urlscan.io logo urlscan.io
SecurityTrails logo

www.ilookyou.com Open in urlscan Pro
173.236.180.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://capeitalone360.com/
Effective URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Submission: On July 20 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 14 domains to perform 31 HTTP transactions. The main IP is 173.236.180.201, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.ilookyou.com.
TLS certificate: Issued by R3 on July 20th 2021. Valid for: 3 months.
This is the only time www.ilookyou.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 212.32.237.90 60781 (LEASEWEB-...)
2 54.174.112.67 14618 (AMAZON-AES)
1 1 18.195.30.247 16509 (AMAZON-02)
1 173.236.180.201 26347 (DREAMHOST-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 5.57.16.90 43996 (BOOKING-B...)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 151.101.13.44 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.98 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 37.10.0.220 43996 (BOOKING-B...)
1 2a00:1450:400... 15169 (GOOGLE)
10 2600:9000:218... 16509 (AMAZON-02)
31 15
2    212.32.237.90 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
capeitalone360.com
2    54.174.112.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-112-67.compute-1.amazonaws.com
antig-hra.com
1    18.195.30.247 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-30-247.eu-central-1.compute.amazonaws.com
cersday-conionard.com
1    173.236.180.201 (United States)

ASN26347 (DREAMHOST-AS, US)
PTR: apache2-goo.christopher.dreamhost.com
www.ilookyou.com
1    2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    5.57.16.90 (Amsterdam, Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
PTR: bstatic.com
aff.bstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.taboola.com
1    2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
www.googleadservices.com
2    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    37.10.0.220 (Netherlands)

ASN43996 (BOOKING-BV Booking.com, NL)
www.booking.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
10    2600:9000:2182:7c00:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Domain Requested by
10 cf.bstatic.com www.booking.com
cf.bstatic.com
3 bat.bing.com www.ilookyou.com
bat.bing.com
2 www.booking.com aff.bstatic.com
cf.bstatic.com
2 www.google.de www.ilookyou.com
2 www.google.com www.ilookyou.com
2 www.google-analytics.com www.ilookyou.com
www.google-analytics.com
2 antig-hra.com capeitalone360.com
antig-hra.com
2 capeitalone360.com 1 redirects
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.taboola.com www.ilookyou.com
1 aff.bstatic.com www.ilookyou.com
1 www.googletagmanager.com www.ilookyou.com
1 www.ilookyou.com antig-hra.com
1 cersday-conionard.com 1 redirects
31 16

This site contains no links.

Subject Issuer Validity Valid
www.ilookyou.com
R3		 2021-07-20 -
2021-10-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.bstatic.com
DigiCert ECC Secure Server CA		 2019-12-13 -
2021-12-17		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-04-12 -
2021-10-12		 6 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.google.de
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.booking.com
DigiCert ECC Secure Server CA		 2020-10-14 -
2021-10-18		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Frame ID: 1B4C903776978C2B3EF0FAD193140A69
Requests: 19 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Frame ID: 2A2D8CDEF5A998E7E3E5842502E8D4DD
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://capeitalone360.com/ Page URL
  2. http://capeitalone360.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYyNjg... HTTP 302
    http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef4... Page URL
  3. http://antig-hra.com/zcredirect?visitid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&type=js&browserWidth... Page URL
  4. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%... HTTP 302
    https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569i... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

31
Requests

90 %
HTTPS

50 %
IPv6

14
Domains

16
Subdomains

15
IPs

4
Countries

224 kB
Transfer

580 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capeitalone360.com/ Page URL
  2. http://capeitalone360.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYyNjgyNDk2NywiaWF0IjoxNjI2ODE3NzY3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycTlwczh2YnI2MGk2cWprMzQwNG42MGEiLCJuYmYiOjE2MjY4MTc3NjcsInRzIjoxNjI2ODE3NzY3NTI4NzM1fQ.kfSYdrwspyRiO3C2Po-8QS9uOAsHl0HcxSSnIwZw1Qs&sid=5af8bbd4-e9a4-11eb-837c-6bc46dce65e1 HTTP 302
    http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97 Page URL
  3. http://antig-hra.com/zcredirect?visitid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
  4. https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&caid=fe385f5b-84ae-43d0-bde7-c51ba3be1529&zpid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&cid=wsbda72iuop21569ijbcul8a&rt=R HTTP 302
    https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://capeitalone360.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYyNjgyNDk2NywiaWF0IjoxNjI2ODE3NzY3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycTlwczh2YnI2MGk2cWprMzQwNG42MGEiLCJuYmYiOjE2MjY4MTc3NjcsInRzIjoxNjI2ODE3NzY3NTI4NzM1fQ.kfSYdrwspyRiO3C2Po-8QS9uOAsHl0HcxSSnIwZw1Qs&sid=5af8bbd4-e9a4-11eb-837c-6bc46dce65e1 HTTP 302
  • http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
capeitalone360.com/ 		474 B
836 B 		Document
General
Check archive.org
Download Go to
Full URL
http://capeitalone360.com/
Protocol
HTTP/1.1
Server
212.32.237.90 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
5c9ca291bc6db464b1a9d803facd39ffe5fe1e84411a4e1b33e36f4214fdc332

Request headers

Host
capeitalone360.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
474
content-type
text/html; charset=utf-8
date
Tue, 20 Jul 2021 21:49:26 GMT
server
nginx
set-cookie
sid=5af8bbd4-e9a4-11eb-837c-6bc46dce65e1; path=/; domain=.capeitalone360.com; expires=Mon, 08 Aug 2089 01:03:34 GMT; max-age=2147483647; HttpOnly
72092e88-2c53-401c-b988-51ef43ce1034
antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/
Redirect Chain
  • http://capeitalone360.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYyNjgyNDk2NywiaWF0IjoxNjI2ODE3NzY3LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycTlwczh2YnI2MGk2cWprMzQwNG...
  • http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
996 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Requested by
Host: capeitalone360.com
URL: http://capeitalone360.com/
Protocol
HTTP/1.1
Server
54.174.112.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-112-67.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
5b49422a5e82f614f3a6b1e5fd51821d983a9347aecd3a2915710955c5b87a6c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
antig-hra.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://capeitalone360.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://capeitalone360.com/

Response headers

Date
Tue, 20 Jul 2021 21:49:28 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server
ZeroPark-Traffic

Redirect headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
11
date
Tue, 20 Jul 2021 21:49:28 GMT
location
http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
server
nginx
set-cookie
sid=5af8bbd4-e9a4-11eb-837c-6bc46dce65e1; path=/; domain=.capeitalone360.com; expires=Mon, 08 Aug 2089 01:03:35 GMT; max-age=2147483647; HttpOnly
zcredirect
antig-hra.com/ 		768 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://antig-hra.com/zcredirect?visitid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Requested by
Host: antig-hra.com
URL: http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Protocol
HTTP/1.1
Server
54.174.112.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-174-112-67.compute-1.amazonaws.com
Software
ZeroPark-Traffic /
Resource Hash
2b38fde7116f6af0ce8b883c63ff46f3dee48fc5b2117d7b8e369de97c8d88e8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host
antig-hra.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://antig-hra.com/zcvisitor/5b167983-e9a4-11eb-977a-0a8f0c5748a1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=faebd7d0-e51b-11eb-b60d-0a918cbcbb97

Response headers

Date
Tue, 20 Jul 2021 21:49:29 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected
JS
Server
ZeroPark-Traffic
Primary Request reservation.php
www.ilookyou.com/
Redirect Chain
  • https://cersday-conionard.com/zp-redirect?target=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&caid=fe385f5b-84ae-43...
  • https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Requested by
Host: antig-hra.com
URL: http://antig-hra.com/zcredirect?visitid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.236.180.201 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-goo.christopher.dreamhost.com
Software
Apache /
Resource Hash
2eb31d5a0b745f086f15716c771bfa2563aa2085b03c25b4c7d1af907159c052

Request headers

:method
GET
:authority
www.ilookyou.com
:scheme
https
:path
/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://antig-hra.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://antig-hra.com/zcredirect?visitid=5b167983-e9a4-11eb-977a-0a8f0c5748a1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

date
Tue, 20 Jul 2021 21:49:29 GMT
server
Apache
cache-control
max-age=600
expires
Tue, 20 Jul 2021 21:59:29 GMT
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
2039
content-type
text/html; charset=UTF-8

Redirect headers

Server
nginx
Date
Tue, 20 Jul 2021 21:49:29 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Pragma
no-cache
Set-Cookie
fe385f5b-84ae-43d0-bde7-c51ba3be1529-v4=fe385f5b-84ae-43d0-bde7-c51ba3be1529; Max-Age=86400; Expires=Wed, 21-Jul-2021 21:49:29 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None cc-v4=JwwGib0MJ5pjv%2B9Kx3oJ8TH6fLghUH1487eS34b7JomyCrRglvwgDoIkqWgKKcgvp5s0z9EDMA5%2BkeF2Q%2F3sppUa4Da9qwYWRAZTFRFsG7kGZWI38WJSGOgw5pIu2San%2BtNPZKpnk75bLuSEeg2SXQ%3D%3D; Max-Age=31536000; Expires=Wed, 20-Jul-2022 21:49:29 GMT; Domain=cersday-conionard.com; Path=/; Secure; HttpOnly;SameSite=None
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-982840540
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dac9e3e9d9408e657669c843b2c185099ad12c88834ff52bf63c08cdd4944033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 21:49:29 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37979
x-xss-protection
0
last-modified
Tue, 20 Jul 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 20 Jul 2021 21:49:29 GMT
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1626817769606
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
5.57.16.90 Amsterdam, Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
bstatic.com
Software
nginx /
Resource Hash
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 21:49:29 GMT
content-encoding
br
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-186e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
transfer-encoding
chunked
timing-allow-origin
*
nel
{"report_to":"default","max_age":600}
x-xss-protection
1; mode=block
expires
Thu, 19 Aug 2021 21:49:29 GMT
bat.js
bat.bing.com/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 21:49:29 GMT
content-encoding
gzip
last-modified
Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref
Ref A: 0B5360ED5D3341539BBAA85C040DE904 Ref B: FRAEDGE1320 Ref C: 2021-07-20T21:49:29Z
etag
"0d2a696ff53d71:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
9008
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
6131
date
Tue, 20 Jul 2021 20:07:18 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Tue, 20 Jul 2021 22:07:18 GMT
tfa.js
cdn.taboola.com/libtrc/unip/1315827/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1315827/tfa.js
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f2d874377bb949830cde3a1fd6d706d76117046cae3735d7219dd8decec5820b

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
6GPKJHtIotwup7cA1KrnDiK0w0wYAYeA
content-encoding
gzip
etag
"d59ab22fc26508b9374510b99d111587"
age
0
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
24695
x-amz-id-2
dEa2PUHfjpPl/xAQjs8FEipOqpcaGrleTrOD39XTRgnMkpQC+QQTwqpFfqqlCzNumHdQpm0Jkkk=
x-served-by
cache-fra19176-FRA
last-modified
Wed, 14 Jul 2021 09:33:53 GMT
server
AmazonS3
x-timer
S1626817770.664400,VS0,VE193
date
Tue, 20 Jul 2021 21:49:29 GMT
vary
Accept-Encoding
x-amz-request-id
0C3TTNPM0697BC2F
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
70
x-cache-hits
1
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1959249495&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&dr=http%3A%2F%2Fantig-hra.com%2F&ul=en-us&de=UTF-8&dt=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1254432378&gjid=760372262&cid=1492828271.1626817770&tid=UA-1048482-15&_gid=131352339.1626817770&_r=1&_slc=1&z=459775102
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-1048482-15&cid=1492828271.1626817770&jid=1254432378&gjid=760372262&_gid=131352339.1626817770&_u=IEBAAEAAAAAAAC~&z=460038138
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 20 Jul 2021 21:49:29 GMT
content-type
text/plain
access-control-allow-origin
https://www.ilookyou.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
5280866.js
bat.bing.com/p/action/ 		0
127 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5280866.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ARR/3.0
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 20 Jul 2021 21:49:29 GMT
cache-control
private,max-age=86400
x-msedge-ref
Ref A: 73B29B03CE154AAA9166897794F5EF2F Ref B: FRAEDGE1320 Ref C: 2021-07-20T21:49:29Z
x-powered-by
ARR/3.0
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5280866&Ver=2&mid=4ef86700-ad10-4b65-ba92-97312df8fe7a&sid=5c417460e9a411ebb0e8b171016b4847&vid=5c419bd0e9a411ebb4bafb7a3f5b44c3&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&kw=Travel,%20Hotel,%20Hotels&p=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&r=http%3A%2F%2Fantig-hra.com%2F&lt=517&evt=pageLoad&msclkid=N&sv=1&rn=995742
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 88CCDD63284542DEBABADFA325098DF1 Ref B: FRAEDGE1320 Ref C: 2021-07-20T21:49:29Z
x-cache
CONFIG_NOCACHE
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-982840540
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 21:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13910
x-xss-protection
0
server
cafe
etag
8154934153164151798
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 20 Jul 2021 21:49:29 GMT
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-1048482-15&cid=1492828271.1626817770&jid=1254432378&_u=IEBAAEAAAAAAAC~&z=945180444
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-1048482-15&cid=1492828271.1626817770&jid=1254432378&_u=IEBAAEAAAAAAAC~&z=945180444
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
flexiproduct.html
www.booking.com/ Frame 2A2D 		88 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Requested by
Host: aff.bstatic.com
URL: https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1626817769606
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
4a57d50ddaba83de11bd90289223fa354859598bde2175df139d874ab95e030e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.booking.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.ilookyou.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.ilookyou.com/

Response headers

server
nginx
date
Tue, 20 Jul 2021 21:49:29 GMT
content-type
text/html; charset=UTF-8
content-length
34946
cache-control
private
vary
User-Agent, Accept-Encoding
content-encoding
br
nel
{"max_age":604800,"report_to":"default"}
report-to
{"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":604800}
set-cookie
_pxhd=tOeBvdWL5VJvMS2hOKQCTZovPPIvrrXqHsUrjxn8mJkXmbIOEqgKCXG9fcMXMObzUQUze22h7ZLRfAzuBHaudw%3D%3D%3A4myV-C-Nxkvlp8jXThenKaWD%2Fl5J2GEYQDDuUV8JHrLWeokcHGVNgmzyQKQI9vlwXn98LM3fUmNN0tQXg4sP-iJ4nXY%2FjZDAL6n8UQzhHxE%3D; path=/; expires=Wed, 20-Jul-2022 21:49:29 GMT bkng=11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbiKbS0JOgDBIaAZY3evhFn0ppmlXlbs0%2BSbQTjzXmxCwBgbZ2snWJjZ8o7Gcv6Ror5Htmc25O5diTOB6y1ixlYxBeueWnp9CKf6qAslimB01ifT5NfQYITVY97Wtl6VWjty1In971Anb%2FaxvMiYmy8RxGW6rageu%2BB8VZ%2BKrZiW8%3D; domain=.booking.com; path=/; expires=Sun, 19-Jul-2026 21:49:29 GMT; Secure; HTTPOnly; SameSite=None
strict-transport-security
max-age=604800
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/982840540/?random=1626817769746&cv=9&fst=1626817769746&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&ref=http%3A%2F%2Fantig-hra.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
68b851b5df165d7c033a7e3ec5e4060955cf8033aaa5dee9204b372e2ad09804
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1130
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/982840540/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/982840540/?random=1626817769746&cv=9&fst=1626814800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&ref=http%3A%2F%2Fantig-hra.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=1555476481&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/982840540/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/982840540/?random=1626817769746&cv=9&fst=1626814800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7j0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.ilookyou.com%2Freservation.php%3Fa%26s%3D35c4e592-0dad-4d8e-8291-9ef40bc25110%26u%3Dwsbda72iuop21569ijbcul8a&ref=http%3A%2F%2Fantig-hra.com%2F&tiba=iLookYou%20-%20Find%20Best%20Hotels%20%7C%20Hotel%20Offers&async=1&fmt=3&is_vtc=1&random=1555476481&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.ilookyou.com
URL: https://www.ilookyou.com/reservation.php?a&s=35c4e592-0dad-4d8e-8291-9ef40bc25110&u=wsbda72iuop21569ijbcul8a
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ilookyou.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 20 Jul 2021 21:49:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
82b674edb949dddf78e02d76e8593771bf2e85d5.css
cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/ Frame 2A2D 		1 KB
1013 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 20:50:03 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
349167
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-51a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
am_Abg1ygdcA3dadVzuQcVcFNqTfPMqgDUfmHSFKf2JVQI4ZQfx8AA==
expires
Sun, 15 Aug 2021 20:50:03 GMT
f6d29e089da85314827d24b5e412d273b710cf84.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/ Frame 2A2D 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_base_cloudfront_sd/f6d29e089da85314827d24b5e412d273b710cf84.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 14 Jul 2021 17:58:57 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
532233
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 05 Jun 2020 10:23:33 GMT
server
nginx
etag
W/"5eda1d25-2ae3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
qDXjh4kXAKkIAHWMfloTAvS0ZCSOw96FBmIbC8LbcaTIB4zFVy67jg==
expires
Fri, 13 Aug 2021 17:58:57 GMT
0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/ Frame 2A2D 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_common_elems_cloudfront_sd/0579e1e4d20e28f92adaba484f8f11a42e2b5e68.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Jul 2021 14:57:58 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
802292
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
W/"5cadd1af-32e1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
XE-JePIM6oodXAjv5SvTumET6Xmib9904wv2vbxSPBvAU3oBYLmnEA==
expires
Tue, 10 Aug 2021 14:57:58 GMT
3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/ Frame 2A2D 		952 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/flexi_product_nsb/3eb8e6d9f9a04e3583a9e8d949a559d3fad5c8c4.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Jul 2021 09:36:15 GMT
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
1167195
x-cache
Hit from cloudfront
content-length
952
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:19 GMT
server
nginx
etag
"5cadd1af-3b8"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
kcs6wE9AhVb1XG_m3u-Wf56E9wUUzjjU3am6CKhSluDdDsOfCHIMmw==
expires
Fri, 06 Aug 2021 09:36:15 GMT
ebc3273565b5e682ccaf01872d2e046749306442.png
cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ Frame 2A2D 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/booking_logo_blue/ebc3273565b5e682ccaf01872d2e046749306442.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Jul 2021 20:07:15 GMT
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
697335
x-cache
Hit from cloudfront
content-length
2904
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-b58"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
qAbM7SbFVXPhWR5XzsAGbqnXf9plii-vAOmta4kKNmXjYtQlsoZoyg==
expires
Wed, 11 Aug 2021 20:07:15 GMT
0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/ Frame 2A2D 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cf.bstatic.com/static/img/affiliate_base/flexi/usp_icon_dark_blue/0ca8372024cd7370c4aed6aa1d8dd3d5feb83935.png
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Jul 2021 19:45:39 GMT
via
1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
698631
x-cache
Hit from cloudfront
content-length
1230
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:50 GMT
server
nginx
etag
"5cadd1ce-4ce"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
r_y1srcUy0LYS5b6RelGiWI4MyVys6lWpGnioHcRt947fJ-hXTtTGg==
expires
Wed, 11 Aug 2021 19:45:39 GMT
2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/ Frame 2A2D 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 21:35:46 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
951223
via
1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-1ecfc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
zoh4Qi6Pjh5VsGpwnW8NIH3x6m_Hgw8lyle80i-QaRouNAxWMGRxng==
expires
Sun, 08 Aug 2021 21:35:46 GMT
eb78197b2eee9a032c319d91a6e1c581e295f284.js
cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/ Frame 2A2D 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_components_cloudfront_sd/eb78197b2eee9a032c319d91a6e1c581e295f284.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 22:20:21 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
343749
via
1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-84eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
ERdxzjQ-S1EF3KQK-hs9j4GzHRLXY0uWIIb3fbF4spGBSxe3cR1e7A==
expires
Sun, 15 Aug 2021 22:20:21 GMT
a620a252f1d0110ab972e81348133431e8486098.js
cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/ Frame 2A2D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/js/flexi_nsb_cloudfront_sd/a620a252f1d0110ab972e81348133431e8486098.js
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 21:09:08 GMT
content-encoding
br
nel
{"report_to":"default","max_age":600}
age
434422
via
1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Tue, 04 Feb 2020 10:19:54 GMT
server
nginx
etag
W/"5e39454a-903"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
timing-allow-origin
*
x-amz-cf-id
562uQSAJbKvEzuYZxDPVO3Z7llcLwn6iP7lowyHQM0Zb816qh4SFFw==
expires
Sat, 14 Aug 2021 21:09:08 GMT
750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
cf.bstatic.com/static/fonts/flexi/flexi/ Frame 2A2D 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/flexi/flexi/750fa5bec9bde5e6e09115b5970b8106f73a5646.woff
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7c00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.booking.com
Referer
https://cf.bstatic.com/static/affiliate_base/css/flexifonts_cloudfront_sd/82b674edb949dddf78e02d76e8593771bf2e85d5.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 13 Jul 2021 22:27:24 GMT
via
1.1 129372028f60828d8c084fb619a69bc0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
age
602526
x-cache
Hit from cloudfront
content-length
7772
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:49 GMT
server
nginx
etag
"5cadd1cd-1e5c"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
r1sFnnuQOx5tT639qLi2-mdoelEyjjIeKy215RJiAw67BtXyZWMZbQ==
expires
Thu, 12 Aug 2021 22:27:24 GMT
fp_view
www.booking.com/affiliate/ Frame 2A2D 		12 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/affiliate/fp_view?aid=2005016&target_aid=2005016&product_type=nsb
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/js/flexiproduct_core_cloudfront_sd/2e1059de66c6a928c4ea7e843b9ffbd51cc3e15d.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.10.0.220 , Netherlands, ASN43996 (BOOKING-BV Booking.com, NL),
Reverse DNS
Software
nginx /
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://www.booking.com/flexiproduct.html?product=nsb&w=345&h=400&lang=xu&aid=2005016&target_aid=2005016&fid=1626817769703&
X-Requested-With
XMLHttpRequest
X-Booking-CSRF
KX33YAAAAAA=QXojMP8IPJvablyycQXCfyNUWmm4iE2H4GEUBuyz7Wz6IqDSoir4Ly_wWBuTKFAbUDFDeDuoLsMH8qJ6XwNTwiSFqciNB3UhXJRzVzcWXJWscWpbw3dWFK56NpzFf3qlePZDRFtvDildUmiFHmSH-2zWTPkVxB8pKyoE8zseSl9gWaFF4FckVDUBAuo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 20 Jul 2021 21:49:30 GMT
x-content-options
nosniff
server
nginx
content-security-policy-report-only
report-uri https://reports.booking.com/csp_violation?type=report&tag=112&pid=248099758b32001a&e=UmFuZG9tSVYkc2RlIyh9YV52yMgL4uFPlMiAwY3njEmnSPa7dYfl2BmSBhq4aRcacDElkj_XYvY&f=2&s=0; frame-ancestors 'none';
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
strict-transport-security
max-age=604800
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| uetq string| GoogleAnalyticsObject function| ga object| _tfa object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| UET function| UET_init function| UET_push object| google_tag_manager function| _i_ function| _r_ object| BookingAff function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError

7 Cookies

Domain/Path Name / Value
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbiKbS0JOgDBIaAZY3evhFn0ppmlXlbs0%2BSbQTjzXmxCwBgbZ2snWJjZ8o7Gcv6Ror5Htmc25O5diTOB6y1ixlYxBeueWnp9CKf6qAslimB01ifT5NfQYITVY97Wtl6VWjty1In971Anb%2FaxvMiYmy8RxGW6rageu%2BB8VZ%2BKrZiW8%3D
.ilookyou.com/ Name: _gcl_au
Value: 1.1.1655688208.1626817770
.ilookyou.com/ Name: _gid
Value: GA1.2.131352339.1626817770
.ilookyou.com/ Name: _uetvid
Value: 5c419bd0e9a411ebb4bafb7a3f5b44c3
.ilookyou.com/ Name: _gat
Value: 1
.ilookyou.com/ Name: _uetsid
Value: 5c417460e9a411ebb0e8b171016b4847
.ilookyou.com/ Name: _ga
Value: GA1.2.1492828271.1626817770

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aff.bstatic.com
antig-hra.com
bat.bing.com
capeitalone360.com
cdn.taboola.com
cersday-conionard.com
cf.bstatic.com
googleads.g.doubleclick.net
stats.g.doubleclick.net
www.booking.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.ilookyou.com
142.250.186.98
151.101.13.44
173.236.180.201
18.195.30.247
212.32.237.90
2600:9000:2182:7c00:1f:e2ee:200:93a1
2620:1ec:c11::200
2a00:1450:4001:810::2003
2a00:1450:4001:828::2004
2a00:1450:4001:828::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82b::2008
2a00:1450:400c:c04::9b
37.10.0.220
5.57.16.90
54.174.112.67
0b01b0858503cb5946f0c5c1b7c59a3be705eab43b2c6ce1526a7a7509ac63b9
0fe3b9faabb14dd0bf83ae0848aa86f1520857f00c96913cc1217bd04909da12
2b38fde7116f6af0ce8b883c63ff46f3dee48fc5b2117d7b8e369de97c8d88e8
2eb31d5a0b745f086f15716c771bfa2563aa2085b03c25b4c7d1af907159c052
4a57d50ddaba83de11bd90289223fa354859598bde2175df139d874ab95e030e
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5b49422a5e82f614f3a6b1e5fd51821d983a9347aecd3a2915710955c5b87a6c
5c9ca291bc6db464b1a9d803facd39ffe5fe1e84411a4e1b33e36f4214fdc332
5e511da3a4fb796a0757d341558c86fb123752f39c370f6dc1eef9bc4885bd31
601642ecd5e7a89187e12278ef792ecfe176c4553f7dc792557177a4048488e2
68b851b5df165d7c033a7e3ec5e4060955cf8033aaa5dee9204b372e2ad09804
69f81eea02cf09defcdb0c916f7ca869498f0d7045318c8ebfe469d2872cbbfa
727b71610239254fbeb9000a4774cf87b96bdd0c7eab1b781d67aa916ab6426e
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
8069956acb4c566506ff71f7a23c8e23f75ce9443384fe3393ed5c846924026e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9afc14c1ac2584619b29bf2232f3ddd9da032d3acdf769e48ff7736f55a16e4e
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b40bd50a4795ccd4a8b88ff70fb14074d2f0bf599e072e98ccd302cfeb436b8a
c553ef7271334af93285181e0b891ecc964712f12d02af54ecee9c58354c71e6
dac9e3e9d9408e657669c843b2c185099ad12c88834ff52bf63c08cdd4944033
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c37aa402d060ff9a8c441cd6918a1859cb6358eee091d9b7a7a6b12447e74b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2d874377bb949830cde3a1fd6d706d76117046cae3735d7219dd8decec5820b
fd0370177238527421278d27eb652e22a25d20784438f81f114b09f5a349e06d