified
Mon, 07 Mar 2022 03:04:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P2
age
278661
etag
"b83c4eaebfa43a5d1c71d8fa4ccc6539"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
3429
x-amz-cf-id
548XdPV_sh7y42NMgqWYAQkl6Bt19dNCP4Vws827ZALvF8zi8zesoA==
x-amz-meta-mtime
1585034201

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| initGeetest object| xhr function| a1_0x12de object| reese84 function| a1_0x10fb function| reese84interrogator function| initializeProtection function| protectionSubmitCaptcha function| VIPVz string| FAIL undefined| pure function| Geetest

7 Cookies

Domain/Path Name / Value
.fly22.azurewebsites.net/ Name: ARRAffinity
Value: e63e048eebde700c0b95142696902ebc6524b8b2aefcfdbf92186873da7b9852
.fly22.azurewebsites.net/ Name: ARRAffinitySameSite
Value: e63e048eebde700c0b95142696902ebc6524b8b2aefcfdbf92186873da7b9852
.rj.com/ Name: visid_incap_2222289
Value: X298/vIzTOOxRJxCQWFKL3esV2QAAAAAQUIPAAAAAAAR0GnNdQs8zGlxlkQc5p/F
.rj.com/ Name: incap_ses_533_2222289
Value: 6hgpRe6KMRxv916ak5llB3esV2QAAAAAT7ANnHbh0bkpYa8EMHOCGA==
.booking.rj.com/ Name: reese84
Value: 3:NphI/JaPXVkFEI6NFAsscg==:nhjNpLdiCEz/QLrNJqAaZjupY+vjGrt0hivMHyG9IG9kOSPSopL6RnfR4pEMFGYQtORNixXFK0ts5vqewPgnneU177ooy679DE4jyvkQPt+ShipBpZN6TyZEgSgDFZ6M8ivzxsbklXyXDhQYFwXbcvxN+t0hQkau9kpDlQCyAh0bRYo0yG86KDgC/Ra1AixhqXC9WyndgeFYpPqYvmJlcmixTq1xd20RYAnXmgitsTyHZrhtdIe7H2Cu92Bl+p2HRnA2yvp4vUDcz1ujAmeRZYYy5hOHOAbuCl6WS20lkgzyy7kBINaKKn/KJxh/kT4rOQitfrbUExeDhRGyPozGIM4+19YBHGdVeRlakhYwJkhqXGk9A4x7dEF5ShJJQxoqJbxLDjy70F3ge2PRDPZbADuFIL6IwKylX768EwMrS5f85RWltoXO4z1UKuAnSDT+jN4XNnWeQW1szxeuotEBSLthePZSfwToo/OvisqSyysbiibyp1BRyiD8VJTMTQAJ1sHD2ob37fMYRixX0ZNTPOqT4+i6YepetxrmKHFO72l/2DPUq9lnIRJup5bCDgnCJYH8TBXipV7cYYznJBNKsEIGUqPZBVYnyOZkRq9BlSrZoxygr18kE6RKVkrDnNHR2U1EwLk9jV+mMtVV1pOPmgQlookS9ZLPTSdZ46/ca3xCPOzYpfnMtOJ80YEYVGjVPoWKbAsEtGxXEFgx3ck1LDPxXf04MJRNxKvtW4jk/5x4S8whILJx8z0o5HhVWbALe9gBOqxWgB75qkvrmRgARw==:dISqRHUFRYPDswmw2vSIpxTCc4UJi93jK80WNgpHJpU=
booking.rj.com/ Name: incap-resubmit-token
Value: f5npwax6axo=:H5mrAErPTbAsWWfwf4ouJwc41z3IpgAwmOuPk7noZNE=
.rj.com/ Name: nlbi_2222289_2147483392
Value: Md8+MFBGoU5qzBAQO5tCrAAAAADoITvOHLDi0SoHck+mMAuV

3 Console Messages

Source Level URL
Text
security error URL: https://booking.rj.com/plnext/royaljordanianB2CDX/Override.action
Message:
[Report Only] Refused to load the script 'https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://booking.rj.com/_Incapsula_Resource?NWFURVBO=js/gt.js(Line 125)
Message:
[Report Only] Refused to load the script 'https://api.geetest.com/gettype.php?gt=f2ae6cadcf7886856696502e1d55e00c&callback=geetest_1683467389404' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://static.geetest.com/static/js/fullpage.9.1.4.js
Message:
[Report Only] Refused to load the script 'https://api.geetest.com/get.php?gt=f2ae6cadcf7886856696502e1d55e00c&challenge=511f5e74857d458f4691832336e5bb32&lang=de&pt=0&client_type=web&w=kiMk6IQemZFK2e0PCn(7bX6p22xxBcOGReWXn1mut6XWYweq2g)x1HOZygSefzovfi23lzDmydy)M8eEpsqIS(NoqVO2j0TJnbGp12egrcVWstei)S3UBgVIAgVL6Az1SPXnUjk274uRo2ZSFQWwLRuUtLWF)sGUn9)yQq4uSVg0904A639bmNyIx8b78lmD7zGiBN1fGhuPzUVs9ZtKktlTbrX2qU0aA)x)uVx999RvXO16(iUg8KK0YgK4FyI5UDJC24KOGQfbHdl3s690JILIAHdhNQfZQVZhX)xnu6iP4uTbCe(CaMj6mALAWwTtr3)vmZbT(OXvT0zs6qaLVcsBUJkMukxUz)VU8jXjaQhEIvSg0...xe3KYUu0NurcHIdNsae7LsMibG(6V3)Fc2dVTZij0QPpQZZluW5xbXVxdlPGS0Dgn2LnEGBZxsbiqnvcl(EPfriTaaRfhnviPn6dzJIACb)FY1zElMNDnS00m(bWK0HDtGonDP18Hp6JJGagAMF2F5k9VECvj89MmJXax31uw6hZjIL6UBwSIx52PFMWtoPovDOHqEcmh9jc7xgS29ilmmnQsV0zA..b3c373c0d0f0c44e3ff0b1c0f6e67cc41c2e4bb53cf9efb14aa638674a6a39772b4c17f92e4ae5214d5ec5585ef02e4dcf496a4d5c47b33f842e84700e309cc28f5662d639b48a2b060d591e1e071abfb4fc2bbfc2794d3fa0d1fc33494fef832ba5502ae92ec9e6a8ed549ec852d5d3d4648ffd3b1b11433986ac9c851f7224&callback=geetest_1683467388428' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: upgrade-cdn.plusgrade.com *.doubleclick.net www.google-analytics.com static.geetest.com s.yimg.com track.adform.net www.google.com.kw www.google.ca fly.rj.com ssl.google-analytics.com www.googletagmanager.com inv-nets-eu.admixer.net www.google.com.eg www.google.com www.rj.com *.facebook.com sp.analytics.yahoo.com www.google.com.qa www.google.com.sa *.amadeus.com www.google.co.il tag.yieldoptimizer.com www.google.co.uk www.google.iq maxcdn.bootstrapcdn.com www.google.jo *.facebook.net www.google.ae cdn.admixer.net". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.geetest.com
booking.rj.com
emailmg.rj.com
fly22.azurewebsites.net
maxcdn.bootstrapcdn.com
static.geetest.com
104.47.151.115
2600:9000:2250:6a00:1:fa24:cf00:93a1
2606:4700::6812:bcf
2a00:1450:4001:829::200a
2a05:d018:183:5c00:f906:9223:782f:aa51
34.110.180.34
45.60.124.29
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e743066373cce49251230c376f985e34018fabb8f30d8c643a3933c0143dd93
2515b90d7a97500136861efeef947f6f57bff85f3ed3e34b0242f5a72933785d
2881477b24e71efbd710d5a6627d245424a6a9d2b4311bad89801f42b9b8354b
6419abd9b206255eb33aa2e5b9a516969da8c6eba623ca79d08b53d8163f12eb
68b51261e9d99bbc7ec5facdcb6c61c45c9003e7d322182daa171d8eee790d72
6ecfce3a645a63087bdf9976e2b2d213c3f04904b2120c729875e86e6046cc38
83cb0965d13c2091d319579b788985d0646ce62bf93e639f0839478e65ac2944
8ba195fffe0097e44a5dd29c35c092f10039e126cc9c4113330e8bf690c2461e
a6dfadb6bf825aff1e05cca4cb82555cb020f5d1a287460cbf60cd163755f239
add1840190041b98d2c3facdfc43ac873a2e7c759fe62034e5d984172acee5bb
b490f780c58f61211d10f15d594a627a512aee04ca01bcece6e7539a0a37c790
b7710589a0eba321b7ba7b5bd1acf435ec0e0dfa307f8f8f21cb4ce591c40b04
d2c40cf950d02a6e0481f2105909e544b6b8049ccf7c8c68e4f763ff8bcba27f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c