news.promovacances.com Open in urlscan Pro
91.230.178.143 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMl...
Submission: On February 16 via api (February 16th 2023, 4:07:07 am UTC) from BE — Scanned from DE

Summary HTTP 31 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 6 domains to perform 31 HTTP transactions. The main IP is 91.230.178.143, located in Belgium and belongs to SELLIGENT Av. de Finlande 2, NL. The main domain is news.promovacances.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 12th 2022. Valid for: a year.

This is the only time news.promovacances.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	91.230.178.143 91.230.178.143	28836 (SELLIGENT...) (SELLIGENT Av. de Finlande 2)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
2 2	52.51.205.105 52.51.205.105	16509 (AMAZON-02) (AMAZON-02)
2	54.229.131.110 54.229.131.110	16509 (AMAZON-02) (AMAZON-02)
1	13.32.110.93 13.32.110.93	16509 (AMAZON-02) (AMAZON-02)
15	2606:4700::68... 2606:4700::6811:7a12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	178.33.46.193 178.33.46.193	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
31	7

1 91.230.178.143 (Belgium)

ASN28836 (SELLIGENT Av. de Finlande 2, NL)
PTR: webcpp143.slgnt.eu

news.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.205.105 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-205-105.eu-west-1.compute.amazonaws.com

ntf.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pntf.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.229.131.110 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-131-110.eu-west-1.compute.amazonaws.com

notify.adleadevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.110.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-93.vie50.r.cloudfront.net

www.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700::6811:7a12 (United States)

ASN13335 (CLOUDFLARENET, US)

karavel.slgnt.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.33.46.193 (France)

ASN16276 (OVH, FR)

static2.service-voyages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	slgnt.eu karavel.slgnt.eu	119 KB
10	service-voyages.com static2.service-voyages.com	413 KB
4	promovacances.com 2 redirects news.promovacances.com ntf.promovacances.com pntf.promovacances.com www.promovacances.com	139 KB
2	adleadevent.com notify.adleadevent.com — Cisco Umbrella Rank: 528892	1 KB
1	gstatic.com fonts.gstatic.com	31 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	973 B
31	6

	Domain	Requested by
15	karavel.slgnt.eu	news.promovacances.com
10	static2.service-voyages.com	news.promovacances.com
2	notify.adleadevent.com	news.promovacances.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.promovacances.com	news.promovacances.com
1	pntf.promovacances.com	1 redirects
1	ntf.promovacances.com	1 redirects
1	fonts.googleapis.com	news.promovacances.com
1	news.promovacances.com
31	9

This site contains no links.

Subject Issuer	Validity	Valid
news.promovacances.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-12` - `2023-11-11`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.promovacances.com Sectigo RSA Domain Validation Secure Server CA	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.slgnt.eu DigiCert TLS RSA SHA256 2020 CA1	`2022-09-19` - `2023-09-26`	a year	crt.sh
*.service-voyages.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-09` - `2023-07-10`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Frame ID: 9222E1E30316BB8CEDA37E6362F186FB
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Promovacances

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

31
Requests

94 %
HTTPS

38 %
IPv6

6
Domains

9
Subdomains

7
IPs

5
Countries

703 kB
Transfer

699 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://ntf.promovacances.com/notifyMail/open.html?u= HTTP 301
https://notify.adleadevent.com/notifyMail/open.html?u=

Request Chain 2

https://pntf.promovacances.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif HTTP 301
https://notify.adleadevent.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request optiextension.dll Show response
news.promovacances.com/optiext/ 134 KB
135 KB 204ms
73ms Document
text/html 91.230.178.143
SELLIGENT Av. de ...

General

Check archive.org

Show headers Download Go to

Full URL

https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

91.230.178.143 , Belgium, ASN28836 (SELLIGENT Av. de Finlande 2, NL),

Reverse DNS

webcpp143.slgnt.eu

Software

Resource Hash

91331803c192bde04b32ea23e439e5055ee4a87473207f0ccff1e619538addb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Tag: 10692
Content-Length: 137509
Content-Type: text/html; charset=UTF-8
Date: Thu, 16 Feb 2023 04:07:01 GMT
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubdomains
X-Xss-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
973 B 36ms
15ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d296d4c68b2c0f1d449153b50335214ed5f6abc1b3d0355ac99f5d7916972d1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 16 Feb 2023 04:07:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 03:33:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Feb 2023 04:07:01 GMT

GET
H/1.1

200
OK

open.html
notify.adleadevent.com/notifyMail/
Redirect Chain

https://ntf.promovacances.com/notifyMail/open.html?u=
https://notify.adleadevent.com/notifyMail/open.html?u=

43 B
347 B

205ms
31ms

Image
image/gif

54.229.131.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notify.adleadevent.com/notifyMail/open.html?u=
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: HTTP/1.1
Server: 54.229.131.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-131-110.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:07:02 GMT
Server: nginx/1.22.1
ETag: W/"2b-EasQqxCf21PZHURKx4EQH1pjYMY"
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 43
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://notify.adleadevent.com/notifyMail/open.html?u=
Date: Thu, 16 Feb 2023 04:07:01 GMT
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Length: 194
Content-Type: text/html

GET
H/1.1

200
OK

fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif
notify.adleadevent.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/
Redirect Chain

https://pntf.promovacances.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif
https://notify.adleadevent.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif

36 B
717 B

197ms
34ms

Image
image/gif

54.229.131.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notify.adleadevent.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: HTTP/1.1
Server: 54.229.131.110 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-131-110.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: c2c51d37fc23ec067ab80965bc97c2cac175427e67f6d07dbe9719e185b1f2a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Thu, 16 Feb 2023 04:07:02 GMT
Server: nginx/1.22.1
ETag: W/"24-PwjYgg2UeYzKk0YLjXV0y9SSxYE"
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 36
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: https://notify.adleadevent.com/content/ids_1651/s_3753/fmd_59CFCF9B15A3B94387FE5ABF42B51663/fsh_6c4f9cba4e6c36f92a04abf216fe24ea2ed24c23b175a850ec1cfa2d3b4e1732.gif
Date: Thu, 16 Feb 2023 04:07:02 GMT
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Length: 194
Content-Type: text/html

GET
H2 200 logo-pmvc.png
www.promovacances.com/v2/static/img/logos/ 4 KB
4 KB 257ms
37ms Image
image/avif 13.32.110.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.promovacances.com/v2/static/img/logos/logo-pmvc.png
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-93.vie50.r.cloudfront.net
Software: fasterize /
Resource Hash: 8cddad405371293125989f4d6ce4dba6c1b2c451aef38c0803fb4e1da1644271

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 03:52:36 GMT
via: 1.1 881b12332738e10f6e80298fbdcd7e8e.cloudfront.net (CloudFront)
x-unique-id: 30db1975ee205537984ad40942476dc0
last-modified: Fri, 23 Dec 2022 14:05:10 GMT
x-fstrz: o,c
server: fasterize
x-amz-cf-pop: VIE50-C2
age: 866
x-cache: Hit from cloudfront
content-type: image/avif
cache-control: max-age=3600
content-length: 4095
x-gen-id: f3d4771406676e83786209de9ccf1255
x-amz-cf-id: 6v8pZVsxMHX1NFTGNhvXK96zdhIU6KbIOdn3QCRaQ5zcXP58ZgsqsQ==

GET
H2 200 Sejours_Moins_500_OP_PMVC_NL_600x180.jpg
karavel.slgnt.eu/images/pmvc/Thematique/2022/10_Octobre/ 39 KB
39 KB 97ms
37ms Image
image/jpeg 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/Thematique/2022/10_Octobre/Sejours_Moins_500_OP_PMVC_NL_600x180.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1682d59900b5432d7ed4b35e77af1f680b9a9ecfb6093b3c77d2b4f171f752a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: REVALIDATED
cf-polished: origSize=42771
content-length: 39944
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 24 Oct 2022 14:20:56 GMT
server: cloudflare
etag: "26acc9d4b3e7d81:0"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b4830f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 formulaire.jpg
karavel.slgnt.eu/images/pmvc/BadSender_template/ 7 KB
7 KB 76ms
16ms Image
image/jpeg 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/formulaire.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

138bd1cf598c49599d29027c9c80353794af62b585c166828f92077940a3f70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 7134
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:37:38 GMT
server: cloudflare
etag: "ac5ca745e573d71:0"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b4930f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 formulaire_mobile.jpg
karavel.slgnt.eu/images/pmvc/BadSender_template/ 6 KB
6 KB 78ms
19ms Image
image/jpeg 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/formulaire_mobile.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12a8d17b2d8dcd3d613e7c0f50e0b259987f232ef19db5ed9893761d5420c0a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 633
cf-polished: status=not_needed
content-length: 5689
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:37:38 GMT
server: cloudflare
etag: "34f8b045e573d71:0"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b4a30f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 sejour_491229_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 45 KB
45 KB 309ms
39ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_491229_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: a50fa3024b4ddc7fd42fa8dc83bf7ba27b308bbfdafa29ba0e5b460b5a521940

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 15 Dec 2021 15:16:05 GMT
server: nginx
age: 15529
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 46116
x-lb: lb56

GET
H2 200 sejour_585873_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 27 KB
27 KB 310ms
39ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_585873_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 1ac812569c1666238765a78516fd79cce676c6d1db4cf5c1c8870f8e95b908c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 29 Jun 2022 06:05:52 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 27488
x-lb: lb56

GET
H2 200 sejour_585498_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 46 KB
46 KB 296ms
39ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_585498_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6c5b2cb4198f3e3cee12dd2523b8bf8310fba2a0fb4be76a89d9c6413dd7c08e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Tue, 28 Jun 2022 06:05:43 GMT
server: nginx
age: 15526
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 47314
x-lb: lb56

GET
H2 200 sejour_511092_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 53 KB
54 KB 296ms
39ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_511092_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2fd6cef44398f3f29b1341132c5d63c25d45b1a67e7dfdab7c1ced25a093b292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 15 Dec 2021 15:18:19 GMT
server: nginx
age: 15530
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 54780
x-lb: lb56

GET
H2 200 sejour_483104_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 46 KB
46 KB 233ms
26ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_483104_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 00ba23826fdf6cf0c877ce16b5260e3bcf4cc188e2c9c3dbe7e82b6f574dc541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 15 Dec 2021 15:14:24 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 47215
x-lb: lb56

GET
H2 200 sejour_554501_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 28 KB
28 KB 247ms
40ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_554501_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 6e9830453b1eedd4e08af96e5ad1523e7cde79d62a0a8754503c6ac946b84c4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Mon, 31 Jan 2022 13:02:19 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 28275
x-lb: lb56

GET
H2 200 sejour_569411_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 45 KB
45 KB 37ms
37ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_569411_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 7427a7df2a7370b565bad6136ae5043c51c8033fc5076f63d11c0d13842e9d93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 23 Mar 2022 07:06:51 GMT
server: nginx
age: 15526
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 46048
x-lb: lb56

GET
H2 200 sejour_569832_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 26 KB
26 KB 38ms
37ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_569832_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: b95f9c275e5b03d8657baa88c02b3db21509296fcd31cc4fb52e5a1380f69862

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Thu, 24 Mar 2022 07:05:55 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 26810
x-lb: lb56

GET
H2 200 sejour_578642_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 61 KB
62 KB 38ms
37ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_578642_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 444aea52bbafe71041c1af3cdc839826866738da9fae4ecb011695b0f77abc63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Thu, 12 May 2022 06:06:01 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 62778
x-lb: lb56

GET
H2 200 sejour_514102_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 33 KB
33 KB 38ms
38ms Image
image/jpeg 178.33.46.193
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_514102_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=v32vZfwkCru7hijVdhXhaKtiqqAtO9Jo6fUI8rDF4nO1hR5L8eFL5jCRp3GfhDgeBMlWxoohKTY45rWN5nFlaqmy2cyDzvqaqkG%2BGr1C
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 178.33.46.193 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: d6305113fdc3f0019f3b0135abe02d2ff01b7e82170d91ed46f448da18c959bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Thu, 16 Feb 2023 04:07:02 GMT
via: RPX07-H
last-modified: Wed, 15 Dec 2021 15:18:46 GMT
server: nginx
age: 15524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 33397
x-lb: lb56

GET
H2 200 slicA.jpg
karavel.slgnt.eu/images/pmvc/concours/ 23 KB
23 KB 18ms
17ms Image
image/jpeg 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/concours/slicA.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a30fd7419e19b184dedc0d170e7e6fbdd32bab04eabe4c0ed17a4505786e237

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: origSize=23988
content-length: 23332
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 13 Feb 2023 13:02:21 GMT
server: cloudflare
etag: "10b7c868ab3fd91:0"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b4e30f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 slicB.jpg
karavel.slgnt.eu/images/pmvc/concours/ 34 KB
35 KB 19ms
18ms Image
image/jpeg 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/concours/slicB.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f560f0180206b0d992acd7a049785a233e1b2488d993641a4aee26a39817f27c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: origSize=35418
content-length: 35310
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 13 Feb 2023 13:02:21 GMT
server: cloudflare
etag: "6acfe268ab3fd91:0"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5030f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reassurance_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 509 B
592 B 23ms
22ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_01.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 509
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "72eae3c8e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5130f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reassurance_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 835 B
949 B 17ms
16ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_02.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 835
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "e278eac8e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5230f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reassurance_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 1 KB
2 KB 27ms
26ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_03.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 1485
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "3c46f0c8e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5330f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reassurance_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 2 KB
2 KB 26ms
24ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_04.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 2080
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "9ac4f5c8e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5430f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 422 B
504 B 24ms
23ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_01.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 422
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "c288ffc8e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5630f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 515 B
597 B 24ms
23ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_02.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 515
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "e6739c9e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5730f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 569 B
652 B 27ms
26ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_03.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 569
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "ae6211c9e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5830f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 566 B
649 B 25ms
24ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_04.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 566
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
server: cloudflare
etag: "b8451fc9e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5930f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_05.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 622 B
704 B 26ms
25ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_05.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 622
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:19 GMT
server: cloudflare
etag: "58ba28c9e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5a30f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 reseau_06.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 510 B
615 B 26ms
25ms Image
image/png 2606:4700::6811:7a12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_06.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 04:07:01 GMT
strict-transport-security: max-age=31536000; includeSubdomains
cf-cache-status: HIT
age: 632
cf-polished: status=not_needed
content-length: 510
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 08 Jul 2021 10:41:19 GMT
server: cloudflare
etag: "16bc31c9e573d71:0"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 79a369fc8b5c30f4-FRA
expires: Thu, 16 Feb 2023 04:37:01 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
31 KB 81ms
20ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://news.promovacances.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 20:35:57 GMT
x-content-type-options: nosniff
age: 113464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 20:35:57 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.adleadevent.com/	1970-01-20 19:09:22	Name: adtrck_st[1651] Value: eyJpZHMiOjE2NTEsInMiOiIzNzUzIiwiaGFzaCI6IjU5Q0ZDRjlCMTVBM0I5NDM4N0ZFNUFCRjQyQjUxNjYzIiwiaGFzaDI1NiI6IjZjNGY5Y2JhNGU2YzM2ZjkyYTA0YWJmMjE2ZmUyNGVhMmVkMjRjMjNiMTc1YTg1MGVjMWNmYTJkM2I0ZTE3MzIiLCJjcmVhdGVkIjoiMjAyMy0wMi0xNiAwNDowNzowMiIsImlkY3RyIjoxfQ%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
karavel.slgnt.eu
news.promovacances.com
notify.adleadevent.com
ntf.promovacances.com
pntf.promovacances.com
static2.service-voyages.com
www.promovacances.com
13.32.110.93
178.33.46.193
2606:4700::6811:7a12
2a00:1450:4001:809::200a
2a00:1450:400d:80a::2003
52.51.205.105
54.229.131.110
91.230.178.143
00ba23826fdf6cf0c877ce16b5260e3bcf4cc188e2c9c3dbe7e82b6f574dc541
05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0
12a8d17b2d8dcd3d613e7c0f50e0b259987f232ef19db5ed9893761d5420c0a6
138bd1cf598c49599d29027c9c80353794af62b585c166828f92077940a3f70d
1a30fd7419e19b184dedc0d170e7e6fbdd32bab04eabe4c0ed17a4505786e237
1ac812569c1666238765a78516fd79cce676c6d1db4cf5c1c8870f8e95b908c2
1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2
1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20
2fd6cef44398f3f29b1341132c5d63c25d45b1a67e7dfdab7c1ced25a093b292
444aea52bbafe71041c1af3cdc839826866738da9fae4ecb011695b0f77abc63
4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771
56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab
6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75
6c5b2cb4198f3e3cee12dd2523b8bf8310fba2a0fb4be76a89d9c6413dd7c08e
6e9830453b1eedd4e08af96e5ad1523e7cde79d62a0a8754503c6ac946b84c4c
7427a7df2a7370b565bad6136ae5043c51c8033fc5076f63d11c0d13842e9d93
78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a
8cddad405371293125989f4d6ce4dba6c1b2c451aef38c0803fb4e1da1644271
91331803c192bde04b32ea23e439e5055ee4a87473207f0ccff1e619538addb0
a50fa3024b4ddc7fd42fa8dc83bf7ba27b308bbfdafa29ba0e5b460b5a521940
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
b1682d59900b5432d7ed4b35e77af1f680b9a9ecfb6093b3c77d2b4f171f752a
b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9
b95f9c275e5b03d8657baa88c02b3db21509296fcd31cc4fb52e5a1380f69862
c2c51d37fc23ec067ab80965bc97c2cac175427e67f6d07dbe9719e185b1f2a5
d296d4c68b2c0f1d449153b50335214ed5f6abc1b3d0355ac99f5d7916972d1e
d6305113fdc3f0019f3b0135abe02d2ff01b7e82170d91ed46f448da18c959bf
dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596
f560f0180206b0d992acd7a049785a233e1b2488d993641a4aee26a39817f27c
fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643

news.promovacances.com Open in urlscan Pro 91.230.178.143 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

31 Requests

94 %HTTPS

38 %IPv6

6 Domains

9 Subdomains

7 IPs

5 Countries

703 kBTransfer

699 kBSize

1 Cookies

0 Outgoing links

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

news.promovacances.com Open in urlscan Pro
91.230.178.143 Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

94 %
HTTPS

38 %
IPv6

6
Domains

9
Subdomains

7
IPs

5
Countries

703 kB
Transfer

699 kB
Size

1
Cookies

31 HTTP transactions
0 data transactions