urlscan.io logo urlscan.io
SecurityTrails logo

crypto.winco.biz Open in urlscan Pro
46.54.226.97  Public Scan

Go To Rescan Add Verdict Report
URL: http://crypto.winco.biz/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On June 11 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 46.54.226.97, located in Nova Gorica, Slovenia and belongs to KATENG-ASN, SI. The main domain is crypto.winco.biz.
This is the only time crypto.winco.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    46.54.226.97 (Nova Gorica, Slovenia)

ASN51615 (KATENG-ASN, SI)
PTR: web.winco.biz
crypto.winco.biz
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:223f:9600:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
aff.bstatic.com
5    2600:9000:223f:bc00:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
aff.bstatic.com
cf.bstatic.com
r.bstatic.com
2    2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    108.138.7.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-62.fra56.r.cloudfront.net
www.booking.com
1    2600:9000:223f:6e00:1f:e2ee:200:93a1 (United States)

ASN16509 (AMAZON-02, US)
cf.bstatic.com
Apex Domain
Subdomains		 Transfer
7 bstatic.com
aff.bstatic.com — Cisco Umbrella Rank: 35684
cf.bstatic.com — Cisco Umbrella Rank: 10846
r.bstatic.com — Cisco Umbrella Rank: 63371
57 KB
2 booking.com
www.booking.com — Cisco Umbrella Rank: 6439
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 57
21 KB
2 winco.biz
crypto.winco.biz
8 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 75
48 KB
12 5
Domain Requested by
3 r.bstatic.com cf.bstatic.com
2 cf.bstatic.com www.booking.com
2 www.booking.com 1 redirects aff.bstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 aff.bstatic.com 1 redirects crypto.winco.biz
2 crypto.winco.biz crypto.winco.biz
1 www.googletagmanager.com crypto.winco.biz
12 7

This site contains links to these domains. Also see Links.

Domain
www.booking.com
www.binance.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.booking.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-03 -
2023-07-11		 a year crt.sh
*.bstatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-21 -
2023-10-11		 a year crt.sh

This page contains 2 frames:

Primary Page: http://crypto.winco.biz/
Frame ID: 9057B22C775C78A42A4AE9700F3732EA
Requests: 6 HTTP requests in this frame

Frame: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
Frame ID: B10D4F2C61B8A209A6EB160BB0F4C2FD
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Invest smart

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

12
Requests

75 %
HTTPS

71 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

136 kB
Transfer

252 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125 HTTP 301
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
Request Chain 5
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550& HTTP 301
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crypto.winco.biz/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
46.54.226.97 Nova Gorica, Slovenia, ASN51615 (KATENG-ASN, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) / PHP/7.1.0
Resource Hash
6520f6970b30f6704f339582951eeade10e66710e99be043c2fdf220907780d3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 11 Jun 2023 03:02:05 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.7 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Powered-By
PHP/7.1.0
js
www.googletagmanager.com/gtag/ 		124 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c7f4a83853354e67d1a6d62d35a729f6a39de9bcf2d9ae83ba201dad7635040e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sun, 11 Jun 2023 03:02:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
49250
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 11 Jun 2023 03:02:05 GMT
etoro_logo.PNG
crypto.winco.biz/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://crypto.winco.biz/etoro_logo.PNG
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
HTTP/1.1
Server
46.54.226.97 Nova Gorica, Slovenia, ASN51615 (KATENG-ASN, SI),
Reverse DNS
web.winco.biz
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
ec0ef6cad89424d3ed7009356ad28c4272d4b5dfa7f2000cca29b0e64a93adbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Sun, 11 Jun 2023 03:02:05 GMT
Last-Modified
Wed, 08 May 2019 14:36:33 GMT
Server
Apache/2.4.7 (Ubuntu)
ETag
"1a7d-588614293ed92"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6781
flexiproduct.js
aff.bstatic.com/static/affiliate_base/js/
Redirect Chain
  • http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
  • https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
Requested by
Host: crypto.winco.biz
URL: http://crypto.winco.biz/
Protocol
H2
Server
2600:9000:223f:bc00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6f2c2164df92670e1f44b40c516e974340a0a4834b5a2b2156faf3f1c6fc0e90
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sun, 11 Jun 2023 03:02:06 GMT
content-encoding
br
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 13 Jun 2022 03:41:28 GMT
server
nginx
etag
W/"62a6b1e8-1849"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
ez7Igv5a4AfaRn-_ZMRDuSH2e-tJGPwosyE6Lvmkh0ZREgyDLsp3hA==
expires
Tue, 11 Jul 2023 03:02:06 GMT

Redirect headers

Date
Sun, 11 Jun 2023 03:02:06 GMT
Via
1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA56-P5
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
Connection
keep-alive
Content-Length
167
X-Amz-Cf-Id
AGkZGpnz3n0nJYXflO7zqMVOKNPVH3ItNM2mJh0QfSpOzM_AJULaMg==
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1427188-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://crypto.winco.biz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 11 Jun 2023 02:35:27 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
1598
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Sun, 11 Jun 2023 04:35:27 GMT
collect
www.google-analytics.com/j/ 		1 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1369561086&t=pageview&_s=1&dl=http%3A%2F%2Fcrypto.winco.biz%2F&ul=en-us&de=UTF-8&dt=Invest%20smart&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1065104122&gjid=467610602&cid=1036777362.1686452525&tid=UA-1427188-1&_gid=324413905.1686452525&_r=1&gtm=457e3671&jsscut=1&z=1953738301
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://crypto.winco.biz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 11 Jun 2023 03:02:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://crypto.winco.biz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
flexiproduct.html
www.booking.com/ Frame B10D
Redirect Chain
  • http://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
  • https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
Requested by
Host: aff.bstatic.com
URL: http://aff.bstatic.com/static/affiliate_base/js/flexiproduct.js?v=1686452525125
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-62.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
1c5f9a982fb0c1ce619ed90fdaeea21da1b8caa1f4848e939d64ab6115cd8477
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://crypto.winco.biz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-encoding
br
content-length
1108
content-type
text/html; charset=UTF-8
date
Sun, 11 Jun 2023 03:02:07 GMT
nel
{"max_age":604800,"report_to":"default"}
report-to
{"max_age":604800,"group":"default","endpoints":[{"url":"https://nellie.booking.com/report"}]}
server
nginx
strict-transport-security
max-age=300; includeSubDomains
vary
Accept-Encoding, User-Agent
via
1.1 b4bf06ec43f99543c974d975a6c597da.cloudfront.net (CloudFront)
x-amz-cf-id
eHBHZ_A7n5CE_TMhj4F55E17MaACqVAuzBUl-mw_0FDX0-_waldXFw==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Sun, 11 Jun 2023 03:02:06 GMT
Location
https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
Server
CloudFront
Via
1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront)
X-Amz-Cf-Id
QRY8LD7F3VZ95tGCrO6ImhAC-sJk-qS9KTSp4CSuMGRzulW0jmm58g==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Redirect from cloudfront
3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/ Frame B10D 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:bc00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
258a405249df1898ae210d562b7a73457c378e5686bc45a66f2bf709bac59e3d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.booking.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 25 May 2023 02:48:28 GMT
content-encoding
br
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1469619
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Thu, 04 Aug 2022 14:40:51 GMT
server
nginx
etag
W/"62ebda73-1931"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
OwChwQReC8uvlxe5RmDxMKpwOb4NuhlpJCUbb4q93iBxHvbZMz7ngg==
expires
Sat, 24 Jun 2023 02:48:28 GMT
8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/ Frame B10D 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/728_six/8f8f91594b07c3401aee5de300e3d1acd54221f6.jpg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:bc00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
76f0b5a18dc303c68602fb8f2c374cb22ebdfe2167e3dbbe0d7f534f1bd7f5c0
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 18:10:20 GMT
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
204888
x-cache
Hit from cloudfront
content-length
21876
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-5574"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
js2w85sCcnN9mKavsJpjgIJ4RPBFwuLZIYc9IHsDHGNgOQE5zK19TQ==
expires
Sat, 08 Jul 2023 18:07:21 GMT
0195055111ead85a393fabc53dd83aeb06040b75.svg
r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/ Frame B10D 		8 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/bookingLogos/booking-com-logo-dark-backgrounds-mono/0195055111ead85a393fabc53dd83aeb06040b75.svg
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:bc00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
754da64c4a7344dc24cfd8a781b834e9c2251b8c0bd218c3b582f745e56f44e1
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 03:06:01 GMT
content-encoding
br
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
172568
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 08 Aug 2022 08:50:41 GMT
server
nginx
etag
W/"62f0ce61-2110"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
yUThwNA544XE9DSJiBzOorKxd9d62Xr_wKzfWe4P3gubhR-x8i2FSw==
expires
Sun, 09 Jul 2023 03:06:01 GMT
5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/ Frame B10D 		450 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.bstatic.com/static/affiliate_base/img/banners/branded_set_1/curved_side_104/5fed8c51212b08fc2d6eecc876d4ee88acb855f7.png
Requested by
Host: cf.bstatic.com
URL: https://cf.bstatic.com/static/affiliate_base/css/affiliate_banner_1/3d34c0d4d9217136e6b7f6d398462e408e6d37ea.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:bc00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
630ff3f5e3fb3bc8d9f615285a6a9c7cbe291e4500f5db996293a58a65e0ee5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cf.bstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 03 Jun 2023 17:53:43 GMT
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
1639834
x-cache
Hit from cloudfront
content-length
450
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:47 GMT
server
nginx
etag
"5cadd1cb-1c2"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
0gEgLScRdNIjl9hOaW8ih1zJzfBdgqQaeGQSjccGB0mqb3QdDLV_lw==
expires
Thu, 22 Jun 2023 03:31:35 GMT
beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/ Frame B10D 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cf.bstatic.com/static/fonts/affiliate_banners/opensans-regular-webfont/beb5a35856de848cee8daf0016dd8dec9b1f8e4f.woff
Requested by
Host: www.booking.com
URL: https://www.booking.com/flexiproduct.html?product=banner&w=728&h=90&lang=en&aid=1640063&target_aid=1640063&tmpl=affiliate_banner&fid=1686452526550&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:6e00:1f:e2ee:200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
9f06c5a5a26eed51ed7c0d94bd7bdb822cc503c1e619b463377c44e114e2ca5c
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.booking.com/
Origin
https://www.booking.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 02:37:35 GMT
via
1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P5
age
347072
x-cache
Hit from cloudfront
content-length
24852
x-xss-protection
1; mode=block
last-modified
Wed, 10 Apr 2019 11:21:48 GMT
server
nginx
etag
"5cadd1cc-6114"
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
cbCkOwyDEzhDRcDsAgqgLvvQR3LNTckXnRdPiPg3kbjUvj8Uovc8fg==
expires
Fri, 07 Jul 2023 02:37:35 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| _i_ function| _r_ object| BookingAff

4 Cookies

Domain/Path Name / Value
.winco.biz/ Name: _ga
Value: GA1.2.1036777362.1686452525
.winco.biz/ Name: _gid
Value: GA1.2.324413905.1686452525
.winco.biz/ Name: _gat_gtag_UA_1427188_1
Value: 1
.booking.com/ Name: bkng
Value: 11UmFuZG9tSVYkc2RlIyh9Yaa29%2F3xUOLbwcLxQQ4VaCoCCsythAiCYV6gGFECtv7XKbxm2XqSwuvVjb3msrwTAzKCR%2FhnMejg6MSTIeqJeEMSXaYj%2FnqsaQci62haaryShf3YjNpxRtcAmZJThFHyoJxWQER58UoayaSaQikjISzr5RLsKXQMMMppY3ymtdmA