Overview

URLlocalmovement.com/mtm/direct/.eJxtikEKAjEMRe-S5VgmLnXEs0go0RaatmaiFAbvbnQp7t7_723w0AwLIAQgva2OTspXVlYfyawviKVFKtKeLFxtjk08Sm21SyVhz_55ipG7uTQehsmkBOq95EiWW8XxeXbj95Vyup_38zFMOH3pAK83-ko4BQ:1p1m9A:82HKoBAwffeJph8FvE8ncp2tBI8/2
IP 45.33.30.197 (United States)
ASN#63949 Linode, LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 10:23:19 UTC
StatusLoading report..
IDS alerts0
Blocklist alert3
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 localmovement.com/mtm/direct/.eJxtikEKAjEMRe-S5VgmLnXEs0go0RaatmaiFAbvbnQp7 (...) Phishing
2022-12-04 2 d38psrni17bvxu.cloudfront.net/scripts/js3.js Malware
2022-12-04 2 www1.localmovement.com/ls.php Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 45.33.30.197
Date UQ / IDS / BL URL IP
2023-02-03 02:19:20 +0000 0 - 0 - 2 www.ltftraining.org/ 45.33.30.197
2023-02-02 08:08:42 +0000 0 - 0 - 2 coloseum.com/ 45.33.30.197
2023-02-01 17:31:38 +0000 0 - 0 - 1 www.mp3searched.net/mp3/michael-jackson.html 45.33.30.197
2023-01-31 10:31:34 +0000 0 - 0 - 1 spain-page.com/ 45.33.30.197
2023-01-31 10:29:03 +0000 0 - 0 - 2 icsecurity.co/ 45.33.30.197


Last 5 reports on ASN: Linode, LLC
Date UQ / IDS / BL URL IP
2023-02-03 20:32:54 +0000 0 - 0 - 1 www.travelbelize.org/activities/snorkeling/ 170.187.150.220
2023-02-03 20:32:52 +0000 0 - 0 - 1 www.travelbelize.org/attraction/travellers-he (...) 170.187.150.220
2023-02-03 18:55:23 +0000 0 - 0 - 2 collegerreadyplan.com/ 198.58.118.167
2023-02-03 18:26:17 +0000 0 - 2 - 1 absipdate.us-east-1.linodeobjects.com/absupda (...) 45.79.137.127
2023-02-03 18:18:30 +0000 0 - 4 - 0 lp.ivrika.ru/kurs-glagoli-ivrita-4_0/ 172.105.82.254


Last 5 reports on domain: localmovement.com
Date UQ / IDS / BL URL IP
2023-01-08 10:16:57 +0000 0 - 2 - 6 www1.localmovement.com/?tm=1&subid4=167317299 (...) 13.248.148.254
2022-12-04 10:23:19 +0000 0 - 0 - 3 localmovement.com/mtm/direct/.eJxtikEKAjEMRe- (...) 45.33.30.197
2022-12-04 10:23:15 +0000 0 - 0 - 4 localmovement.com/ 45.33.18.44
2022-12-03 10:27:51 +0000 0 - 0 - 2 www1.localmovement.com/?tm=1&subid4=167006324 (...) 76.223.26.96
2022-12-02 10:19:48 +0000 0 - 0 - 1 www1.localmovement.com/?tm=1&subid4=166997636 (...) 13.248.148.254


Last 1 reports with similar screenshot
Date UQ / IDS / BL URL IP
2022-12-02 04:48:18 +0000 0 - 0 - 2 www1.proxysecurity.com/?tm=1&subid4=166995647 (...) 13.248.148.254

JavaScript

Executed Scripts (92)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (247)


Request Response
                                        
                                            GET /mtm/direct/.eJxtikEKAjEMRe-S5VgmLnXEs0go0RaatmaiFAbvbnQp7t7_723w0AwLIAQgva2OTspXVlYfyawviKVFKtKeLFxtjk08Sm21SyVhz_55ipG7uTQehsmkBOq95EiWW8XxeXbj95Vyup_38zFMOH3pAK83-ko4BQ:1p1m9A:82HKoBAwffeJph8FvE8ncp2tBI8/2 HTTP/1.1 
Host: localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         173.255.194.134
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
                                        
server: openresty/1.13.6.1
date: Sun, 04 Dec 2022 10:23:07 GMT
content-length: 0
location: http://www1.localmovement.com/?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0
x-mtm-path: 4
x-mtm-prov: 300:0.00;308:19.01
x-mtm-rd: 0.15
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJsb2NhbG1vdmVtZW50LmNvbSIsImh0dHA6Ly93d3cxLmxvY2FsbW92ZW1lbnQuY29tLz90bT0xJnN1YmlkND0xNjcwMTQ5Mzg3LjAxNjE4MjAwMDAmS1cxPUJlc3QlMjBNb3J0Z2FnZSUyMFJlZmluYW5jaW5nJTIwUmF0ZXMmS1cyPUIyQiUyMFRyYXZlbCUyMEJvb2tpbmclMjBTeXN0ZW0mS1czPUxvd2VzdCUyMENhciUyMEluc3VyYW5jZSUyMFJhdGVzJktXND1HZXQlMjBBbiUyME9ubGluZSUyMERlZ3JlZSZLVzU9RGVkaWNhdGVkJTIwR2FtaW5nJTIwU2VydmVycyZLVzY9QmVzdCUyME1vcnRnYWdlJTIwUmVmaW5hbmNpbmclMjBSYXRlcyZLVzc9TG93ZXN0JTIwQ2FyJTIwSW5zdXJhbmNlJTIwUmF0ZXMmS1c4PU9ubGluZSUyMENhcmVlciUyMENvdW5zZWxpbmclMjBQcm9ncmFtcyZLVzk9QjJCJTIwVHJhdmVsJTIwQm9va2luZyUyMFN5c3RlbSZzZWFyY2hib3g9MCZiYWNrZmlsbD0wIiwxLCIyMDIyLTEyLTA0IDEwOjIzOjA3IiwxLCIxNjcwMTQ5Mzg3LjAxNjE4MjAwMDAiLDMwOCxudWxsLG51bGxd:1p1m9L:QhDwUlKAPdA0LU_6rw57QJnwoyQ; expires=Sun, 04-Dec-2022 11:23:07 GMT; Max-Age=3600; Path=/
connection: close


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16303
Expires: Sun, 04 Dec 2022 14:54:50 GMT
Date: Sun, 04 Dec 2022 10:23:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8724
Expires: Sun, 04 Dec 2022 12:48:31 GMT
Date: Sun, 04 Dec 2022 10:23:07 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4270
Cache-Control: max-age=91155
Date: Sun, 04 Dec 2022 10:23:07 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:42:22 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: 1e4L7YqqH46WU/iOXTga9kDqYFbOnWcAPY4/qNQ2eThLdI4x2CCa7WsquyZze9CJ02Xc95eJKbU=
x-amz-request-id: 65MAV623VYWBGGPG
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 09:47:30 GMT
age: 2137
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 10:18:24 GMT
cache-control: public,max-age=3600
age: 283
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 10:23:07 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 10:08:58 GMT
cache-control: public,max-age=3600
age: 850
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0 HTTP/1.1 
Host: www1.localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2230)
Size:   2485
Md5:    72e1e083775c813165045850f8c33e70
Sha1:   89be3036723bd8555289d490069b5daab4d180e5
Sha256: 3ba2bb564cda8f4dc099fcb7199784bf0d6b850404c07611cce515ca30790b7a
                                        
                                            GET /scripts/js3.js HTTP/1.1 
Host: d38psrni17bvxu.cloudfront.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/

search
                                         54.230.245.130
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Content-Length: 1134
Connection: keep-alive
Server: nginx
Date: Sun, 04 Dec 2022 04:54:34 GMT
Last-Modified: Tue, 17 Aug 2021 09:17:22 GMT
Accept-Ranges: bytes
ETag: "611b7ea2-46e"
X-Cache: Hit from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GEbptFfqdPOhjN9csVHfibvoaZIIH9gXxL9veHhKpH7ZXoJVEV3IkQ==
Age: 19714


--- Additional Info ---
Magic:  ASCII text, with very long lines (506)
Size:   1134
Md5:    64b79b43df8fbf2c5d082964b9116a68
Sha1:   dc3c763519baf0f4c32bb60bfc429651a491ea01
Sha256: c57e9feec209e3ea5eb1d75a1ba6fa277242a3df250055be8446052b51e58637

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4258
Cache-Control: max-age=86081
Date: Sun, 04 Dec 2022 10:23:08 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:17:49 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2dgAeBp5LOVu5A/dkpva7Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.136.7
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: q9pAhX3jpr5Qs5qImqQgPTZGJY8=

                                        
                                            GET /track.php?domain=localmovement.com&toggle=browserjs&uid=MTY3MDE0OTM4Ny43ODk0OmFkMjlkMzI1NjA1N2JmNzhmMTc0YTU2YjM4MzM4N2IwMzk5OWQ0ODRiOWY1ZWQ1ZTc4YmMzNjcxZjEzMDg4YTc6NjM4Yzc1MGJjMGI3MA%3D%3D HTTP/1.1 
Host: www1.localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            POST /ls.php HTTP/1.1 
Host: www1.localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2182
Origin: http://www1.localmovement.com
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0

search
                                         13.248.148.254
HTTP/1.1 201 Created
Content-Type: text/javascript;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 638c750dd52ff3487b11f6be
Charset: utf-8
Access-Control-Allow-Origin: http://www1.localmovement.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_LWokUOmxlNF9r/e1Sl5IjKkD0nWkjIrtC0TaEbJuYolsK9mA/fT/o7X3oobB7dnioFvZpuYP1jiCWSDvuYaMDQ==


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www1.localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes

                                        
                                            GET /track.php?click=8bc5311fea51f5d88ad90580a49f43a22d8f5165&domain=localmovement.com&uid=MTY3MDE0OTM4Ny43ODk0OmFkMjlkMzI1NjA1N2JmNzhmMTc0YTU2YjM4MzM4N2IwMzk5OWQ0ODRiOWY1ZWQ1ZTc4YmMzNjcxZjEzMDg4YTc6NjM4Yzc1MGJjMGI3MA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2MzhjNzUwYmMwYjU0fHx8MTY3MDE0OTM4OC4xNzg1fDIwZDM3N2YyZjVjMDBkYjJlNzQyZDhmYTVlZjkwMDdiNzU1MTg3NjV8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxiMTdlYjM5MDM4YmM5ODNkNjQ0Zjc2MTFmYTc4YzhlZGU1ODVmN2Y5fDB8ZHAtdGVhbWludGVybmV0MTJfM3BofDB8MA%3D%3D&kw=&search=&pcat=&rxid=&bucket=&clientID=&adtest=off HTTP/1.1 
Host: www1.localmovement.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/?tm=1&subid4=1670149387.0161820000&KW1=Best%20Mortgage%20Refinancing%20Rates&KW2=B2B%20Travel%20Booking%20System&KW3=Lowest%20Car%20Insurance%20Rates&KW4=Get%20An%20Online%20Degree&KW5=Dedicated%20Gaming%20Servers&KW6=Best%20Mortgage%20Refinancing%20Rates&KW7=Lowest%20Car%20Insurance%20Rates&KW8=Online%20Career%20Counseling%20Programs&KW9=B2B%20Travel%20Booking%20System&searchbox=0&backfill=0

search
                                         13.248.148.254
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip

                                        
                                            GET /zcvisitor/a568b7b6-73bd-11ed-8214-0a30a7b1bbe3/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=69448440-0fb4-11eb-bafe-0afaf647e889 HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.localmovement.com/
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: BvvRxpog


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1100
Md5:    4eba6faadfcebdf0f9a036756f01a80a
Sha1:   de8b0f83658cfa502b6f46f260eb7d542581e46c
Sha256: dbd3219e2fda213a970f8c477700cd11addc6db23e8f7c11bca66f432d44256a
                                        
                                            GET /zcredirect?visitid=a568b7b6-73bd-11ed-8214-0a30a7b1bbe3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/a568b7b6-73bd-11ed-8214-0a30a7b1bbe3/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=69448440-0fb4-11eb-bafe-0afaf647e889
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 10:23:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: CoVvFqYH


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   670
Md5:    3c98cad142a2a9de293d03931a5bdb5e
Sha1:   fdd70f163779af7f820b669124f714eb5b9e78dd
Sha256: 816daa68bd6bfe49a833485c580106a9303181ecb7aa785bf722ea85594a9c39
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3431
Cache-Control: max-age=143606
Date: Sun, 04 Dec 2022 10:23:09 GMT
Etag: "638bf59c-1d7"
Expires: Tue, 06 Dec 2022 02:16:35 GMT
Last-Modified: Sun, 04 Dec 2022 01:19:24 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2589
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:23:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2589
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:23:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4214
Cache-Control: max-age=130328
Date: Sun, 04 Dec 2022 10:23:09 GMT
Etag: "638bbeaf-1d7"
Expires: Mon, 05 Dec 2022 22:35:17 GMT
Last-Modified: Sat, 03 Dec 2022 21:25:03 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2589
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:23:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2589
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 10:23:09 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 16069
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 45207
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 45548
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4666
Md5:    c01fe1cccdb3b672bbade6d98217ffe9
Sha1:   a9a529dc9894827f6243a1bf57f81caa4fe88fc2
Sha256: c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6901
x-amzn-requestid: 5dd4545b-c48a-4fa2-8aa5-c7d0a5efeafe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsByFqCoAMF4CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc071-6b96e54876cde366748564d6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sOtbi4sBuEPzvS_l6X_w5S5BeHb1DROkFmpNDTlvo57kUVeYN6ra3A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 45630
etag: "e800712e4f8d9589670d8ee3a744ac0aedf7b6e3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6901
Md5:    89e5fc40e9e626a035abde2964ba0959
Sha1:   e800712e4f8d9589670d8ee3a744ac0aedf7b6e3
Sha256: 64a41309871b71682370e2b2f3735ac70039802fff4e1e46013f5aa1f15b4084
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 45363
etag: "8637105f41058bc0d2b259d462b560881928adb6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10431
Md5:    2636f91bb8fa4d9bb7bef114c248a9ae
Sha1:   8637105f41058bc0d2b259d462b560881928adb6
Sha256: 3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 45188
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8989
Md5:    a6e7b32ac999cf3c899a234c621fa91a
Sha1:   fc5d4f3163ebb9faf85968cbb1d194e8e68418be
Sha256: f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=a568b7b6-73bd-11ed-8214-0a30a7b1bbe3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

search
                                         3.212.50.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Sun, 04 Dec 2022 10:23:10 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: jFeIVydX


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            GET /2zkHJsK?utm_content=uniform-wis-1ldplw8ze8&utm_keyword=best+mortgage+refinancing+rates%2Cb2b+travel+booking+system%2Clowest+car+insurance+rates%2Cget+an+online+degree%2Cdedicated+gaming+servers%2Conline+career+counseling+programs HTTP/1.1 
Host: bit.ly
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         67.199.248.10
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 133
cache-control: private, max-age=90
location: https://www.booking.com/index.html?aid=1858279
set-cookie: _bit=mb4ana-68d3812f1fcd891b4b-00F; Domain=bit.ly; Expires=Fri, 02 Jun 2023 10:23:10 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   133
Md5:    fac4f22819054b3bcc5318fbd82717e5
Sha1:   007e7754ba5b50b781cbcd63fc47142b2d7fba58
Sha256: 0a833b8649fca4d9cdc9d9ba7683ec8971f2a6538a64d5b658946331a7d4e931
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3432
Cache-Control: max-age=143606
Date: Sun, 04 Dec 2022 10:23:10 GMT
Etag: "638bf59c-1d7"
Expires: Tue, 06 Dec 2022 02:16:36 GMT
Last-Modified: Sun, 04 Dec 2022 01:19:24 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4215
Cache-Control: max-age=130328
Date: Sun, 04 Dec 2022 10:23:10 GMT
Etag: "638bbeaf-1d7"
Expires: Mon, 05 Dec 2022 22:35:18 GMT
Last-Modified: Sat, 03 Dec 2022 21:25:03 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4093
Cache-Control: max-age=162268
Date: Sun, 04 Dec 2022 10:23:10 GMT
Etag: "638c3bed-117"
Expires: Tue, 06 Dec 2022 07:27:38 GMT
Last-Modified: Sun, 04 Dec 2022 06:19:25 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/OtAutoBlock.js HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 6671
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: ehYqM4XsLy++C+H91Vr94w==
last-modified: Tue, 15 Nov 2022 08:52:50 GMT
etag: 0x8DAC6E6C6719C76
x-ms-request-id: e8023ecf-a01e-001f-7acf-f803f6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5372
expires: Mon, 05 Dec 2022 10:23:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33b39deb4ff-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (37276)
Size:   6671
Md5:    7a162a3385ec2f2fbe0be1fdd55afde3
Sha1:   5a37630a30526266cdaa387a32f50f20bae5ffd3
Sha256: f6143442002776683e3fe10ee2b1aa2fa3d3fba2e491ea7eb1044591adb8c515
                                        
                                            GET /static/js/crossorigin_check_cft/2454015045ef79168d452ff4e7f30bdadff0aa81.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 95
server: nginx
date: Sat, 03 Dec 2022 07:39:41 GMT
last-modified: Wed, 10 Apr 2019 11:21:38 GMT
expires: Mon, 02 Jan 2023 07:39:41 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: "5cadd1c2-5f"
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: c__JiUtv8-BaA4VnCa76MDQYauKLoEspeApvf5MZpnb0CulLBMdUUQ==
age: 96209
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   95
Md5:    335be8900580e9c3875dba57334294ae
Sha1:   a86597d2ddfa410df13bceca86fdf9a2291fe798
Sha256: 8a882fd19a15567e53a5c3c08d22cdab714fa87734ed92d854c4e8fdf3940b1f
                                        
                                            GET /scripttemplates/otSDKStub.js HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 7151
content-encoding: gzip
content-md5: bKkFjZE43AfZo3jm8gqLew==
last-modified: Thu, 01 Dec 2022 17:06:29 GMT
etag: 0x8DAD3BE63D96CCA
x-ms-request-id: 62e7f211-c01e-010b-1be2-0586c7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 30815
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33bfa9fb4ff-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21747)
Size:   7151
Md5:    6ca9058d9138dc07d9a378e6f20a8b7b
Sha1:   ff5f65ad24a8e2b3042cbb0136be7edb52215c1a
Sha256: 1561d36bd995a09ea69c243767e196dd2e76a2753b59b78ecbf999161904f86d
                                        
                                            GET /consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/3ea94870-d4b1-483a-b1d2-faf1d982bb31.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 1970
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: Ss97bz20U1kP1bvvaZSaZA==
last-modified: Tue, 15 Nov 2022 08:52:49 GMT
etag: 0x8DAC6E6C63E85AD
x-ms-request-id: 2535b6f6-b01e-0000-52cf-f8d8e6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5376
expires: Mon, 05 Dec 2022 10:23:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33c2ac9b4ff-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6106), with no line terminators
Size:   1970
Md5:    4acf7b6f3db453590fd5bbef69949a64
Sha1:   6a8b9148768a6af49e7a183b47f42a5b33569aa9
Sha256: 1e57187427b702038984f5c48618b51ff94617bd43cc7d340bd7411b5334aa03
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3859
Cache-Control: max-age=96146
Date: Sun, 04 Dec 2022 10:23:10 GMT
Etag: "638b3a8d-116"
Expires: Mon, 05 Dec 2022 13:05:36 GMT
Last-Modified: Sat, 03 Dec 2022 12:01:17 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 278

                                        
                                            GET /cookieconsentpub/v1/geo/location HTTP/1.1 
Host: geolocation.onetrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.18.26.85
HTTP/2 200 OK
content-type: application/json
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7743d33c8e960b02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (65383)
Size:   76018
Md5:    6f7776ece73f2f9cb9a7eba09bee007f
Sha1:   304bd2cd78d2de2979fff9e0990414692337872e
Sha256: 0a54b06a33e899b82f81910bdffa921b09305aab450209d1abcce0541bf35a61
                                        
                                            GET /consent/3ea94870-d4b1-483a-b1d2-faf1d982bb31/e1b8f75b-db25-46d6-8a45-749ed6c3e64c/en-us.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 18041
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: u8ol+OCvxlwjXV5wG98I2Q==
last-modified: Tue, 15 Nov 2022 08:53:09 GMT
etag: 0x8DAC6E6D1C3CDC4
x-ms-request-id: afe69279-601e-008a-73cf-f862c5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5230
expires: Mon, 05 Dec 2022 10:23:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33d6c05b4ff-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (65508), with no line terminators
Size:   18041
Md5:    bbca25f8e0afc65c235d5e701bdf08d9
Sha1:   b8a6c7c2a0081ae9dc7f50d3e6e29994fa1b3bf4
Sha256: e8a079b3f468ad274075e4ede5b2e541bcad8e1389c0d2c0170af9a431bbed44
                                        
                                            GET /scripttemplates/6.22.0/assets/otFlat.json HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: application/json
                                        
date: Sun, 04 Dec 2022 10:23:10 GMT
content-length: 2950
content-encoding: gzip
content-md5: eS/vZlhjCBp2QvELx7IrSQ==
last-modified: Thu, 19 Aug 2021 02:39:10 GMT
etag: 0x8D962BA867F281F
x-ms-request-id: 1ab7d2f4-a01e-003d-026c-c46dc0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 30039
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33d9c5db4ff-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (10843)
Size:   2950
Md5:    792fef665863081a7642f10bc7b22b49
Sha1:   f30de5899ad8675a26c5a1688c543e7044bce0ab
Sha256: af415b02ce1afa491d86bd1fafa2416302d69906ded37715ca425b6778cd7d9c
                                        
                                            GET /psb/capla/static/css/513.75e7f786.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 714
server: nginx
date: Wed, 23 Nov 2022 10:28:03 GMT
etag: "9646d566d863bf8858bb120001e00df9"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 10:15:47 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 10:15:47 GMT", rule-id=""
expires: Fri, 23 Dec 2022 10:28:03 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: DxZvzph2WvIDnEtMZWWf93ZfrGGWOHgE97s5IBqDRQEeW0EeiS47hw==
age: 950108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (600)
Size:   714
Md5:    9646d566d863bf8858bb120001e00df9
Sha1:   2cf81c65fc9e9003213dbd7c67be287419983765
Sha256: 27f6fa9431e1b155845f98ee098a95dab2d94f280259983ca4cb7611ba3f2251
                                        
                                            GET /psb/capla/static/css/736.efc019bd.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 851
server: nginx
date: Thu, 17 Nov 2022 11:20:43 GMT
etag: "8c5c3443c3df14446e77dee5cad05769"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Thu, 17 Nov 2022 11:13:07 GMT
x-amz-expiration: expiry-date="Fri, 17 Mar 2023 11:13:07 GMT", rule-id=""
expires: Sat, 17 Dec 2022 11:20:43 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: cWIg3tlwagDWBBtVuXq80s2oF7yLwakavELjbAkwpZGqYNjnEeeZvg==
age: 1465348
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (737)
Size:   851
Md5:    8c5c3443c3df14446e77dee5cad05769
Sha1:   0effbb1c48b73b93121ffa4d63bdf1af2a0bb8c4
Sha256: daaafa4e355363ce4a9b42257a10160d18d17a22f38f159990e289fe07ace87d
                                        
                                            GET /psb/capla/static/css/541.60bd0f47.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 349
server: nginx
date: Sat, 12 Nov 2022 08:35:03 GMT
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Tue, 01 Nov 2022 10:18:55 GMT
x-amz-expiration: expiry-date="Wed, 01 Mar 2023 10:18:55 GMT", rule-id=""
expires: Mon, 12 Dec 2022 08:35:03 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: "3463768f1eada6681938129f4ac1f0cd"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _zQAlaTXkaYVNHWHDKyI85oEaKEEaiClo4Bxu0CPN6ZM6HGkhGijUg==
age: 1907288
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   349
Md5:    3463768f1eada6681938129f4ac1f0cd
Sha1:   0e94fd7afdcf474745329e76795462278d22fb79
Sha256: 9ce1783fb0eb2bffa218d02d92cd320087f6bb3132dbf1e20b3443a87306412b
                                        
                                            GET /static/img/flags/new/48-squared/us/fa2b2a0e643c840152ba856a8bb081c7ded40efa.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 642
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sat, 05 Nov 2022 05:27:14 GMT
expires: Mon, 05 Dec 2022 05:27:14 GMT
cache-control: max-age=2592000
etag: "5f55f887-282"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: s2mcEO0uA7pP9Z2oAsh9oqNFeULz0tpJGMRBmixfyBtSAvXCpFNjAQ==
age: 2523357
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   642
Md5:    41a0e840aa47c87e19d2bfe0b1231c3f
Sha1:   b5f588ca91fc9e67b5ea658c5ff943b0639e57b9
Sha256: a333d02eedde7a4dd8643d58b0ea7947268a1762f35f517eb6000ec9e7fcfae8
                                        
                                            GET /static/img/flags/new/48-squared/gb/daba79fdd4066d133e8bf59070fd6819b951c403.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 522
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Fri, 02 Dec 2022 08:31:54 GMT
expires: Sun, 01 Jan 2023 08:31:54 GMT
cache-control: max-age=2592000
etag: "5f55f887-20a"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 4UrtMMYd0Hcdxi4-nISDem0SW7WmKCpRu38OS83-Sedd-pxU1i0sAA==
age: 179477
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   522
Md5:    925ee33071ef712bda608ef3bf50ef13
Sha1:   c7d8844e68d5c9bc0294dc5a69f8550c6d6d39d5
Sha256: 996b0e99fcc7a553eac6f51569be5429b1bf8c071a708289fab808d7660cf74c
                                        
                                            GET /psb/capla/static/css/797.6fc81b72.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 23 Nov 2022 16:44:52 GMT
etag: W/"04e7edf9099ebbde425371a36082e68d"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:01 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:01 GMT", rule-id=""
expires: Fri, 23 Dec 2022 16:44:52 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: sjHUD3pEIopA_OiuwO-u6RFTqTbaW5Eon_tonum4A7hQfmp0d5kIfw==
age: 927499
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1077)
Size:   573
Md5:    2cd4218278db56943382c5b78298cd56
Sha1:   df6143792af44a1434962665ab699e422427e0db
Sha256: a9bdee0dfb9ddf33548ee5ad31d788dbee7974e8d4f86368d22a5545050729ce
                                        
                                            GET /psb/capla/static/css/527.0794f606.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 15:35:44 GMT
etag: W/"a82b825171babacfd52fa8a9ec917037"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Mon, 28 Nov 2022 15:21:59 GMT
x-amz-expiration: expiry-date="Tue, 28 Mar 2023 15:21:59 GMT", rule-id=""
expires: Wed, 28 Dec 2022 15:35:44 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gY2IzW8eCNjWOqMC7ytSuwrj3msJr8cKxjj3QFdsnHVIbQbqYRuXyw==
age: 499647
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1100)
Size:   651
Md5:    bc6b20afb60c84e878d884899d8af9d1
Sha1:   97ef3b3c811f1972dfeb4a78bb35ded847105961
Sha256: 0779ec1994a6e4e98704637b195c81d81d52a4a2b3734066a1e151da83650a84
                                        
                                            GET /psb/capla/static/css/579.45580ee8.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 23 Nov 2022 16:44:52 GMT
etag: W/"96fa7b6229a1e4459b6c7faef69398aa"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:01 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:01 GMT", rule-id=""
expires: Fri, 23 Dec 2022 16:44:52 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: l8iFaqImjtn-boX4bfx2V9COHqMzkIH2Yx2_p9Qo1PnA8nCIU-leXg==
age: 927499
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2167)
Size:   967
Md5:    7a543d622632d0bbde23a2b30a03de90
Sha1:   3d61a5501f588e2158eb029ffb27bd5d9191ecc6
Sha256: dbd257e2a66f0771359624815f270c0757d79f97d0998e93760b5c44d3502af9
                                        
                                            GET /psb/capla/static/css/748.8b20673d.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 23 Nov 2022 17:55:02 GMT
etag: W/"105112da0817ea530e4a1591ca27e9a4"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:01 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:01 GMT", rule-id=""
expires: Fri, 23 Dec 2022 17:55:02 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: J8HPXe5YFgZW4JCU5av715NPuUS2MG74zU2xEfyIMxxJrmFjTevn-Q==
age: 923289
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1553)
Size:   1457
Md5:    ed2a4dacbd371046e08fd1fc36689cf9
Sha1:   e3f76484b32ec437c9e33c20fdd8fd9170add9a3
Sha256: 0d4d7ff1b33c3231ddf8af46140d120d1eec5e53d67d9fda1eb060b75230551f
                                        
                                            GET /scripttemplates/6.22.0/assets/otCommonStyles.css HTTP/1.1 
Host: cdn.cookielaw.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.148.64
HTTP/2 200 OK
content-type: text/css
                                        
date: Sun, 04 Dec 2022 10:23:11 GMT
content-md5: F/Fs54+x9bQK/ULkNRp4fA==
last-modified: Thu, 19 Aug 2021 02:39:24 GMT
x-ms-request-id: 6bc20948-001e-0159-656c-c49b35000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 30720
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7743d33d9c5fb4ff-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4999
Md5:    d3e1490c3c167f1913549c3e4ead38db
Sha1:   40f7244cef2d7a3b04650aa7bea10b9c147ecd6a
Sha256: 9e0c3831fab561080df94e9e5a9bca563b8ca92d7f7df4deb30a35bdca024620
                                        
                                            GET /static/img/flags/new/48-squared/mx/f3a3f562a0185d68fb04b2ec01db2062ca6bdb76.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 945
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 08:10:19 GMT
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
etag: "5f560e08-3b1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: YLcq0tUEBer73L9Bu8tvTVnRgNkY3RdEQVFpGT4feI0zfCcEmYb_bw==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   945
Md5:    91f0a044160310ec2a0fdd15a5e9db95
Sha1:   411b206915a7fcbc18ba67bb5013cd4b9c97c5c3
Sha256: 11eb78212272b10379a315971ed01e31ffa796378c12eae4116f47e7bc50bd4f
                                        
                                            GET /static/img/flags/new/48-squared/catalonia/8578246a75d8b9dceaacb174072d0c6acafcc2df.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 155
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sat, 05 Nov 2022 05:40:52 GMT
expires: Mon, 05 Dec 2022 05:40:52 GMT
cache-control: max-age=2592000
etag: "5f560e08-9b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: i21RchFET1feyQLHSD7hTr752az8u2KzUuzJRFZWm7Jr-AaTuAG7oQ==
age: 2522539
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   155
Md5:    9aa827fa86c5f431d15c5b23a78f0f9d
Sha1:   7a82e7b12cb63ae4afabddd04a83c94c468dc777
Sha256: c6d8a7fe3c884ebb35313519fb7187cd6609b4c2ede2ddedcafb6ef8a9905310
                                        
                                            GET /static/img/flags/new/48-squared/it/b8db3771480bd0c7971b9f94cad3640c89521882.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 153
server: nginx
date: Thu, 24 Nov 2022 07:20:22 GMT
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
etag: "5f560e08-99"
expires: Sat, 24 Dec 2022 07:20:22 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: LrZbiqhd52fgK5Hq7FZLcGOKe7SLN_Pw9eDg6VtksuA6ExhO6FzK9g==
age: 874969
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   153
Md5:    4261fd05fa4ff2f6b27961be52f72502
Sha1:   30b359e2111f9509e89b4740af3aa6be24fcc812
Sha256: 861f2142293eb28de2c5f7c6f0035847ae176dc02470bfa7fbb157bf2b89339d
                                        
                                            GET /psb/capla/static/css/224.9d05c47b.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 23 Nov 2022 16:44:52 GMT
etag: W/"9bf8ae9a4f76f8e587606aeb9c41efc9"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:00 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:00 GMT", rule-id=""
expires: Fri, 23 Dec 2022 16:44:52 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: wvMezoaLbUz4sFulYjLr_Dn9NWp7kJw4OubhsYaU1pyNE3obtRb8Nw==
age: 927499
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1238)
Size:   1641
Md5:    be5f0e6238323b8a1e6a3a7ec5d154b9
Sha1:   177d68baca43281465005a3231741742db655076
Sha256: 67f274502eb13334a946ec6c19026e6ccbd735ad952cc6d5605c64535be56041
                                        
                                            GET /psb/capla/static/css/186.c3c0de4f.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Sun, 27 Nov 2022 07:18:08 GMT
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 20 Jul 2022 03:28:27 GMT
x-amz-expiration: expiry-date="Thu, 17 Nov 2022 03:28:27 GMT", rule-id=""
expires: Tue, 27 Dec 2022 07:18:08 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: W/"bc1724443d5ead75f4747b3f87e9c9ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: cihXdgflrpUQJbw-C8u73-cIMxhGTfetEhdp1UJq-0guAAc3kzFuEQ==
age: 615903
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4237)
Size:   1966
Md5:    b5412dd4354920c07e2d4d1cc9e6d749
Sha1:   3bee68e662441f753a0c4cb1d2011485c1cc9312
Sha256: 7b97b3025a72f249f3e852a5bc340f93e964d3c892f284f1bf8d0dd7534f4e99
                                        
                                            GET /psb/capla/static/css/bui-react.c25a53fb.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 29 Nov 2022 09:00:20 GMT
etag: W/"1091f2a4dc706022189520eca193e220"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Tue, 29 Nov 2022 07:12:17 GMT
x-amz-expiration: expiry-date="Wed, 29 Mar 2023 07:12:17 GMT", rule-id=""
expires: Thu, 29 Dec 2022 09:00:20 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: IOIo5aia-IYxWYFpUsuCnq1So8IJoA-8H8GEgCw6Bisr3Wnq6LseRA==
age: 436971
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   17719
Md5:    8ca901281ef2fb2931cf214f37234816
Sha1:   2019d1e50bcd1a3b1d9ad882295d530c5059e85e
Sha256: 6c3710e54d1024e9b380d1a33c5d3bb55954193874ff7fb210020d07205bbd00
                                        
                                            GET /psb/capla/static/css/348.55412d9f.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Wed, 23 Nov 2022 16:44:52 GMT
etag: W/"cd7208456f55af5c5350c6f7e58eae8f"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:01 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:01 GMT", rule-id=""
expires: Fri, 23 Dec 2022 16:44:52 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Uh4hG8AWXHcsqVrIBcN3sfEKhUIKLlmpvfpSW3JDEvwqz9CfwuX8wg==
age: 927499
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1028)
Size:   612
Md5:    9803ca8dd93c88b3fd42b4e5226d1e4b
Sha1:   df44edff88e21aa516aa3d3238c8ec79e72fb56f
Sha256: 644acab7c3bf0340e139a3690a6cb598141c45eac613367345a4339568f1d95a
                                        
                                            GET /psb/capla/static/css/223.43ba9a7b.chunk.css HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Mon, 28 Nov 2022 14:31:30 GMT
etag: W/"8998fb91c1b0946809ec9c1ce34ce22c"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Wed, 23 Nov 2022 16:34:00 GMT
x-amz-expiration: expiry-date="Thu, 23 Mar 2023 16:34:00 GMT", rule-id=""
expires: Wed, 28 Dec 2022 14:31:30 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: EGL2699y6HqAWz2Pm8NX_ODMHH9uTVo7Pqq8S4oIzfQyy97q9J-zdw==
age: 503501
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1777)
Size:   799
Md5:    b4f0c2126afc7ff12b8b3caeb5532855
Sha1:   dd3ecfc602320d536fc9f660bcd1e7eb58ad8749
Sha256: 21405e3128bad35aa7db53c6141752714a2789c49190055bfbaa14422881a35f
                                        
                                            GET /static/img/flags/new/48-squared/dk/744575dd4e87590a543b7c8cbacaef6c3de4e4d2.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 175
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 08:10:19 GMT
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
etag: "5f55f887-af"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: lxw5t10p3Cfus06dZC30CA9z5NLhFS7G1PxNNfukG_kUIJBn_tW0OQ==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   175
Md5:    3275f76ec51c7d87571ef5a5f3e6ddea
Sha1:   995f9025c29c6ab965c3a29af50ae25c9a390ab0
Sha256: a60eac8ef0e0d0dddef152891451b215d955373071d2bd32db7d4b2053fbaf08
                                        
                                            GET /static/img/flags/new/48-squared/cz/32002e60fead55ce886ff9827dfcf4af8cf4e277.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 342
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Fri, 18 Nov 2022 21:21:46 GMT
expires: Sun, 18 Dec 2022 21:21:46 GMT
cache-control: max-age=2592000
etag: "5f55f887-156"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: MKGuNBHjruJ82PTRK_82LAtMEq1TMFP8G0u91rsuzqxap9JyRbwLvQ==
age: 1342885
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   342
Md5:    20b632d22c7839d87dd7ab7628839ee7
Sha1:   e9d3232561f2812c02b6fb4e33251aaf620cd40b
Sha256: ad11693269039a9a7ded88cb46a03eb85ee6f4cf29fa76376ba32c5dd9eb6612
                                        
                                            GET /static/img/flags/new/48-squared/hu/fc7cb24c5c7cb9de74a74fad271d6838daabc4cb.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 133
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 14 Nov 2022 06:59:38 GMT
expires: Wed, 14 Dec 2022 06:59:38 GMT
cache-control: max-age=2592000
etag: "5f55f887-85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: YUu_CEynMBA3Iddk5q4IFKOoy_NOvp8aAa4HabnM_b-fwHr9LykSuA==
age: 1740213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   133
Md5:    9206b6715881ae75735ed659e808e94f
Sha1:   eed3ea9303a65b3b7f64f73d1a8499373aa26c0b
Sha256: 70c5cf7c80ec64caf926271a8832ca79342bd1d9203bae584f8c441aee10ddf0
                                        
                                            GET /static/img/flags/new/48-squared/ro/2d67b91f7beb87bd9286975da3e6dadc70d9c64b.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 153
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Wed, 30 Nov 2022 03:10:01 GMT
expires: Fri, 30 Dec 2022 03:10:01 GMT
cache-control: max-age=2592000
etag: "5f560e08-99"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: E1m00te1v-TxDsjYvjYngufuMwJW9Cj42YsmQUpJgcZjFKVlj-5HWA==
age: 371590
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   153
Md5:    1b1f1d1d57a2cd65c38748ed1e165aa7
Sha1:   58f0710ccff2655b04eb6ed0a2c86ec64eea5223
Sha256: 881978c2d219d2d9e3f0c5584e489e06e1948d0b4f9c5d7d3104a61ddb2e7372
                                        
                                            GET /static/img/flags/new/48-squared/jp/9bf7e50bc6dc66599aeede9189ca16de461c60b6.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 333
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 14 Nov 2022 06:59:38 GMT
expires: Wed, 14 Dec 2022 06:59:38 GMT
cache-control: max-age=2592000
etag: "5f55f887-14d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 3fmXfOxSNEgN2vKtBy93eFlbXT4MY-yWq2pl7kXyLi0nce8gRjMLkg==
age: 1740213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   333
Md5:    0430ec4fbfa9c9d0c02e4040873de949
Sha1:   6f5a96e43c5665af451ae5b0448ed5a7113e40d9
Sha256: ee8b36adb5cbd88a5819e742a813ae397ace8c319861ad8aa4d9caaae90812a0
                                        
                                            GET /static/img/flags/new/48-squared/cn/5a221730f540facc62563bfa6192ce155a9f677e.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 332
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 11:24:56 GMT
expires: Sat, 10 Dec 2022 11:24:56 GMT
cache-control: max-age=2592000
etag: "5f55f887-14c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: p78EzKSoKtlSWIyoEPj8sxjbbZ6I6tGDvDpK0nc530geIOXOdpRt5g==
age: 2069895
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   332
Md5:    a12df81751d392f648a2785d2de72a05
Sha1:   39156191b034cde7e591faa6677153fae77e6770
Sha256: 3e3cbba48022f930c07d6bdea530464cca93dd1c5473c2e75548cabd56c3d5bc
                                        
                                            GET /static/img/flags/new/48-squared/z4/ced4751e6ac2cbb9884a5878fff59a4e24c3e386.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 547
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 14:44:43 GMT
expires: Sat, 10 Dec 2022 14:44:43 GMT
cache-control: max-age=2592000
etag: "5f55f887-223"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: pEe5oD-APm9by4M8LdR7VkOzsxXTtRWqP_7CR_SdGzgrCLGjkSIgTg==
age: 2057908
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   547
Md5:    b20acca9869722ee22594c1cb79aa80c
Sha1:   8547e31b2cb93793703caa352c4cc7c08daf9f39
Sha256: b93aa481a175851c5691c27239100c897b7e42e2d06c19df05f9b5de422fde26
                                        
                                            GET /static/img/flags/new/48-squared/pl/4d6b6e962b0b049a03924fc618b959395d60ae39.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 121
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 14 Nov 2022 06:59:38 GMT
expires: Wed, 14 Dec 2022 06:59:38 GMT
cache-control: max-age=2592000
etag: "5f560e08-79"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: -LIkoE-vbvA9thFKel0AK30VDt07Lz_Y3Zc3I4dYAdlhkstszdwdkQ==
age: 1740213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 2-bit colormap, non-interlaced\012- data
Size:   121
Md5:    f5426bca09243b610e38d3c14e677064
Sha1:   e2ab7e2d6380dc421aa64648c11ddab3b2233e49
Sha256: 2f404d211c6a0c69dcac5b38ae18a1fc57840c4bd330b1bd64def6bf8b748d64
                                        
                                            GET /static/img/flags/new/48-squared/gr/e0e42a97a7b860fc9be71954262902f2a4e94aa6.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 215
server: nginx
date: Thu, 10 Nov 2022 08:10:19 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-d7"
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: jus1WAjoz5d_8eyNy3vbvHThnBfQeSel525xx7EnKL9qiixS5hnYlA==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   215
Md5:    0c3be548c24fe302a6765670af14cb20
Sha1:   b14e18e90b32ec75ee248f748dee5aa6d7609822
Sha256: 84b0beb08ce848e9e03e1e2ef34d5cb421a429661bb837750a1c37cb44b05145
                                        
                                            GET /static/img/flags/new/48-squared/ru/2277320023a64803843c36ca6aa48ad77523dd0d.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 139
server: nginx
date: Sat, 12 Nov 2022 03:16:39 GMT
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
etag: "5f560e08-8b"
expires: Mon, 12 Dec 2022 03:16:39 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 9gWrSPjre119UhbnMZN6J-pJMwPQwXTgI9m65ZdQJmVHAl5WedDhSg==
age: 1926392
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   139
Md5:    e788f0359c4ebb5d12da0db2e46b5cae
Sha1:   7ef0e8f52982a8fe7a25e27011fca7716231a52b
Sha256: 6f71c4adcbf4ee888f31ee757fd52cdb61881a9aca9f8a571c00470df055185c
                                        
                                            GET /static/img/flags/new/48-squared/tr/f7ad0cb74f4ea5e7193cb6029c7f977e9786cfa2.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 400
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 08:10:19 GMT
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
etag: "5f560e08-190"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: LKsVxqG1LikXcMQY5_E26k_i6q3E6XjJ6B9PRM7-PbPD2yXB55GZGw==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   400
Md5:    87321ae6e71b9b09c681058e91a468b5
Sha1:   3fb7872894da2daef6f66e73d8fd2f7b78b3b533
Sha256: 2c1c4611b00fa1da5b4cf45ac2c7d25744c4bf0897fab2e00833ff0aefdf5023
                                        
                                            GET /static/img/flags/new/48-squared/bg/540f2da5fee31b7385af127619ab5ca4fc3783b5.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 99
server: nginx
date: Wed, 16 Nov 2022 11:14:02 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-63"
expires: Fri, 16 Dec 2022 11:14:02 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: XimA40-RiU29xFk_EOigyuE6znQBczyzd6BKIYZTIcWIDp4tyWvLdA==
age: 1552149
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 2-bit colormap, non-interlaced\012- data
Size:   99
Md5:    49c081307e8d5ea32a47fb077905f2de
Sha1:   7b0a263172247879fd6255ab19f26aa45695f380
Sha256: 7ea8e075feac7c0c8a0cdecdf923fdab30b1b0d13336af312484b4f73b926dd9
                                        
                                            GET /static/img/flags/new/48-squared/sa/44ab510f37755d1d9d4c4dfa9b1f25bed9b2a95c.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 534
server: nginx
date: Thu, 01 Dec 2022 08:19:08 GMT
last-modified: Mon, 07 Sep 2020 10:40:09 GMT
etag: "5f560e09-216"
expires: Sat, 31 Dec 2022 08:19:08 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: mpJj4yvc6ExQ1mC-SZOokGG-7QdpCeCItHsC0C9SqGx7Co7d3vtnQA==
age: 266643
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   534
Md5:    c5ba34de4a5b15c8e5966ce4ac6dac7d
Sha1:   d87ca11092c06c059948bca64995703ce9646f98
Sha256: 3f32c4cf32cba619d3e8a5737d713c0d2633fd369f668a8fc038c525e6b20512
                                        
                                            GET /static/img/flags/new/48-squared/kr/4cb76b458a73ca4c1de034c7623475278d363ce6.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 870
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 08:10:19 GMT
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
etag: "5f55f887-366"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: LjyXgt9KOfH9eHBBbw4ncv6w7z22GKC7kMexrj6gXoQEWufLKTFjyw==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   870
Md5:    52c9301117c90f4f0f02957fb952f163
Sha1:   7e947ebefa1352e7282626e90e68442896c606e6
Sha256: 9f31f4ed393b17f37ea3ec9572bdda6ac8c1a3e3ee410743ac2b69f4717b4425
                                        
                                            GET /static/img/flags/new/48-squared/il/fc1907ccd86aa051f7fbe22649d1e31ac6aee016.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 325
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 14 Nov 2022 06:59:34 GMT
expires: Wed, 14 Dec 2022 06:59:34 GMT
cache-control: max-age=2592000
etag: "5f55f887-145"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 5-8MszVILf6iFWj_vHky6sg_0QpghUP_AnjpHil9a8LVH5mV2IGWCA==
age: 1740217
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   325
Md5:    6fedf345605f454aa06cc4d6cdf07c95
Sha1:   566b06216ad282e7b0a34b23803f9f459cf0fa8c
Sha256: 6ad5ceae28b78a9253cc023db0dc2dc95684e086c9c69672f4d61c64b483adf5
                                        
                                            GET /static/img/flags/new/48-squared/lv/393103a26c1d5f1fbd7d9674732bbdfc42296399.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 142
server: nginx
date: Sun, 27 Nov 2022 00:45:17 GMT
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
etag: "5f560e08-8e"
expires: Tue, 27 Dec 2022 00:45:17 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: hJlnU5ZRo8G8Na8uH3cfKiPzbDqprz5PFSh0lkSjZKyWxaJXemlzMg==
age: 639474
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   142
Md5:    ddb2ed817fb9ff1e8fa103e303126d92
Sha1:   db7c6839bb7acec47406626cd0db92f5ae203a7f
Sha256: 90f140a70c71755fed1d533e2f837406fb1a6dde2d18d4318d65fb90bad9332c
                                        
                                            GET /static/img/flags/new/48-squared/ua/2ea50f1c1fb480c4557a5578f71657fc3152c3a1.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 134
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 14:44:43 GMT
expires: Sat, 10 Dec 2022 14:44:43 GMT
cache-control: max-age=2592000
etag: "5f55f887-86"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: tgbLprZMKKfG6jNsrNa7qXbY0mg2f9yRarn3_ML0t4KskdOJ-DiwgQ==
age: 2057908
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   134
Md5:    f4db0dc55878fe02bb1efff8fc8dfe00
Sha1:   233ad877840f93216679c862e72be0d38a3c1132
Sha256: 4d5747ee4bfc01093d27ec5833305780e8797e361214269f85ca824274d7b4ed
                                        
                                            GET /static/img/flags/new/48-squared/in/20aa535a5d3c505dd02fea275ed1a36c0fb1fe08.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 344
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Tue, 22 Nov 2022 16:25:14 GMT
expires: Thu, 22 Dec 2022 16:25:14 GMT
cache-control: max-age=2592000
etag: "5f560e08-158"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: D-y_dlvO0RPtS4OX0U62wH7ZaeDvhblFhD2NZk5S8cJs93JXHJ1dsg==
age: 1015077
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   344
Md5:    d393a8574f0e51fce295082d390baad2
Sha1:   bd9f6c20fc33d74ca2b49e828721298c1beaabe7
Sha256: fe628ee3822daace85b0d6b50b24295b25406735b724d65ac7813d3a23e35bb2
                                        
                                            GET /static/img/flags/new/48-squared/id/e7d3d00965d8c994a72807b43b21c648250cf906.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 121
server: nginx
date: Fri, 02 Dec 2022 09:33:21 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-79"
expires: Sun, 01 Jan 2023 09:33:21 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 43Zs9RpDpQObi8JXIEW2JAz_VngGkk6aWxFOXJmR3x9zex2fNHTVEA==
age: 175790
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 2-bit colormap, non-interlaced\012- data
Size:   121
Md5:    40b14f52ee0e84a6b7f2395438df4e89
Sha1:   3a1b4751f73b37112ea8abe9d8e1e43fb0b5dcc1
Sha256: 0839f5f4321e755f66f00aebe4ecad12e81de7d87b73600f621f3e4067bec79b
                                        
                                            GET /static/img/flags/new/48-squared/my/6d811cf6127cea0a957ca0243546a03339fa19ac.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 499
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 08:10:19 GMT
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
etag: "5f55f887-1f3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _gsfuaPFOWQAG-hBfCmpFSdoHDbAcJCapi4PtUJUDtL3XMRb3NMsmg==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   499
Md5:    822b7bd88d4723227ae587567f978918
Sha1:   767884bb4c8904e55bd5c943aec9a867984137b4
Sha256: e5f05ae53de8b16cc10e8bc868e9c5d9786930973bdce663ee64d206c04388ef
                                        
                                            GET /static/img/flags/new/48-squared/th/53a76d6856962953d739d07ac61f04adee50a3d1.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 150
server: nginx
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Thu, 10 Nov 2022 14:44:43 GMT
expires: Sat, 10 Dec 2022 14:44:43 GMT
cache-control: max-age=2592000
etag: "5f560e08-96"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: LznBrhoac9APrDz46TqM4mvltGPIfhEilugennzKS4aoR6Oj1hKShg==
age: 2057908
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   150
Md5:    ff949a5fc9c52cbb395e15afd6cbbf53
Sha1:   a63fbcbe8300ee1a16399b46c1fd300f1b9e6b8b
Sha256: 67b2c242d9fb8390f051c11070e23792de15f513d53175ce7730484a7c789ef9
                                        
                                            GET /static/img/flags/new/48-squared/ee/509074558f4fe7c71ceed57584dec0382274dd16.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 139
server: nginx
date: Sun, 27 Nov 2022 11:23:58 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-8b"
expires: Tue, 27 Dec 2022 11:23:58 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 3nov1hQ0-tIQtAKCelmEmyhdX8nunXjejdnooP-XUkg2HxAFW28CGg==
age: 601153
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   139
Md5:    12aaeead084db9341a3afbd71d0b123d
Sha1:   5e048ae4bd509d08cd5a17d99d5430e104da7013
Sha256: 8bc3c2630c36b9713f3d002ed54e49c7671ec960ef0d8b02e32f2fdba2af6cb6
                                        
                                            GET /static/img/flags/new/48-squared/hr/e7a46f4dad977aecafa6a3680972e0c137a1bc41.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 815
server: nginx
date: Fri, 02 Dec 2022 09:33:36 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-32f"
expires: Sun, 01 Jan 2023 09:33:36 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: nPg3XWw9o2_K2QKS78FiEPahNFc8MJc665UzhakYPCK2F4S1JxwmCA==
age: 175775
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   815
Md5:    0964eedc0f19b195664c3f75bb22c6ab
Sha1:   22b1a1a6062e7f5fcad6bcb023bb5fd87d22e07d
Sha256: fff82225f56361a415858aa788a2d640331f82f6d9462ac9dbcf39e9023b5a6f
                                        
                                            GET /static/img/flags/new/48-squared/lt/5bb712a60a82b7e075deba5b102aa36348bbb255.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 140
server: nginx
date: Thu, 10 Nov 2022 05:47:54 GMT
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
etag: "5f560e08-8c"
expires: Sat, 10 Dec 2022 05:47:54 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: HXi9nMua4E_JNhkXw3dFFJGCv31pAlWrLmXSecvCQOEyeCcld-Q0FQ==
age: 2090117
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 4-bit colormap, non-interlaced\012- data
Size:   140
Md5:    7c4ca938a6f3b20c4b24b24fc16afb3d
Sha1:   8e9569b41f3b36e88ddba9f85627dc6d48764e88
Sha256: f28938e268eb5573c2e34f320e61a80b20599684a3fc502a01e29ec696701c8e
                                        
                                            GET /static/img/flags/new/48-squared/sk/29e3667f5aca74c157af9225d5a97a74a41e52ef.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 573
server: nginx
date: Wed, 30 Nov 2022 03:10:01 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-23d"
expires: Fri, 30 Dec 2022 03:10:01 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: ua_cci79-0CEVwkZuTcmdvPv9Dv28BW0HUURnhzfDfchCWD92yDf1g==
age: 371590
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   573
Md5:    243c2ae0611333fde9bfb06dd47f6300
Sha1:   2deae15cb1ea681950abf0456e0ddffeb940b158
Sha256: 5acf315305da0ed67d79de0983465c4baf314b34456a0f8df7f0faad0e5dd34b
                                        
                                            GET /static/img/flags/new/48-squared/rs/c1bc4fc1d782713cfec17a071dadca6b755a233e.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1386
server: nginx
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 14 Nov 2022 06:59:38 GMT
expires: Wed, 14 Dec 2022 06:59:38 GMT
cache-control: max-age=2592000
etag: "5f55f887-56a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Whjijakz1oLyUto995s-QJPK0zW5bmMQg7Wx6EYWev_V73mw_kUElg==
age: 1740213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   1386
Md5:    b9379a24299e89e8a3a7f67e055583f3
Sha1:   9fcee25113376edc2308bd7e28d30a4a924cbd58
Sha256: b2d098301fdd75a1c93c85f1f349262d5f7ca3de8a6eaad518095258c19e8a1b
                                        
                                            GET /static/img/flags/new/48-squared/si/f0619cdd45548522566c6d72a660ddc011906184.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 442
server: nginx
date: Thu, 10 Nov 2022 08:10:19 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-1ba"
expires: Sat, 10 Dec 2022 08:10:19 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: AHgHVTxJyOzE9VqsESIaRZm2gMSpMJq7qgzRipHDub5aUFae8iXYCw==
age: 2081572
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   442
Md5:    05cbcc07c185368a084a9309aa914d61
Sha1:   8e11596590eacbb80269c99400b4a87e02e2583b
Sha256: 211e73d3bad99d5286e8f2378547adbf522b0f047e45aeed0d5dea6741488444
                                        
                                            GET /static/img/flags/new/48-squared/vn/90b17da2aafaebce7b0c34189747e1e10dba8041.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 333
server: nginx
date: Sun, 27 Nov 2022 11:23:58 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
etag: "5f55f887-14d"
expires: Tue, 27 Dec 2022 11:23:58 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: Pd4t3wwVkAHL6Nbg_HOTrvoqHZBBmt5xJXfEVNicYX3DadetujUoHA==
age: 601153
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   333
Md5:    3a0135828216d13780bbd76bc0d6617c
Sha1:   613be32ee6beabb7a18a107f6c9bdd0c5d6dada9
Sha256: 37cb08ba3ee531e1f6b5a8a3fbf4be6013a3a9a0442286b07aeb2c947530cf04
                                        
                                            GET /static/img/flags/new/48-squared/ph/7048127466891462116ee2774154585fb5607aba.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 663
server: nginx
date: Sat, 03 Dec 2022 00:36:31 GMT
last-modified: Mon, 07 Sep 2020 10:40:08 GMT
etag: "5f560e08-297"
expires: Mon, 02 Jan 2023 00:36:31 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 9ckCQOMUn5p5Y21gptZnQrI-Ofl0cfiHRkz1dxU9xgx5x_AAIb1_Gg==
age: 121600
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   663
Md5:    47f9d3fafada1c4125dd5abbef01d314
Sha1:   5e36976caec0396e0847c76c413a0189ff2cbbf6
Sha256: a99fa5dc87d4d9a32c930d644a790c6dfba9073d0a11f6cc000ce599b9ba00c7
                                        
                                            GET /static/img/flags/new/48-squared/is/7d644655f895f8e346b964dc18cf5b6608a98d52.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 298
server: nginx
date: Mon, 14 Nov 2022 06:59:38 GMT
last-modified: Mon, 07 Sep 2020 09:08:23 GMT
expires: Wed, 14 Dec 2022 06:59:38 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: "5f55f887-12a"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: CVcZ4rPV6qzHX5LeAk79W4sOhB4dhmBgrdejJ6HVRyRAeNH_sGXdWw==
age: 1740213
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   298
Md5:    227c1e1707b8caf0b17266f188b3b099
Sha1:   294b9da49254731a4cb0fe538d9bc8ef44d1dd92
Sha256: e1e54eb27d785ff86901a728964f40183e845b8301f9196e163e5fe919bcfb5f
                                        
                                            GET /xdata/images/city/square250/644297.webp?k=1ec66dc12696bc2551f325c7318ab5d1cfec23c955b375a30e5d466cf23f6d87&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 14598
server: nginx
date: Sat, 05 Nov 2022 10:21:14 GMT
etag: "28e7cbdab023762d0508afad609ffdf9e02f943c"
expires: Mon, 05 Dec 2022 10:21:14 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: WiNjihulihSQX6XvPY2H6eHCDM7WvKU7A70lYCZ29T1et7yHDGElPw==
age: 2505717
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   14598
Md5:    ce0484a62e175f311523b75f140b4211
Sha1:   eba0d06f0c622ecf224822c856430ad707ebdfc1
Sha256: edf0c0cf1cb6689a78e3b4cd11ff14de3c5947583b589dfbb87379023a484991
                                        
                                            GET /xdata/images/city/square250/644293.webp?k=24c08396bd44343c9dcc78f0df41e114bf7e6aeda3d339101c37e7ba3aa707db&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 10668
server: nginx
date: Mon, 07 Nov 2022 09:19:28 GMT
etag: "e984a8fd673340869b931f90e66a4b897efdf3a4"
expires: Wed, 07 Dec 2022 09:19:28 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: uB1WF7GtCIi-40lzn-Ec6znW6sb2pqKMhcwiwXtXKA-u9e9K2yeYHw==
age: 2336623
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   10668
Md5:    e61daadd9f2361db8bea014c640fc26b
Sha1:   8e637a06e40e6d0d780cf55b0982fd82d2dfbacc
Sha256: 941706cdc14e54f8ec6c3bacc8b5bad26dd5553d0bbd34490450e67387acb132
                                        
                                            GET /xdata/images/city/square250/740935.webp?k=d90fa40b53bd16d8d06214496648ebbbccb96cff3946793c569e50103d363ec1&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 10180
server: nginx
date: Thu, 10 Nov 2022 02:22:08 GMT
etag: "dbd978f6507c1d3c933eec820fee0f3195453b8c"
expires: Sat, 10 Dec 2022 02:22:08 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: W9VTu63jIjuS7miB3C9v1GQdo7VS9wfSRj_yJQW5oLzvAQoB0BXNLQ==
age: 2102463
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   10180
Md5:    f46894a16ebb993b489c7eb4947b2321
Sha1:   a3ebffea1f61cb837f7512345ea899a5908cbf0a
Sha256: ea3005e0d81b1ad9fded26293f7442ee24413818af379d68bed7d717e8b5f7f2
                                        
                                            GET /static/js/error_catcher_bec_cft/282f83b6049fe9bacd964cb6ea8a6d5447528b14.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
last-modified: Mon, 06 Sep 2021 09:06:05 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sat, 05 Nov 2022 02:43:43 GMT
expires: Mon, 05 Dec 2022 02:43:43 GMT
cache-control: max-age=2592000
etag: W/"6135d9fd-178d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: XPmiUjiA2M9EPB-uVZui221uVELLExVT90IZ5mpF_Hya7MNFqHagnw==
age: 2533167
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (6029), with no line terminators
Size:   15198
Md5:    1d30709decd1daf16cc17473e08e4aac
Sha1:   863b431472d88f928075c81567b046e1c1cb6f35
Sha256: c8de0aee2048293f46bc6fc7aa8625f4a717d1297b96da2b577dc6c1fe3d4925
                                        
                                            GET /xdata/images/city/square250/671694.webp?k=cd1e3603afe4edd09f829675efb1cdc9a5925bed25a642bfc4d909602c231624&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 13820
server: nginx
date: Mon, 07 Nov 2022 09:19:29 GMT
etag: "cf950dea43cbc2e84cbf94450df274f733624e2d"
expires: Wed, 07 Dec 2022 09:19:29 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: WcOjaaV7b794zwd0r-JAz1ctqRcRbnuY3yBrhwixmtUrAcN9G-xG2A==
age: 2336622
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   13820
Md5:    ae6f21ca1e36bc750e27be252a59c000
Sha1:   c5896a0dba0a94a551569b4cd040897d5bd935da
Sha256: 29c33b1d0971d25f68cee3a5f098598bb0e6246746f62341c066eb3fc53054f9
                                        
                                            GET /xdata/images/region/square250/48107.webp?k=bc7ff9cf4d26882ff93f92643455885a88b9b0ae37b9ed109687ad0890af2dfd&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 8182
server: nginx
date: Wed, 30 Nov 2022 01:15:27 GMT
etag: "6d99ecc6af0e84dde4b6593b6495affc93d67fcd"
expires: Fri, 30 Dec 2022 01:15:27 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: OQlO0ZMnjtw4sV_Nfpg5H2M6k-4QJokcNZv5-Zh8bTVK0gMr_sN-BA==
age: 378464
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   8182
Md5:    771aeeaab19a95606d95d745b82c71a5
Sha1:   e0ea1f6e9d3213d1c9dc5776630581343c008efe
Sha256: 34ab25e12e5af40fb0361fbc2791c2b95ca19ff49f723c0670d1536e94167899
                                        
                                            GET /xdata/images/city/square250/954959.webp?k=37410091e9d0e74278ef7710d594a8ef5882decaf47e8f9a7ca30f9e85bbab75&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 4970
server: nginx
date: Thu, 01 Dec 2022 16:34:57 GMT
etag: "d01d2f7b6c1a58e5ca1d1642dac3763bd18acdf2"
expires: Sat, 31 Dec 2022 16:34:57 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _us0cLefQ8VzuUKw9xH-gJ8wsLIduRqpcdta_Fr4UrrpLzZS2CWEjg==
age: 236894
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   4970
Md5:    5f34caad9044fb6b97304bf376740090
Sha1:   d919e1aa423bdce0be6d91885666114f7093ee29
Sha256: 3ca928167fc0c1e2ffe56f5910307f715a69c7080d783492cd41ed1ebda75fd6
                                        
                                            GET /xdata/images/city/square250/737551.webp?k=ad4ef19a2b979ef794b56d1901e6937b874b4726a4085d8ddbe795f5c6bfed73&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 11708
server: nginx
date: Sun, 06 Nov 2022 08:04:52 GMT
etag: "0790aacd48db5f0b83aac324e38c6ff05169783c"
expires: Tue, 06 Dec 2022 08:04:52 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: aKOjIR31c5mbvKx9AXPpWiaB4u8td8V-Oyaob8FC7STmO7wQT7gPTA==
age: 2427499
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   11708
Md5:    443025206af2bd7174de9105a0d54e56
Sha1:   abed2877367f1a8e2ef8fcf107caee4ee915d095
Sha256: b3d2c4aaa4adfa189b01e662ba5674f003db543e55b43e5237a78edb74b523b6
                                        
                                            GET /xdata/images/city/square250/930853.webp?k=85cc355550cdcf1ca77d1a7a635f4294e09dee696051866597a63fd7edd7af5a&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 12010
server: nginx
date: Fri, 04 Nov 2022 12:53:39 GMT
etag: "ded732e07d4aa6f26e0071c34cc6945199c35d30"
expires: Sun, 04 Dec 2022 12:53:39 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: PLPFCwc9m0xqUHMJ8hb_CXA5Q_CAXeORNddt7GTHPpPP3xPPdLGzkg==
age: 2582972
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   12010
Md5:    0867b4a18dd02f341467ac3cd9c87624
Sha1:   6dfa10bfc60382146a1cbdcdeaa1d2bf94ca8fe6
Sha256: abac49fbb301fb90860cc5c950d292473ac3db44a6fc2e62398e61bf2bf7655f
                                        
                                            GET /xdata/images/city/square250/967857.webp?k=5733a245dbb186ec0986c0a5c533acc704650d51cdfed7410cf0bcef375e5bc4&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 12264
server: nginx
date: Sun, 06 Nov 2022 11:15:47 GMT
etag: "27586967e639a71d2ce539658f0a6fe60eece616"
expires: Tue, 06 Dec 2022 11:15:47 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 0mJntYpxMQBjobJ49I4kll5M7cfv9RPsGp3Ww1BDR-E-4Q2FLxFrgQ==
age: 2416044
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 250x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   12264
Md5:    57d087e34bf07df0e6df2f13d870f2e2
Sha1:   47462553409d660454e9bee14f3f442d7e757e13
Sha256: d504a989b326836c6718ca6acb3806f60ad3e5a2cc48824a7b1c6d41691e8654
                                        
                                            GET /static/img/flags/24/fr/c3dafe717a0b4b97e6ddd0d791e8a018d8f96310.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 406
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:53 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Wed, 09 Nov 2022 11:04:02 GMT
expires: Fri, 09 Dec 2022 11:04:02 GMT
cache-control: max-age=2592000
etag: "5cadd1d1-196"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: cS4Xubk-E7KwnKSO7gUNVBS_t5T39fPpd9zBFMKCqNxkSOHG3v-Qqw==
age: 2157549
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size:   406
Md5:    6e35d53899b5a1260f946a00b691e0b7
Sha1:   5afcc2cca4ef34005fe1d22784f90b727fceeb08
Sha256: 2fd19cf58102989e49660b27b21605038d4282cf758add4841285c2c17f2dacd
                                        
                                            GET /static/img/flags/24/no/6193a14e4d59f814f46ee6313cdd6e11811abeb3.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 405
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:53 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sat, 05 Nov 2022 06:14:13 GMT
expires: Mon, 05 Dec 2022 06:14:13 GMT
cache-control: max-age=2592000
etag: "5cadd1d1-195"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: JSMLg8nYWJtowNQ5ioo70s3l4mrlHdRJg4kxG4-Z0F3bmPtKwdYISw==
age: 2520538
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size:   405
Md5:    be6379111ab8866c20c123b85af97d42
Sha1:   819ba2a2c986ed6f4ff309661b5c27ac172228df
Sha256: fecd6ef10eb5111323f3b1bb9d8e99e37a881abe33ae37f8e74f046c3634b25f
                                        
                                            GET /static/img/flags/24/gb/b2f01d4fd94cb1420fcdbbef62c06ade1026fbbd.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 786
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:53 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Wed, 09 Nov 2022 11:04:02 GMT
expires: Fri, 09 Dec 2022 11:04:02 GMT
cache-control: max-age=2592000
etag: "5cadd1d1-312"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: m_dKpzhzWgyNU9-6_UdV-tSNi4XXUYoLEBF_olKUKLhY2wh3uC6RgA==
age: 2157549
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size:   786
Md5:    b886858d3043782c8760367f40f31187
Sha1:   81bd3c37344c99a7ce8f29f685c770373aa6cc16
Sha256: c4827c36112be1d0773cbf4eb709f4b01b4ab4bc1a79c90aafc4b196c9445393
                                        
                                            GET /static/img/flags/24/es/a14721d7698af5131b08bd34227508c729ab11bc.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 490
server: nginx
date: Mon, 28 Nov 2022 04:24:56 GMT
last-modified: Wed, 10 Apr 2019 11:21:53 GMT
etag: "5cadd1d1-1ea"
expires: Wed, 28 Dec 2022 04:24:56 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: sgKzGsNqffUw8_jBYqppiaAZ23WsnJBGw4H1cHYkviBxttEocfBmVA==
age: 539894
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size:   490
Md5:    d2d4c6110399a8b2c4c1ea09b7f8eded
Sha1:   f846d4aee888c73998150452c3bde5ff71f7a0e7
Sha256: 630bbc6535a3d0cee406f52ee3664265adc2eaa51227fb8a3ff5c70af9e79b3a
                                        
                                            GET /static/img/flags/24/it/b539a003f197845e447b9d00d91cd74dd57bf3dd.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 436
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:53 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Mon, 28 Nov 2022 11:55:23 GMT
expires: Wed, 28 Dec 2022 11:55:23 GMT
cache-control: max-age=2592000
etag: "5cadd1d1-1b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: _CzEL0tSwKdeHtar20Mxwi0zf1FMaeQA-As4WL6tsk1O9CVsJjr-dg==
age: 512868
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 24 x 24, 8-bit colormap, non-interlaced\012- data
Size:   436
Md5:    1416ab6009ad93f86e9cfc23a54e0c40
Sha1:   0578e45fadd1da2c26a4d5fe814a9239ff5eae97
Sha256: 88bb107350d5324906a2cf2b95847879ecf6bb09502d1186c38daaf15268830f
                                        
                                            GET /static/img/tfl/group_logos/logo_kayak/83ef7122074473a6566094e957ff834badb58ce6.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1154
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:55 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sat, 05 Nov 2022 06:30:44 GMT
expires: Mon, 05 Dec 2022 06:30:41 GMT
cache-control: max-age=2592000
etag: "5cadd1d3-482"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 0U5vA40U-c_5zIQYqAcqSS7AsWpTP5Q5IaXGy6dCaC7et8rd1Kx5Dg==
age: 2519550
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 79 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   1154
Md5:    6384185cbe9a4f106857a3cb85caea98
Sha1:   0e31a4fe2ce98a8b4fda60687aa71079b4d3a95b
Sha256: 5839f0330821cf08029beddd6d248170da1af16cd7aff253e7bd075d591f5d42
                                        
                                            GET /static/img/tfl/group_logos/logo_agoda/1c9191b6a3651bf030e41e99a153b64f449845ed.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 2146
server: nginx
last-modified: Thu, 12 Mar 2020 10:15:57 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sun, 04 Dec 2022 01:52:15 GMT
expires: Tue, 03 Jan 2023 01:52:15 GMT
cache-control: max-age=2592000
etag: "5e6a0bdd-862"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: vDT1Q0o4JB3euXamLMbmIitoPlq4E3yn8fYbvGhgKGO1He4-g98L4Q==
age: 30656
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 70 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   2146
Md5:    27e71a5124018e16eae0b8897618623d
Sha1:   d0d54d88b04edfc71f338c19eab9994632bc6ced
Sha256: 1d6e86e59ab7235a8343f494c8e8da6cc02c5a98a75d682401340e6d06935f20
                                        
                                            GET /static/img/tfl/group_logos/logo_rentalcars/6bc5ec89d870111592a378bbe7a2086f0b01abc4.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 3221
server: nginx
last-modified: Wed, 10 Apr 2019 11:21:55 GMT
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
date: Sun, 27 Nov 2022 12:34:23 GMT
expires: Tue, 27 Dec 2022 12:34:23 GMT
cache-control: max-age=2592000
etag: "5cadd1d3-c95"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: sgaSOmo_dc51qn3kxEgxM7TvbQGmhjlSYjr-OZmYIetZJQS4w2NZow==
age: 596928
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 109 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   3221
Md5:    38784d782a29a302dab9135d63aef953
Sha1:   04db0e863a35062a355c4b2ea9585ec83c4ffc3e
Sha256: 8561e200a6a57195e480ed9d893b14579ef6acdeabfbb3fe22b5e4ec9b84b455
                                        
                                            GET /static/img/tfl/group_logos/logo_opentable/a4b50503eda6c15773d6e61c238230eb42fb050d.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 2344
server: nginx
date: Sun, 27 Nov 2022 04:46:03 GMT
last-modified: Wed, 10 Apr 2019 11:21:55 GMT
expires: Tue, 27 Dec 2022 04:46:03 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: "5cadd1d3-928"
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FvzyK0dhECA7rnczPhbAxaWQPsRJpkHTk69_c6Rn687vR9wnLX7yvQ==
age: 625028
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 95 x 26, 8-bit/color RGBA, non-interlaced\012- data
Size:   2344
Md5:    d05a0ab9bf394439a1584a2b0d44db5c
Sha1:   183c28023d3ba3358a7a5df1db887582ae5340ed
Sha256: b23272a9692c4ec3c020935917e9d096490876c976abec1290bd3cc9aae13974
                                        
                                            GET /psb/capla/static/js/435.829226c8.chunk.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 593
server: nginx
date: Thu, 17 Nov 2022 14:15:36 GMT
etag: "fa29c83ab2dd0e8c893a53e85a65d93d"
x-amz-meta-x-deployment-hash: foo
x-amz-server-side-encryption: AES256
last-modified: Thu, 17 Nov 2022 13:55:02 GMT
x-amz-expiration: expiry-date="Fri, 17 Mar 2023 13:55:02 GMT", rule-id=""
expires: Sat, 17 Dec 2022 14:15:36 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: o9G1yT69p1IYEsifgBhe4EPJ6B3PKgGA7dVmXEnGvhc92gCdzINWug==
age: 1454855
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (483)
Size:   593
Md5:    fa29c83ab2dd0e8c893a53e85a65d93d
Sha1:   cc8ebb4b2f09940e3f2f726055179a6c3b51e563
Sha256: 6bbddbdb65eb60fa9fa38817747b2107ef36667b4c1beeacab6063cb55c51018
                                        
                                            GET /static/img/nobg_all_blue_iq/b700d9e3067c1186a3364012df4fe1c48ae6da44.png HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 73
server: nginx
date: Wed, 09 Nov 2022 06:01:42 GMT
last-modified: Wed, 10 Apr 2019 11:21:55 GMT
etag: "5cadd1d3-49"
expires: Fri, 09 Dec 2022 06:01:42 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: FdU6zhIRkerWWCyGlEVsnt3q3paIAZ_QJgIHxocfWRFSaP0wP6TCJg==
age: 2175689
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 100, 8-bit/color RGB, non-interlaced\012- data
Size:   73
Md5:    ff823944bc0bb9e4bf87f0ad14f687d1
Sha1:   4b68ba281b9ab171611569bf78971df6970efbc1
Sha256: 6153929734ec12ec07072f327c1112301828497e4dd356ca261461b0b7ba9621
                                        
                                            GET /xdata/images/xphoto/500x500/178968129.jpeg?k=52539cb8ac165dd6904836ac7f5474223f043df7ef00a7ad1f5feb35d2384613&o= HTTP/1.1 
Host: q-xx.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         54.230.111.115
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 16657
server: nginx
date: Thu, 10 Nov 2022 12:53:24 GMT
etag: "5d37727dfef5b52f295348eb69f14ae96d152a40"
expires: Sat, 10 Dec 2022 12:53:24 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tUV-pP4037s0GsAJVznN69AebKq7T6mzg9ecPA0H7Si7k7kk1Ko88Q==
age: 2064587
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   16657
Md5:    f5f9461176e1c9b7b133940399ba746b
Sha1:   26e3b1482f81ca74f52808a87b0df143fa98bc10
Sha256: 48975da0bce54b088279321f00f24a16e099707da1d394550818e89ce08ec45d
                                        
                                            GET /static/js/genius_vip_cft/f980dbafa6b20d980f25ca835a161e7cece00d9d.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Thu, 01 Dec 2022 23:46:23 GMT
last-modified: Thu, 30 Jun 2022 08:09:45 GMT
expires: Sat, 31 Dec 2022 23:46:23 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: W/"62bd5a49-c32"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: gulGq6pWoKn4xkJfqxID94k7h9oSmXQ7dJmrrsy-w_nArB4wmcwqpA==
age: 211008
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3122), with no line terminators
Size:   24753
Md5:    0a33f37aae1aeb2dcc7ab2451a2a0bae
Sha1:   cb5fa77be44c022c2e7bd4d1e774432456a98857
Sha256: 713fec2e84e202bed691d116527d878422811bb594ca1dcd084e414262d80d65
                                        
                                            GET /xdata/images/city/540x270/844103.webp?k=b4ff3d17a962184dfa8823beec573fa3f679306e8b3fa897b901ba0dedb157bd&o= HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/webp
                                        
content-length: 24262
server: nginx
date: Fri, 25 Nov 2022 04:34:27 GMT
etag: "1317bd35f75cb8e92782083593522a0d00ea0b35"
expires: Sun, 25 Dec 2022 04:34:27 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: kGk7rJsQJWcMla--k4Yuc10BKsrd24O0v7-hgViYJ-KsBwLJCH3Fog==
age: 798524
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 540x270, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   24262
Md5:    8da231dc5119fa2631196021b5b76b79
Sha1:   acc913dd71a600d59d1485aeaf478217e6efb323
Sha256: 0e422d4bd5462f934cf16f7cf8be46278492bc9f35f4765cbb2382ba9233588c
                                        
                                            GET /static/js/sp-on-maps_cft/d30eef4dc5202875d4c3301b8a0e8ff09f9a0e28.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sun, 04 Dec 2022 01:06:40 GMT
last-modified: Thu, 19 May 2022 11:44:13 GMT
expires: Tue, 03 Jan 2023 01:06:40 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: W/"62862d8d-25ae"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: qajpNUVeZqKEjngepMhGegi1pJtFdp00mF9EUVZ28ZDqo0Q2DeLspg==
age: 33391
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9646), with no line terminators
Size:   20828
Md5:    79aa124a97ab8e855ad74674852861dc
Sha1:   cba8ac7e15cb5148efa9880fdb9c464c39ca686f
Sha256: 889276c41f62b1733239249b9a46207e80f5d9ce478d39e613d8a4dc975b7bc6
                                        
                                            GET /static/img/cross_product_index/accommodation/07ca5cacc9d77a7b50ca3c424ecd606114d9be75.svg HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t-cf.bstatic.com/static/css/xp-index-sb_cft.iq_ltr/8eb388808f339e272040797666d317d27156dd37.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Fri, 18 Nov 2022 21:21:46 GMT
last-modified: Wed, 10 Apr 2019 11:21:51 GMT
expires: Sun, 18 Dec 2022 21:21:46 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: W/"5cadd1cf-7f2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: ci_PFWW0u7UTzQFn3OXKC7o2LzJocIVeCwnNFHGMV4ZlHFJQym9B_A==
age: 1342885
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1446)
Size:   23981
Md5:    a15c11aa2b3b67a95a18e40710cb3e2b
Sha1:   c6327f167af336ea99cfcfbc81593f6fca09eecd
Sha256: b99907c6ee96332157daf78ae6354f8d464bf96d540f6629df91013b3777c540
                                        
                                            GET /static/js/raf_cft/b9e5b0bcf00cff69d910550bedf9b680172d2b89.js HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Wed, 30 Nov 2022 05:21:24 GMT
last-modified: Fri, 16 Sep 2022 13:33:46 GMT
expires: Fri, 30 Dec 2022 05:21:24 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: br
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: W/"63247b3a-1db04"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: f-SqzSnvLui9wEfcYwUAc-LdvW7NetyGx2fdXyZ253OUKCsNM5GXzg==
age: 363707
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   53026
Md5:    c2201addc5c3f75614946458684e1ffe
Sha1:   7fd1aeaf1b62bfa162048bca8983b7b734749a90
Sha256: 9fe6282a48bca8512a30a3c67b805a23aa83e7977da60220e66c3be8b58b49b0
                                        
                                            GET /static/img/cross_product_index/toggle/fb6f63d62231f9fe552d79b5448620b2e63c726e.svg HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://t-cf.bstatic.com/static/css/xp-index-sb_cft.iq_ltr/8eb388808f339e272040797666d317d27156dd37.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Sun, 27 Nov 2022 18:56:40 GMT
last-modified: Wed, 10 Apr 2019 11:21:51 GMT
etag: W/"5cadd1cf-5e7"
expires: Tue, 27 Dec 2022 18:56:40 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-encoding: gzip
x-xss-protection: 1; mode=block
timing-allow-origin: *
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9b9a19a17f71baf11790ad734100cb88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: mRLL0dZL5DOoPLPFBPM2ohLneLfbxVWTL45MHDlOsOEEaVhAUsDIbQ==
age: 573991
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7917
Md5:    ab362f8ce80cfc4d2dc91a57d165dbb6
Sha1:   ca27b00e7010db707d57b15c2e0b5662fdf92d5e
Sha256: 8aba14abb57e6d658dccda024eab5df7f7dd96a16f2354345b45c1b07f05443e
                                        
                                            GET /static/fonts/booking-iconset-original/29bca18dce5a8e111855e31314a9b1d750ea9beb.woff2 HTTP/1.1 
Host: t-cf.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.booking.com
Connection: keep-alive
Referer: https://t-cf.bstatic.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.157.214.95
HTTP/2 200 OK
content-type: text/plain
                                        
content-length: 92724
server: nginx
date: Sat, 12 Nov 2022 03:58:08 GMT
last-modified: Wed, 10 Apr 2019 11:21:49 GMT
expires: Mon, 12 Dec 2022 03:58:08 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
nel: {"report_to":"default","max_age":600}
report-to: {"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
accept-ranges: bytes
x-xss-protection: 1; mode=block
timing-allow-origin: *
etag: "5cadd1cd-16a34"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 05844663035089f465172d861220e698.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: SaplcsI9arLc3MqiQfaEsGB4DZCNG5MeQDXMvRddRzaEJ6HmoSrs5Q==
age: 1923903
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 92724, version 1.0\012- data
Size:   92724
Md5:    f132633e65809ec36c0f01b8a29fa457
Sha1:   e68a5b0de3e08ac85a13426ce3d8c13ad21d38ff
Sha256: a98c20990fe3e31203fe2db8384af8e05e7b358cdae3c28b034e1f02b47db630
                                        
                                            GET /xdata/images/xphoto/714x300/173282684.jpeg?k=e31b490d521194e65d41490f43dc704291ca07eaa762b6f36bca714d3211b9a1&o= HTTP/1.1 
Host: q-xx.bstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.booking.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         54.230.111.115
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 14522
server: nginx
date: Thu, 01 Dec 2022 16:27:49 GMT
etag: "7fb9ec00bb0c9f5a5a1d0465de72694a66119e0d"
expires: Sat, 31 Dec 2022 16:27:49 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
x-xss-protection: 1; mode=block
timing-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BSS3s2P8Lj1t-Iw-6Ojc3S-POhHRHb5wzDSXVxOaP-enj8m5dU4lYg==
age: 237323
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 714x300, components 3\012- data
Size:   14522
Md5:    b08ebaadd8bdcdaab48146863ee7e2ac
Sha1:   ba8c861c80dfff7c6bb01c815341f7956f59908f
Sha256: c3b9e0e160fdbdcfef162b2037b54f22235c6ed8186b1212666375215f9e671f
                                        
                                            POST /c360/v1/track HTTP/1.1 
Host: www.booking.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5