urlscan.io logo urlscan.io
SecurityTrails logo

www.ilookyou.com Open in urlscan Pro
173.236.180.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ww2.9capitalone.com/
Effective URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Submission: On July 16 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 14 domains to perform 30 HTTP transactions. The main IP is 173.236.180.201, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.ilookyou.com.
TLS certificate: Issued by R3 on May 26th 2021. Valid for: 3 months.
This is the only time www.ilookyou.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 78.41.204.30 62370 (SNEL)
2 54.174.112.67 14618 (AMAZON-AES)
1 1 18.195.30.247 16509 (AMAZON-02)
1 173.236.180.201 26347 (DREAMHOST-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 5.57.17.90 43996 (BOOKING-B...)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.13.44 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.185.130 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 37.10.0.220 43996 (BOOKING-B...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 2600:9000:219... 16509 (AMAZON-02)
30 16
1    78.41.204.30 (Netherlands)

ASN62370 (SNEL, NL)
PTR: server368.snel.com
ww2.9capitalone.com
2    54.174.112.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-112-67.compute-1.amazonaws.com
gloos-ves.com
1    18.195.30.247 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-30-247.eu-central-1.compute.amazonaws.com
cersday-conionard.com
1    173.236.180.201 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-goo.christopher.dreamhost.com
www.ilookyou.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    5.57.17.90 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: bstatic.com
aff.bstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.taboola.com
1    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    37.10.0.220 (Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
www.booking.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
10    2600:9000:2190:600:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Domain Requested by
10 cf.bstatic.com www.booking.com
cf.bstatic.com
3 bat.bing.com www.ilookyou.com
bat.bing.com
2 www.booking.com aff.bstatic.com
cf.bstatic.com
2 www.google.de www.ilookyou.com
2 www.google.com www.ilookyou.com
2 www.google-analytics.com www.ilookyou.com
www.google-analytics.com
2 gloos-ves.com gloos-ves.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googleadservices.com www.googletagmanager.com
1 cdn.taboola.com www.ilookyou.com
1 aff.bstatic.com www.ilookyou.com
1 www.googletagmanager.com www.ilookyou.com
1 www.ilookyou.com gloos-ves.com
1 cersday-conionard.com 1 redirects
1 ww2.9capitalone.com 1 redirects
30 16

This site contains no links.

Subject Issuer Validity Valid
www.ilookyou.com
R3		 2021-05-26 -
2021-08-24		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.bstatic.com
DigiCert ECC Secure Server CA		 2019-12-13 -
2021-12-17		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-04-12 -
2021-10-12		 6 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
www.google.de
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.booking.com
DigiCert ECC Secure Server CA		 2020-10-14 -
2021-10-18		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Frame ID: 1E8956D3CA10497A097DA586D1A3595F
Requests: 18 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Frame ID: 9495ABB6C7C1FC9F1D90AFDEBD097367
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ww2.9capitalone.com/ HTTP 302
    http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef4... Page URL
  2. http://gloos-ves.com/zcredirect?visitid=42acd8a5-e678-11eb-9d0e-126e1f366983&type=js&browserWidth... Page URL
  3. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%... HTTP 302
    https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt4392... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

30
Requests

93 %
HTTPS

56 %
IPv6

14
Domains

16
Subdomains

16
IPs

4
Countries

224 kB
Transfer

580 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ww2.9capitalone.com/ HTTP 302
    http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97 Page URL
  2. http://gloos-ves.com/zcredirect?visitid=42acd8a5-e678-11eb-9d0e-126e1f366983&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
  3. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&caid=fe385f5b-84ae-43d0-bde7-c51ba3be1529&zpid=42acd8a5-e678-11eb-9d0e-126e1f366983&cid=wfu6p3mg2gcbt43924c17k9u&rt=R HTTP 302
    https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ww2.9capitalone.com/ HTTP 302
  • http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
72092e88-2c53-401c-b988-51ef43ce1034
gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/
Redirect Chain
  • http://ww2.9capitalone.com/
  • http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
996 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Protocol
HTTP/1.1
Server
54.174.112.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-112-67.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
cf0b498fa2317a1d9c1066f21fbefc1518722f863f66c4fac12fd34d04bb0503
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
gloos-ves.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 16 Jul 2021 20:56:16 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server
ZeroPark-Traffic

Redirect headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
11
date
Fri, 16 Jul 2021 20:56:15 GMT
location
http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
server
nginx
set-cookie
sid=4296828a-e678-11eb-885a-8b219b9f1490; path=/; domain=.9capitalone.com; expires=Thu, 04 Aug 2089 00:10:22 GMT; max-age=2147483647; HttpOnly
zcredirect
gloos-ves.com/ 		768 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://gloos-ves.com/zcredirect?visitid=42acd8a5-e678-11eb-9d0e-126e1f366983&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Requested by
Host: gloos-ves.com
URL: http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Protocol
HTTP/1.1
Server
54.174.112.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-112-67.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
41c5194e2788d40cb96bfb99a9dddc2a79aa10caca502841cdaa3e1e0e6c9187
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
gloos-ves.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://gloos-ves.com/zcvisitor/42acd8a5-e678-11eb-9d0e-126e1f366983/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97

Response headers

Date
Fri, 16 Jul 2021 20:56:16 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected
JS
Server
ZeroPark-Traffic
Primary Request reservation.php
www.ilookyou.com/
Redirect Chain
  • https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&caid=fe385f5b-84ae-43...
  • https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Requested by
Host: gloos-ves.com
URL: http://gloos-ves.com/zcredirect?visitid=42acd8a5-e678-11eb-9d0e-126e1f366983&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.236.180.201 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-goo.christopher.dreamhost.com
Software
Apache /
Resource Hash
2eb31d5a0b745f086f15716c771bfa2563aa2085b03c25b4c7d1af907159c052

Request headers

:method
GET
:authority
www.ilookyou.com
:scheme
https
:path
/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://gloos-ves.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://gloos-ves.com/zcredirect?visitid=42acd8a5-e678-11eb-9d0e-126e1f366983&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

date
Fri, 16 Jul 2021 20:56:16 GMT
server
Apache
cache-control
max-age=600
expires
Fri, 16 Jul 2021 21:06:16 GMT
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
2039
content-type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Fri, 16 Jul 2021 20:56:16 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Pragma
no-cache
Set-Cookie
fe385f5b-84ae-43d0-bde7-c51ba3be1529-v4=fe385f5b-84ae-43d0-bde7-c51ba3be1529; Max-Age=86400; Expires=Sat, 17-Jul-2021 20:56:16 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=ZSsp35unSiOc5YU5JId76WAg4ERMPtTeSdWvxN4DzH4giT0EhewIXXXzsT0ZzJML90FQEqD9h2ekHnckVAo3G%2BKXLcSYWQxi7HPVtzrZvf12poRWBVSNKTk%2FMTQ5RMjTbg4bOX4CQu1n7YDISEiL7Q%3D%3D; Max-Age=31536000; Expires=Sat, 16-Jul-2022 20:56:16 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982840540
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3487a061bba2c7f8009469c6722dade8fbf007d3bc5b6052350301c08bcdc0d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:56:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37961
x-xss-protection
0
last-modified
Fri, 16 Jul 2021 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 16 Jul 2021 20:56:16 GMT
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1626468976773
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.17.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
bstatic.com
Software
nginx /
Resource Hash
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:56:16 GMT
content-encoding
br
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-186e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
transfer-encoding
chunked
timing-allow-origin
*
nel
{"report_to":"default","max_age":600}
x-xss-protection
1; mode=block
expires
Sun, 15 Aug 2021 20:56:16 GMT
bat.js
bat.bing.com/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:56:16 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref
Ref A: 01D5593AE6664DC6A13657A31551EB85 Ref B: FRAEDGE1416 Ref C: 2021-07-16T20:56:16Z
etag
"0d2a696ff53d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9008
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
317
date
Fri, 16 Jul 2021 20:50:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Fri, 16 Jul 2021 22:50:59 GMT
tfa.js
cdn.taboola.com/libtrc/unip/1315827/ 		74 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1315827/tfa.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f2d874377bb949830cde3a1fd6d706d76117046cae3735d7219dd8decec5820b

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
6GPKJHtIotwup7cA1KrnDiK0w0wYAYeA
content-encoding
gzip
etag
"d59ab22fc26508b9374510b99d111587"
age
0
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
24695
x-amz-id-2
dEa2PUHfjpPl/xAQjs8FEipOqpcaGrleTrOD39XTRgnMkpQC+QQTwqpFfqqlCzNumHdQpm0Jkkk=
x-served-by
cache-fra19120-FRA
last-modified
Wed, 14 Jul 2021 09:33:53 GMT
server
AmazonS3
x-timer
S1626468977.796787,VS0,VE137
date
Fri, 16 Jul 2021 20:56:16 GMT
vary
Accept-Encoding
x-amz-request-id
0C3TTNPM0697BC2F
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
92
x-cache-hits
1
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=2085740386&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&dr=http%3A%2F%2Fgloos-ves.com%2F&ul=en-us&de=UTF-8&dt=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1823455431&gjid=1490967184&cid=922874700.1626468977&tid=UA-1048482-15&_gid=2047797785.1626468977&_r=1&_slc=1&z=817398077
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982840540
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
255b564f51555254a3a189315254611bac81e318ed25f6b577f2deed8c49ce9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13897
x-xss-protection
0
server
cafe
etag
1785974167624152338
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 16 Jul 2021 20:56:16 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-1048482-15&cid=922874700.1626468977&jid=1823455431&gjid=1490967184&_gid=2047797785.1626468977&_u=IEBAAEAAAAAAAC~&z=2027891352
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 16 Jul 2021 20:56:16 GMT
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
5280866.js
bat.bing.com/p/action/ 		0
128 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5280866.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 16 Jul 2021 20:56:16 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: B659EE6628B54A05AC6BD57FEB474953 Ref B: FRAEDGE1416 Ref C: 2021-07-16T20:56:16Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
150 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5280866&Ver=2&mid=44577f08-a953-47bf-8ae2-291d7047127b&sid=43879170e67811eb8fe7b522b4a8c2ed&vid=4387a140e67811eba6fecb567340234a&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&kw=Travel,%20Hotel,%20Hotels&p=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&r=http%3A%2F%2Fgloos-ves.com%2F&lt=576&evt=pageLoad&msclkid=N&sv=1&rn=58651
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: BE11BCB0A39D44E697974CDA932C1BCF Ref B: FRAEDGE1416 Ref C: 2021-07-16T20:56:16Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
254 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-1048482-15&cid=922874700.1626468977&jid=1823455431&_u=IEBAAEAAAAAAAC~&z=696485651
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-1048482-15&cid=922874700.1626468977&jid=1823455431&_u=IEBAAEAAAAAAAC~&z=696485651
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
flexiproduct.html
www.booking.com/ Frame 9495 		88 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Requested by
Host: aff.bstatic.com
URL: https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1626468976773
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
bf145d1b8015042b1121530cbbff3435cdc78f8bfc7221cddea66d984237da3a
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.booking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.ilookyou.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.ilookyou.com/

Response headers

server
nginx
date
Fri, 16 Jul 2021 20:56:17 GMT
content-type
text/html; charset=UTF-8
content-length
34858
cache-control
private
vary
User-Agent, Accept-Encoding
content-encoding
br
nel
{"report_to":"default","max_age":604800}
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":604800,"group":"default"}
set-cookie
_pxhd=2SXBmLc8-miP98GBzfMLY5HYW7fGtJfCcjl6hJSm1PwpwJgr%2F7tzZism6dQC%2FQZGSk49Co6aOvm8R0BIj33kvA%3D%3D%3AFyIIOkVsniEUQnq%2FFnFRLEghE5pzkvBHvajsi%2FggGPjhiml3fdsOfZfvR9lWlh-rW%2F2F-%2FD7uVaNk2mMzOCspD3OPeieOUIAqBvbXratGNA%3D; path=/; expires=Sat, 16-Jul-2022 20:56:17 GMT bkng=11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbKE7bjkbYWznlSlRZNNCt3q4OHyqM2N1Qcd88t%2BxvJH9CK30Sls6ezoFgFflvxqBCnG2cDBUMitJShLuPIvFDFK4Y5XEjk4Tj1ytyXHQ6j0Ov9GNRvn2wloBvk2BeiNELfRo3HteUCSpGLwsDDJbSXkerd%2BPvjQgrYKAuqsu0Bx8%3D; domain=.booking.com; path=/; expires=Wed, 15-Jul-2026 20:56:17 GMT; Secure; HTTPOnly; SameSite=None
strict-transport-security
max-age=604800
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/?random=1626468976949&cv=9&fst=1626468976949&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7e0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&ref=http%3A%2F%2Fgloos-ves.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f999a3e0562967fcab2a303fbe278d08321da7008ee467026e0c4fe11697f06f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1130
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/982840540/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982840540/?random=1626468976949&cv=9&fst=1626465600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&ref=http%3A%2F%2Fgloos-ves.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=2423611466&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982840540/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982840540/?random=1626468976949&cv=9&fst=1626465600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwfu6p3mg2gcbt43924c17k9u&ref=http%3A%2F%2Fgloos-ves.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=2423611466&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wfu6p3mg2gcbt43924c17k9u
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Jul 2021 20:56:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
82b674edb949dddf78e02d76e8593771bf2e85d5.css
cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/ Frame 9495 		1 KB
1012 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 15:58:54 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
17845
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-51a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
zTql00J-BT4WTpbqLV6mAvf6AA6dmwUvBtf7usmZsO_xaz1tuthCHQ==
expires
Sun, 15 Aug 2021 15:58:52 GMT
f6d29e089da85314827d24b5e412d273b710cf84.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/ Frame 9495 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/f6d29e089da85314827d24b5e412d273b710cf84.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 17:58:57 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
183440
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-2ae3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
cIE3Dp5NR9tQ4g8kXWWc3733L2I7izeOGNurxwTa1bAgNkiBRc1qlg==
expires
Fri, 13 Aug 2021 17:58:57 GMT
0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/ Frame 9495 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 14:57:58 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
453499
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
W/"5cadd1af-32e1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
zHj8LowdydohPk9jef88C14tTSfCEEH6h8iUYhN-pMfd_Il0UCN-jA==
expires
Tue, 10 Aug 2021 14:57:58 GMT
3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/ Frame 9495 		952 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Jul 2021 09:36:15 GMT
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
818402
x-cache
Hit from cloudfront
content-length
952
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
"5cadd1af-3b8"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
G50H-NB_KFK8g-cTvEylj4-B7XPPm9-60YAnLvvvD31AA3WSDtgrtg==
expires
Fri, 06 Aug 2021 09:36:15 GMT
ebc3273565b5e682ccaf01872d2e046749306442.png
cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ Frame 9495 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ebc3273565b5e682ccaf01872d2e046749306442.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Jul 2021 20:07:15 GMT
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
348542
x-cache
Hit from cloudfront
content-length
2904
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-b58"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
wjh21eG-oxzcvgGXauHVxqDAiiiKW3cZ5RwkrD2VOvLJtOlMv2JC2w==
expires
Wed, 11 Aug 2021 20:07:15 GMT
0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/ Frame 9495 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Jul 2021 00:32:26 GMT
via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
419031
x-cache
Hit from cloudfront
content-length
1230
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-4ce"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
cAi1AZP4d0nPMeKNm1Tz0TQH0PH6hJC5hOC1doE83QrozOQhZUKovw==
expires
Wed, 11 Aug 2021 00:32:26 GMT
2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/ Frame 9495 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 21:35:46 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
602430
via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-1ecfc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
ESfIvxz7TIndyecwb2lcoJHJ20M-clDA3vCMKeeunob0Fr5CYlTWZg==
expires
Sun, 08 Aug 2021 21:35:46 GMT
eb78197b2eee9a032c319d91a6e1c581e295f284.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/ Frame 9495 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/eb78197b2eee9a032c319d91a6e1c581e295f284.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 13:35:56 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
26431
via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-84eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
kw_zqT-6swqyxwyFduD8GVQMR32cx-C8YvxlnuSEqzAhLs4pYzffew==
expires
Sun, 15 Aug 2021 13:35:46 GMT
a620a252f1d0110ab972e81348133431e8486098.js
cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/ Frame 9495 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/a620a252f1d0110ab972e81348133431e8486098.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 21:09:08 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
85629
via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-903"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
timing-allow-origin
*
x-amz-cf-id
84lWPVu8JVJanzvRofCeMCUWPPp5zXQoS2VERpHYJ-CX9GLhPEHw3w==
expires
Sat, 14 Aug 2021 21:09:08 GMT
750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
cf.bstatic.com/static/fonts/flexi/flexi/ Frame 9495 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/flexi/flexi/750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:600:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 13 Jul 2021 22:27:24 GMT
via
1.1 a70d280cd058ea89c08954ea0ad67199.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
253733
x-cache
Hit from cloudfront
content-length
7772
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:49 GMT
server
nginx
etag
"5cadd1cd-1e5c"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
Q85LLpVulc8i8z4ri9qcE2IikmkHOBoL1V-3Jkdd9B5JQCtCb4NuGg==
expires
Thu, 12 Aug 2021 22:27:24 GMT
fp_view
www.booking.com/affiliate/ Frame 9495 		12 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/affiliate/fp_view?aid=2005016&target_aid=2005016&product_type=nsb
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626468976859&
X-Requested-With
XMLHttpRequest
X-Booking-CSRF
sSryYAAAAAA=Xe7TpZhZoPc_giP2RhnkwqPJss7LZuDDt3rgmzzU97rKAV5Onm4zw1ZLl8twBTx4q5kTPJlY7dcXdOPlds-DdH03AyXm8h4xTEUC9ZDiIHfLmNcLrgABfvLZ70U5TqQ1ozRCnftWualZIUqWmoHT42qqphjhR9p_YeF6Ws5-UNMnVCLomZsGn1Wi9qh2HoQ0Xb8mcmUhTkePCeZe
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:56:17 GMT
x-content-options
nosniff
server
nginx
content-security-policy-report-only
report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=ebe293388193003a&e=UmFuZG9tSVYkc2RlIyh9YV52yMgL4uFPlMiAwY3njEmFT8QF--nbpkU6lfofCGWcKAoPq0P_s0M&f=2&s=0; frame-ancestors 'none';
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
strict-transport-security
max-age=604800
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| uetq string| GoogleAnalyticsObject function| ga object| _tfa object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| UET function| UET_init function| UET_push function| _i_ function| _r_ object| BookingAff function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError

7 Cookies

Domain/Path Name / Value
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbKE7bjkbYWznlSlRZNNCt3q4OHyqM2N1Qcd88t%2BxvJH9CK30Sls6ezoFgFflvxqBCnG2cDBUMitJShLuPIvFDFK4Y5XEjk4Tj1ytyXHQ6j0Ov9GNRvn2wloBvk2BeiNELfRo3HteUCSpGLwsDDJbSXkerd%2BPvjQgrYKAuqsu0Bx8%3D
.ilookyou.com/ Name: _gat
Value: 1
.ilookyou.com/ Name: _uetsid
Value: 43879170e67811eb8fe7b522b4a8c2ed
.ilookyou.com/ Name: _gcl_au
Value: 1.1.1756919229.1626468977
.ilookyou.com/ Name: _uetvid
Value: 4387a140e67811eba6fecb567340234a
.ilookyou.com/ Name: _gid
Value: GA1.2.2047797785.1626468977
.ilookyou.com/ Name: _ga
Value: GA1.2.922874700.1626468977

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aff.bstatic.com
bat.bing.com
cdn.taboola.com
cersday-conionard.com
cf.bstatic.com
gloos-ves.com
googleads.g.doubleclick.net
stats.g.doubleclick.net
ww2.9capitalone.com
www.booking.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.ilookyou.com
142.250.185.130
151.101.13.44
173.236.180.201
18.195.30.247
2600:9000:2190:600:1f:e2ee:200:93a1
2620:1ec:c11::200
2a00:1450:4001:808::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:829::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2004
2a00:1450:400c:c04::9b
37.10.0.220
5.57.17.90
54.174.112.67
78.41.204.30
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
255b564f51555254a3a189315254611bac81e318ed25f6b577f2deed8c49ce9b
2eb31d5a0b745f086f15716c771bfa2563aa2085b03c25b4c7d1af907159c052
3487a061bba2c7f8009469c6722dade8fbf007d3bc5b6052350301c08bcdc0d1
41c5194e2788d40cb96bfb99a9dddc2a79aa10caca502841cdaa3e1e0e6c9187
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
bf145d1b8015042b1121530cbbff3435cdc78f8bfc7221cddea66d984237da3a
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
cf0b498fa2317a1d9c1066f21fbefc1518722f863f66c4fac12fd34d04bb0503
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2d874377bb949830cde3a1fd6d706d76117046cae3735d7219dd8decec5820b
f999a3e0562967fcab2a303fbe278d08321da7008ee467026e0c4fe11697f06f
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d