urlscan.io logo urlscan.io
SecurityTrails logo

viagens.melhores-ofertas.pt Open in urlscan Pro
2600:9000:206f:6800:10:84c9:4b80:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://eml.premiosfaceis.com/helloclick/pt/22684/119049/3/3910390
Effective URL: https://viagens.melhores-ofertas.pt/
Submission: On November 15 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 5 countries across 11 domains to perform 36 HTTP transactions. The main IP is 2600:9000:206f:6800:10:84c9:4b80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is viagens.melhores-ofertas.pt.
TLS certificate: Issued by Amazon RSA 2048 M02 on October 17th 2022. Valid for: a year.
This is the only time viagens.melhores-ofertas.pt was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 212.83.36.145 47447 (TTM)
4 89.140.72.57 6739 (ONO-AS Ca...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 52.16.134.146 16509 (AMAZON-02)
1 1 95.131.136.1 47841 (OXALIDE)
10 2600:9000:206... 16509 (AMAZON-02)
2 54.229.42.212 16509 (AMAZON-02)
11 2606:4700::68... 13335 (CLOUDFLAR...)
2 2620:1ec:bdf::45 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 20.234.93.27 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 20.85.30.134 8075 (MICROSOFT...)
36 11
1    212.83.36.145 (Kaufbeuren, Germany)

ASN47447 (TTM, DE)
PTR: recepcion.hello-mail.de
eml.premiosfaceis.com
4    89.140.72.57 (Spain)

ASN6739 (ONO-AS Cableuropa - ONO, ES)
PTR: webpilots.com
r.premiosfaceis.com
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.16.134.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-134-146.eu-west-1.compute.amazonaws.com
ho.leadsandads.com
1    95.131.136.1 (France)

ASN47841 (OXALIDE, FR)
PTR: front.netaffiliation.net
action.metaffiliation.com
10    2600:9000:206f:6800:10:84c9:4b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
viagens.melhores-ofertas.pt
2    54.229.42.212 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-42-212.eu-west-1.compute.amazonaws.com
kwanko-backoffice.com
11    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    2606:4700::6812:1a55 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    20.234.93.27 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
j.clarity.ms
Apex Domain
Subdomains		 Transfer
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 410
219 KB
10 melhores-ofertas.pt
viagens.melhores-ofertas.pt
1 MB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1311
c.clarity.ms — Cisco Umbrella Rank: 1864
j.clarity.ms — Cisco Umbrella Rank: 9673
57 KB
5 premiosfaceis.com
eml.premiosfaceis.com
r.premiosfaceis.com
94 KB
2 kwanko-backoffice.com
kwanko-backoffice.com
564 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43
ajax.googleapis.com — Cisco Umbrella Rank: 304
32 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 241
557 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 690
312 B
1 metaffiliation.com
action.metaffiliation.com — Cisco Umbrella Rank: 123435
2 KB
1 leadsandads.com
ho.leadsandads.com
2 KB
1 gstatic.com
fonts.gstatic.com
8 KB
36 11
Domain Requested by
11 cdn.cookielaw.org viagens.melhores-ofertas.pt
cdn.cookielaw.org
10 viagens.melhores-ofertas.pt r.premiosfaceis.com
viagens.melhores-ofertas.pt
4 r.premiosfaceis.com r.premiosfaceis.com
2 j.clarity.ms www.clarity.ms
2 c.clarity.ms 1 redirects
2 www.clarity.ms viagens.melhores-ofertas.pt
www.clarity.ms
2 kwanko-backoffice.com viagens.melhores-ofertas.pt
1 c.bing.com 1 redirects
1 geolocation.onetrust.com cdn.cookielaw.org
1 action.metaffiliation.com 1 redirects
1 ho.leadsandads.com 1 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 ajax.googleapis.com r.premiosfaceis.com
1 fonts.googleapis.com r.premiosfaceis.com
1 eml.premiosfaceis.com 1 redirects
36 15

This site contains links to these domains. Also see Links.

Domain
tcf.cookiepedia.co.uk
www.onetrust.com
Subject Issuer Validity Valid
r.premiosfaceis.com
R3		 2022-10-22 -
2023-01-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-25 -
2023-01-17		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-10-25 -
2023-01-17		 3 months crt.sh
*.viagens.melhores-ofertas.pt
Amazon RSA 2048 M02		 2022-10-17 -
2023-11-15		 a year crt.sh
kwanko-backoffice.com
Amazon		 2022-07-10 -
2023-08-08		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2022-05-01 -
2023-05-01		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-27 -
2023-02-27		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 02		 2022-06-07 -
2023-06-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://viagens.melhores-ofertas.pt/
Frame ID: 4FC679B0423A800CC830A0CBBE58A332
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Travel LoversBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://eml.premiosfaceis.com/helloclick/pt/22684/119049/3/3910390 HTTP 302
    https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_cont... Page URL
  2. https://ho.leadsandads.com/aff_c?offer_id=1560&aff_id=1088 HTTP 302
    https://action.metaffiliation.com/trk.php?mclic=P51205F552C2F1D1&urlrv=https%3A%2F%2Fviagens.melhores-ofertas.... HTTP 302
    https://viagens.melhores-ofertas.pt/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

97 %
HTTPS

53 %
IPv6

11
Domains

15
Subdomains

11
IPs

5
Countries

1556 kB
Transfer

2718 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://eml.premiosfaceis.com/helloclick/pt/22684/119049/3/3910390 HTTP 302
    https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088 Page URL
  2. https://ho.leadsandads.com/aff_c?offer_id=1560&aff_id=1088 HTTP 302
    https://action.metaffiliation.com/trk.php?mclic=P51205F552C2F1D1&urlrv=https%3A%2F%2Fviagens.melhores-ofertas.pt%2F&urlv=f09817f624ec5b87bddf6ad0d99b89f7&altid={EMAIL}&force_ele=1 HTTP 302
    https://viagens.melhores-ofertas.pt/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://eml.premiosfaceis.com/helloclick/pt/22684/119049/3/3910390 HTTP 302
  • https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Request Chain 27
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&RedC=c.clarity.ms&MXFR=20A55F298C196A323D964D748819646D HTTP 302
  • https://c.clarity.ms/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&MUID=16BCCAEA05256ECB31A7D8B7040E6F0C

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
r.premiosfaceis.com/jump/
Redirect Chain
  • https://eml.premiosfaceis.com/helloclick/pt/22684/119049/3/3910390
  • https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
89.140.72.57 , Spain, ASN6739 (ONO-AS Cableuropa - ONO, ES),
Reverse DNS
webpilots.com
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
ae8f43517c549da3946333286e32ef84e7c55fb18e3458fe975b5dddfb5573a5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
br
Content-Type
text/html; charset=UTF-8
Date
Tue, 15 Nov 2022 16:18:56 GMT
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
PHP/7.4.33 PleskLin

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Type
text/html
Date
Tue, 15 Nov 2022 16:18:58 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Pragma
no-cache
Server
nginx/1.10.3
Transfer-Encoding
chunked
css2
fonts.googleapis.com/ 		18 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c0735e67fc8b7311bcb0b41c89c40e353b301caf9a7fc43439c99453046f2aaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://r.premiosfaceis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 15 Nov 2022 16:18:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 15 Nov 2022 16:18:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 15 Nov 2022 16:18:59 GMT
Logo-Premiosfaceis%20(1).png
r.premiosfaceis.com/img/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.premiosfaceis.com/img/Logo-Premiosfaceis%20(1).png
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
89.140.72.57 , Spain, ASN6739 (ONO-AS Cableuropa - ONO, ES),
Reverse DNS
webpilots.com
Software
nginx / PleskLin
Resource Hash
035287b7cc1d443bba9e336bf9831427d7f7a7cc313527135425ec2d4f2a2314

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Tue, 15 Nov 2022 16:18:56 GMT
Last-Modified
Thu, 24 Feb 2022 04:18:12 GMT
Server
nginx
ETag
"62170704-5895"
X-Powered-By
PleskLin
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22677
Emoji.png
r.premiosfaceis.com/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.premiosfaceis.com/img/Emoji.png
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
89.140.72.57 , Spain, ASN6739 (ONO-AS Cableuropa - ONO, ES),
Reverse DNS
webpilots.com
Software
nginx / PleskLin
Resource Hash
0fc730589b791d954e506c4b222edb7c984a3d100d9f0246fc1a66aa83c027a1

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Tue, 15 Nov 2022 16:18:56 GMT
Last-Modified
Thu, 24 Feb 2022 04:20:32 GMT
Server
nginx
ETag
"62170790-1a7f"
X-Powered-By
PleskLin
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6783
Loader-Premiosfaciles-2%20(1).gif
r.premiosfaceis.com/img/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://r.premiosfaceis.com/img/Loader-Premiosfaciles-2%20(1).gif
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
89.140.72.57 , Spain, ASN6739 (ONO-AS Cableuropa - ONO, ES),
Reverse DNS
webpilots.com
Software
nginx / PleskLin
Resource Hash
87fe2e83b1f00be60f1e8e3224ca8fdc5c7895378a029bca38f5f09f6682f798

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Tue, 15 Nov 2022 16:18:56 GMT
Last-Modified
Thu, 24 Feb 2022 04:18:11 GMT
Server
nginx
ETag
"62170703-fa1e"
X-Powered-By
PleskLin
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
64030
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://r.premiosfaceis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:10:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Nov 2023 16:10:34 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://r.premiosfaceis.com
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 09 Nov 2022 19:25:00 GMT
x-content-type-options
nosniff
age
507239
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7884
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 09 Nov 2023 19:25:00 GMT
Primary Request /
viagens.melhores-ofertas.pt/
Redirect Chain
  • https://ho.leadsandads.com/aff_c?offer_id=1560&aff_id=1088
  • https://action.metaffiliation.com/trk.php?mclic=P51205F552C2F1D1&urlrv=https%3A%2F%2Fviagens.melhores-ofertas.pt%2F&urlv=f09817f624ec5b87bddf6ad0d99b89f7&altid={EMAIL}&force_ele=1
  • https://viagens.melhores-ofertas.pt/
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://viagens.melhores-ofertas.pt/
Requested by
Host: r.premiosfaceis.com
URL: https://r.premiosfaceis.com/jump/?utm_source=PF_PT&utm_medium=&utm_campaign=2022_Emma&utm_term=&utm_content=&goto=https%3A%2F%2Fho.leadsandads.com%2Faff_c%3Foffer_id%3D1560%26aff_id%3D1088
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6ab7ea76d345d140d650a4e517bd242d9103a9cb383db7c881aaffcd2905443a

Request headers

Referer
https://r.premiosfaceis.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-type
text/html
date
Tue, 15 Nov 2022 16:19:01 GMT
etag
W/"653e970153ae30ce7ce7543d97b9366c"
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
x-amz-cf-id
KMv346LAl6A2VNLSyUaDJ6i_FfNNOSfD-EonSzAluSMnw0FnPGasjQ==
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Kwanko-Content-Type,X-Kwanko-Sdk-Version,X-KWKunijs-Debug,X-KWKunijs-Version
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection
close
Content-Type
text/html; charset=UTF-8
Date
Tue, 15 Nov 2022 16:19:00 GMT
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified
Tue, 15 Nov 2022 16:19:00 GMT
Location
https://viagens.melhores-ofertas.pt/
P3P
CP="NOI DSP COR CUR ADMa PSAa OUR IND NAV COM",policyref="http://www.netaffiliation.com/w3c/p3p.xml"
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
X-Robots-Tag
noindex
X-TRK-D
0.0091350078582764
X-TRK-DECISION
4
X-TRK-PROC
73823
X-TRK-SRV
5
index.c952e086.js
viagens.melhores-ofertas.pt/assets/ 		362 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://viagens.melhores-ofertas.pt/assets/index.c952e086.js
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
45fa80e28abd576438587fbb6b787ccecdda0cbcda9c5548927e67626451d42f

Request headers

Referer
https://viagens.melhores-ofertas.pt/
Origin
https://viagens.melhores-ofertas.pt
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
content-encoding
gzip
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
W/"44eda0ecf31a86b496b248ea30f74a3e"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
cYG8_smiwXziDufPD9A_coc-St34JCOByjnIP2AXU6r1g2MOPoyXZg==
index.0defdf6c.css
viagens.melhores-ofertas.pt/assets/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://viagens.melhores-ofertas.pt/assets/index.0defdf6c.css
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0defdf6c5533476a877b2893ec3c747a16c8da7e76084c2490e797d902a30a29

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
content-encoding
gzip
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
W/"eb31a7b6d782fee79ba1f00443bf2314"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
1SgtfGFzEB922R-llbybCf3L6d_RO-Oz4j3BDu3F__HK1Y7x7Wf7PA==
trk
kwanko-backoffice.com/api/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://kwanko-backoffice.com/api/trk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.42.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-42-212.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://viagens.melhores-ofertas.pt
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://viagens.melhores-ofertas.pt
access-control-max-age
0
cache-control
no-cache, private
date
Tue, 15 Nov 2022 16:19:01 GMT
server
nginx/1.22.0
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/assets/index.c952e086.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
HNx4bdEmRgn5g09KulPi7w==
age
61202
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
7151
x-ms-lease-status
unlocked
last-modified
Thu, 10 Nov 2022 22:15:45 GMT
server
cloudflare
etag
0x8DAC3691D5A9489
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
69d9ff0c-501e-00cd-6162-f5bdae000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e5d5ab96601-MAD
e4cjuaowkf
www.clarity.ms/tag/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/e4cjuaowkf
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/assets/index.c952e086.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fca47cae536b7f89b8f01527bde28b0932cafd8ad685796bad55b9feaa70cab8

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

content-type
application/x-javascript
date
Tue, 15 Nov 2022 16:19:01 GMT
cache-control
no-cache, no-store
expires
-1
x-azure-ref
09btzYwAAAABgnQREnsdMTYDJHEO+I/OwTUFEMzBFREdFMDUxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
request-context
appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0
logo.c55ea346.svg
viagens.melhores-ofertas.pt/assets/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://viagens.melhores-ofertas.pt/assets/logo.c55ea346.svg
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c55ea34668c219f87f4498b841ec2a43931f911ff5653b4b8646ec13072330c1

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
content-encoding
gzip
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
W/"524495fcb53d4c40569782ffff5f7f4d"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
uFqxCdY9faZB8pov5pShs0DWrroXGCKOFXNNw4O93LoDtsk46OL2UA==
MADE.3b80f5f3.woff
viagens.melhores-ofertas.pt/assets/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://viagens.melhores-ofertas.pt/assets/MADE.3b80f5f3.woff
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/assets/index.0defdf6c.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b80f5f395576f88e9f54fea3de96988fb8ea6e17bed5187286b548a52c7c7c5

Request headers

Referer
https://viagens.melhores-ofertas.pt/assets/index.0defdf6c.css
Origin
https://viagens.melhores-ofertas.pt
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"afa18b29410778c93e2344bd1978b1b7"
x-cache
Miss from cloudfront
content-type
font/woff
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
20688
x-amz-cf-id
sng8paf1H-X5ggv-sqci9nkQNt7bHHlMoCwYkzjOWsj6cBoDpI64vw==
CourierStd.0dac91af.woff
viagens.melhores-ofertas.pt/assets/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://viagens.melhores-ofertas.pt/assets/CourierStd.0dac91af.woff
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/assets/index.0defdf6c.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0dac91afa1e5ea647aa806540e1189970d8011f15e4fea02626c5722b0d9f810

Request headers

Referer
https://viagens.melhores-ofertas.pt/assets/index.0defdf6c.css
Origin
https://viagens.melhores-ofertas.pt
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"29cbc52e9223f6fb0d1c6c51ad547c09"
x-cache
Miss from cloudfront
content-type
font/woff
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
25884
x-amz-cf-id
HJ34sUMSj2_vQwm_M1S3LBLOXG4J2caGYRGQuPAGRSjISUU6gV6hhg==
trk
kwanko-backoffice.com/api/ 		175 B
564 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://kwanko-backoffice.com/api/trk
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/assets/index.c952e086.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.42.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-42-212.eu-west-1.compute.amazonaws.com
Software
nginx/1.22.0 /
Resource Hash
b9c00ad6381ab1216b9852f9e1e228f9527d4aa82f7ade4745cdd45660df5482
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://viagens.melhores-ofertas.pt/
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 15 Nov 2022 16:19:01 GMT
x-content-type-options
nosniff
server
nginx/1.22.0
x-frame-options
SAMEORIGIN
x-ratelimit-remaining
59
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://viagens.melhores-ofertas.pt
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
60
access-control-allow-headers
Content-Type, X-Auth-Token, Authorization, Origin
vary
Origin
x-xss-protection
1; mode=block
hero-1.877ecbbd.jpg
viagens.melhores-ofertas.pt/assets/ 		295 KB
296 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://viagens.melhores-ofertas.pt/assets/hero-1.877ecbbd.jpg
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
877ecbbd5b72166885572b51c53df1f962db6267d379c7625d70bd1efe55456e

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"aafb191dad1b7ccd730876d5da68ac28"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
302187
x-amz-cf-id
FuYL_M9fZMw2APS6uok2zvRlhmkrHyDIFNyBJiXsXOyOtaFHhTnLoA==
hero-2.20fc7792.jpg
viagens.melhores-ofertas.pt/assets/ 		242 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://viagens.melhores-ofertas.pt/assets/hero-2.20fc7792.jpg
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20fc779279c50d048b096db2f7cd953ee4234598bdd99b97f7d8e498fa12ec68

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"9e22678f454c2494021906bc35288f11"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
247602
x-amz-cf-id
MXahtEsczJoMO6T5VCXnGtyWEdKdmLckbOy_APi0IL6iuKIsMj56HQ==
hero-3.58fb4ef3.jpg
viagens.melhores-ofertas.pt/assets/ 		110 KB
111 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://viagens.melhores-ofertas.pt/assets/hero-3.58fb4ef3.jpg
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58fb4ef3e9f4e2bb388558592585d1791687d89fb796d839037ae608d205d471

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"01eed2ad2934cc4164d40354c23fbd1c"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
113141
x-amz-cf-id
Tp43P7HVfIlfdz9fu-9qZwrQZTC8NibToccGP2ejBcINK2Kku1Q06Q==
hero-4.2052f86f.jpg
viagens.melhores-ofertas.pt/assets/ 		318 KB
319 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://viagens.melhores-ofertas.pt/assets/hero-4.2052f86f.jpg
Requested by
Host: viagens.melhores-ofertas.pt
URL: https://viagens.melhores-ofertas.pt/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6800:10:84c9:4b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2052f86fd408bfc85c1862c0f4200a062e15cd67416bbb89d3768afebb5ca30d

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:02 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
last-modified
Mon, 17 Oct 2022 09:24:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"df34a26b01f0ea3510ea6b6c5cc766b2"
x-cache
Miss from cloudfront
content-type
image/jpeg
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
325434
x-amz-cf-id
jQaATGPFXyBCqS7lm0ZjUpRzxYRxEwN-QcIvYBaNEUFfFkBviV7caA==
99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test.json
cdn.cookielaw.org/consent/99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test/99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6bbbfda9db01579a22b6e6e97abf5f6566efde7e3f70f5085ec92356128de059
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-md5
iL+Wf7381kcNao1BIDA/Eg==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1624
x-ms-lease-status
unlocked
last-modified
Mon, 17 Oct 2022 08:24:28 GMT
server
cloudflare
etag
0x8DAB019028B50FE
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
63605bca-b01e-0169-070d-f9c11f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
76a94e5e2a4a69dc-MAD
clarity.js
www.clarity.ms/eus2-d/s/0.6.43/ 		54 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/eus2-d/s/0.6.43/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/e4cjuaowkf
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:01 GMT
last-modified
Wed, 01 Jun 2022 12:22:22 GMT
etag
"1d8f81aa942374c"
x-azure-ref
09btzYwAAAADfXRrXO534QKhg7ZmHX1ZqTUFEMzBFREdFMDUxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache
CONFIG_NOCACHE
content-type
application/javascript;charset=utf-8
cache-control
public,max-age=86400
accept-ranges
bytes
content-length
55116
request-context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		67 B
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://viagens.melhores-ofertas.pt/
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Tue, 15 Nov 2022 16:19:01 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
76a94e5f6cbd0402-MAD
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202209.2.0/ 		380 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c75c4c4d0aed145958afceb33a11e5d84c41343c718f93b77dfe4f4a9b85046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
e+e6AkPl94GL4uGcEXS00w==
age
61868
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
92877
x-ms-lease-status
unlocked
last-modified
Thu, 03 Nov 2022 15:58:07 GMT
server
cloudflare
etag
0x8DABDB4331C221B
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
b2cb511a-301e-00d6-27a4-ef933c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e5fe8a16601-MAD
pt.json
cdn.cookielaw.org/consent/99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test/574528dd-e1a7-4ca4-a44e-ec8c4c3a8a12/ 		109 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/99aad1ac-a88f-4ab5-8ccb-5c1db71884f1-test/574528dd-e1a7-4ca4-a44e-ec8c4c3a8a12/pt.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
353788decc303d9a765a5ed93c9155a63979b0f8c1fe00fe3496689fbc65686c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-md5
1wAylDWLEDhGJ+a1LbsbHQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
18425
x-ms-lease-status
unlocked
last-modified
Mon, 17 Oct 2022 08:24:31 GMT
server
cloudflare
etag
0x8DAB019045855D0
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ac906244-f01e-00e9-530d-f924e0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
cf-ray
76a94e607d9969dc-MAD
iab2Data.json
cdn.cookielaw.org/vendorlist/ 		361 KB
52 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/vendorlist/iab2Data.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f151bec240773e73407e7184be0ba23f913b7949373eb7df0f2b9997ea671217
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
10H8jxRiIwmVSUH2jCqs6Q==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
52755
x-ms-lease-status
unlocked
last-modified
Tue, 15 Nov 2022 01:18:43 GMT
server
cloudflare
etag
0x8DAC6A7561819D7
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7c57a896-401e-003c-3690-f86c3d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e607d9e69dc-MAD
otTCF.js
cdn.cookielaw.org/scripttemplates/202209.2.0/ 		68 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.2.0/otTCF.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BphJ9EE/ijJ8TdOj368daA==
age
57600
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
15011
x-ms-lease-status
unlocked
last-modified
Thu, 03 Nov 2022 15:58:06 GMT
server
cloudflare
etag
0x8DABDB43245B6A0
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a657c822-901e-0071-40bd-efaadf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e607a0b6601-MAD
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&RedC=c.clarity.ms&MXFR=20A55F298C196A323D964D748819646D
  • https://c.clarity.ms/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&MUID=16BCCAEA05256ECB31A7D8B7040E6F0C
42 B
369 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&MUID=16BCCAEA05256ECB31A7D8B7040E6F0C
Protocol
H2
Server
20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 15 Nov 2022 16:19:01 GMT
last-modified
Thu, 13 Oct 2022 20:07:05 GMT
server
Microsoft-IIS/10.0
etag
"40db785d3fdfd81:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Tue, 15 Nov 2022 16:19:01 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D3EB47400C18492684CC43F1F02F21B9 Ref B: MAD30EDGE0419 Ref C: 2022-11-15T16:19:02Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?CtsSyncId=7971E72084BF418BB5D0FC4CDDAEEB89&MUID=16BCCAEA05256ECB31A7D8B7040E6F0C
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
j.clarity.ms/ 		0
173 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://j.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-d/s/0.6.43/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://viagens.melhores-ofertas.pt/
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
https://viagens.melhores-ofertas.pt
date
Tue, 15 Nov 2022 16:19:01 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
vary
Origin
request-context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
otFlat.json
cdn.cookielaw.org/scripttemplates/202209.2.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.2.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
EeeTJseU5tDko7/qaeVjww==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3007
x-ms-lease-status
unlocked
last-modified
Thu, 03 Nov 2022 15:57:58 GMT
server
cloudflare
etag
0x8DABDB42D6FB08E
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
8b333310-901e-007a-06b0-efb2ab000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e621fb069dc-MAD
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202209.2.0/assets/v2/ 		61 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.2.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02aa8872f610a5b394f1d8fbc6abe0211e97f3d8a1e9dfd53aed7012977f7f0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
wDjFZLsL1Wx6P8H8iTOpGQ==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12523
x-ms-lease-status
unlocked
last-modified
Thu, 03 Nov 2022 15:58:00 GMT
server
cloudflare
etag
0x8DABDB42ED50167
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
93d6572d-001e-005d-17b0-ef28e2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e621fb169dc-MAD
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202209.2.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202209.2.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202209.2.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
087d847ee64707e372f572145600ecbcb13f2dd2382fd8962326f2fed03dd85d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oQsmwuIlJWH4cKDxpI1ltA==
x-ms-lease-status
unlocked
last-modified
Thu, 03 Nov 2022 15:58:11 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
b934a7da-a01e-0079-1b83-f5b1ac000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
76a94e621fb469dc-MAD
ot_logo.png
cdn.cookielaw.org/logos/static/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_logo.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61e7a7943f7444e87b2af6295044b34292a537a23dd3d9436886e3a2ccf620ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
8WyO+79CLtcTX81zrcTfgg==
age
56134
content-length
13077
x-ms-lease-status
unlocked
last-modified
Thu, 10 Nov 2022 22:15:48 GMT
server
cloudflare
etag
0x8DAC3691EBBC63B
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
a7397acf-a01e-00b5-266f-f5d519000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76a94e6369306601-MAD
poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://viagens.melhores-ofertas.pt/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 15 Nov 2022 16:19:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
LpuayL42jB78xRllx0vkOw==
age
61987
x-ms-lease-status
unlocked
last-modified
Thu, 10 Nov 2022 22:15:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
074aaaa4-201e-00a4-4568-f5e202000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
76a94e6369356601-MAD
collect
j.clarity.ms/ 		0
48 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://j.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/eus2-d/s/0.6.43/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://viagens.melhores-ofertas.pt/
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-origin
https://viagens.melhores-ofertas.pt
date
Tue, 15 Nov 2022 16:19:02 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
vary
Origin
request-context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| OptanonWrapper boolean| __INTLIFY_PROD_DEVTOOLS__ function| Inputmask boolean| __VUE__ function| clarity function| toggleFormFeedback object| glideInstance object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| __tcfapi object| otStubData object| otTCF object| otIabModule object| Optanon object| OneTrust

19 Cookies

Domain/Path Name / Value
eml.premiosfaceis.com/ Name: PHPSESSID
Value: lfqqpnqoskieq52q985qskgcp1
ho.leadsandads.com/ Name: enc_aff_session_1560
Value: ENC03f7003c33db3e74ebc3bf13b4cddaae3e985ad14503d33d629ab1e16bc5a42b00a7a0dc7876e5a3cd07ee86eb0c8e2eb8260f353dd6d5c5fe44367a80e874b121d3acbca8a9fdec24a1a9a1281e491fe922a62a38453617d8ad26b20cd977e0c9cb359181b5b92d33980868899e2283c580b0710dc27efe5eb3ffa1f255070a7982ad2f5c1dc4e278587225f03260e5d279afb0e68d76e802c964c91fa65f38a12852a71e
ho.leadsandads.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDciLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IFg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgTGlrZSBHZWNrbykgQ2hyb21lLzEwNy4wLjUzMDQuMTEwIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJlcy1FUyxlcztxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==
.metaffiliation.com/ Name: neta
Value: 72f2f3z47i3lviv7wp6yha96o72l
.metaffiliation.com/ Name: neta_ssc
Value: 72f2f3z47i3lviv7wp6yha96o72l
.metaffiliation.com/ Name: netases
Value: 72f2f3z47i3lviv7wp6yha96o72l
.metaffiliation.com/ Name: netases_ssc
Value: 72f2f3z47i3lviv7wp6yha96o72l
.metaffiliation.com/ Name: kwknc
Value: cp51205f552c2f1d1
.metaffiliation.com/ Name: kwknc_ssc
Value: cp51205f552c2f1d1
.metaffiliation.com/ Name: kwkncses
Value: cp51205f552c2f1d1
.metaffiliation.com/ Name: kwkncses_ssc
Value: cp51205f552c2f1d1
www.clarity.ms/ Name: CLID
Value: 14397bf6e3194539986c91c69a10b6fe.20221115.20231115
.melhores-ofertas.pt/ Name: _clck
Value: kt49p1|1|f6l|0
viagens.melhores-ofertas.pt/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Tue+Nov+15+2022+16%3A19%3A02+GMT%2B0000+(GMT)&version=202209.2.0&landingPath=https%3A%2F%2Fviagens.melhores-ofertas.pt%2F&groups=STACK42%3A0&hosts=&genVendors=
.melhores-ofertas.pt/ Name: _clsk
Value: 16nlykp|1668529142289|1|1|j.clarity.ms/collect
.c.bing.com/ Name: SRM_B
Value: 16BCCAEA05256ECB31A7D8B7040E6F0C
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 16BCCAEA05256ECB31A7D8B7040E6F0C
.c.clarity.ms/ Name: ANONCHK
Value: 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

action.metaffiliation.com
ajax.googleapis.com
c.bing.com
c.clarity.ms
cdn.cookielaw.org
eml.premiosfaceis.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
ho.leadsandads.com
j.clarity.ms
kwanko-backoffice.com
r.premiosfaceis.com
viagens.melhores-ofertas.pt
www.clarity.ms
20.234.93.27
20.85.30.134
212.83.36.145
2600:9000:206f:6800:10:84c9:4b80:93a1
2606:4700::6810:9540
2606:4700::6812:1a55
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:812::200a
2a00:1450:4001:827::200a
52.16.134.146
54.229.42.212
89.140.72.57
95.131.136.1
02aa8872f610a5b394f1d8fbc6abe0211e97f3d8a1e9dfd53aed7012977f7f0a
035287b7cc1d443bba9e336bf9831427d7f7a7cc313527135425ec2d4f2a2314
087d847ee64707e372f572145600ecbcb13f2dd2382fd8962326f2fed03dd85d
0dac91afa1e5ea647aa806540e1189970d8011f15e4fea02626c5722b0d9f810
0defdf6c5533476a877b2893ec3c747a16c8da7e76084c2490e797d902a30a29
0fc730589b791d954e506c4b222edb7c984a3d100d9f0246fc1a66aa83c027a1
14e4d1596c6b58896dfce1fc1ec45372bab4d2259ba82828fa3f96cc4f859fc4
1f94185bf320b088eb3c40b75de95ac8516680f4036bd287131b34f9c058146a
2052f86fd408bfc85c1862c0f4200a062e15cd67416bbb89d3768afebb5ca30d
20fc779279c50d048b096db2f7cd953ee4234598bdd99b97f7d8e498fa12ec68
2c75c4c4d0aed145958afceb33a11e5d84c41343c718f93b77dfe4f4a9b85046
353788decc303d9a765a5ed93c9155a63979b0f8c1fe00fe3496689fbc65686c
3b80f5f395576f88e9f54fea3de96988fb8ea6e17bed5187286b548a52c7c7c5
3ccfd8491a4f2101549ea6031091edc3616340f714216323f1f604f674749239
45fa80e28abd576438587fbb6b787ccecdda0cbcda9c5548927e67626451d42f
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
58fb4ef3e9f4e2bb388558592585d1791687d89fb796d839037ae608d205d471
61e7a7943f7444e87b2af6295044b34292a537a23dd3d9436886e3a2ccf620ca
6ab7ea76d345d140d650a4e517bd242d9103a9cb383db7c881aaffcd2905443a
6bbbfda9db01579a22b6e6e97abf5f6566efde7e3f70f5085ec92356128de059
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
877ecbbd5b72166885572b51c53df1f962db6267d379c7625d70bd1efe55456e
87fe2e83b1f00be60f1e8e3224ca8fdc5c7895378a029bca38f5f09f6682f798
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
ae8f43517c549da3946333286e32ef84e7c55fb18e3458fe975b5dddfb5573a5
b9c00ad6381ab1216b9852f9e1e228f9527d4aa82f7ade4745cdd45660df5482
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
c0735e67fc8b7311bcb0b41c89c40e353b301caf9a7fc43439c99453046f2aaa
c55ea34668c219f87f4498b841ec2a43931f911ff5653b4b8646ec13072330c1
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f151bec240773e73407e7184be0ba23f913b7949373eb7df0f2b9997ea671217
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fca47cae536b7f89b8f01527bde28b0932cafd8ad685796bad55b9feaa70cab8