urlscan.io logo urlscan.io
SecurityTrails logo

news.promovacances.com Open in urlscan Pro
91.230.178.143  Public Scan

Go To Rescan Add Verdict Report
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGN...
Submission: On April 19 via api from SE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 26 HTTP transactions. The main IP is 91.230.178.143, located in Belgium and belongs to SENTIA, NL. The main domain is news.promovacances.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 21st 2021. Valid for: a year.
This is the only time news.promovacances.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 91.230.178.143 8315 (SENTIA)
1 2a00:1450:400... 15169 (GOOGLE)
1 193.46.206.3 29301 (KARAVEL-AS)
12 2606:4700::68... 13335 (CLOUDFLAR...)
10 195.149.66.18 29301 (KARAVEL-AS)
1 2a00:1450:400... 15169 (GOOGLE)
26 6
1    91.230.178.143 (Belgium)

ASN8315 (SENTIA, NL)
PTR: webcpp143.slgnt.eu
news.promovacances.com
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    193.46.206.3 (Aulnay-sous-Bois, France)

ASN29301 (KARAVEL-AS, FR)
www.promovacances.com
12    2606:4700::6811:7a12 (United States)

ASN13335 (CLOUDFLARENET, US)
karavel.slgnt.eu
10    195.149.66.18 (France)

ASN29301 (KARAVEL-AS, FR)
static2.service-voyages.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
12 slgnt.eu
karavel.slgnt.eu
106 KB
10 service-voyages.com
static2.service-voyages.com
439 KB
2 promovacances.com
news.promovacances.com
www.promovacances.com — Cisco Umbrella Rank: 820408
156 KB
1 gstatic.com
fonts.gstatic.com
31 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
26 5
Domain Requested by
12 karavel.slgnt.eu news.promovacances.com
10 static2.service-voyages.com news.promovacances.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.promovacances.com news.promovacances.com
1 fonts.googleapis.com news.promovacances.com
1 news.promovacances.com
26 6

This site contains no links.

Subject Issuer Validity Valid
news.promovacances.com
Sectigo RSA Domain Validation Secure Server CA		 2021-10-21 -
2022-10-23		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh
*.promovacances.com
Sectigo RSA Domain Validation Secure Server CA		 2020-07-08 -
2022-08-06		 2 years crt.sh
*.slgnt.eu
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-02 -
2022-09-23		 a year crt.sh
*.service-voyages.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-17 -
2022-07-09		 2 years crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Frame ID: 8BA66C379916C0159EB97CCD377F19E9
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Promovacances

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

26
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

733 kB
Transfer

730 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request optiextension.dll
news.promovacances.com/optiext/ 		148 KB
148 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
91.230.178.143 , Belgium, ASN8315 (SENTIA, NL),
Reverse DNS
webcpp143.slgnt.eu
Software
/
Resource Hash
dfe79904ff32a64343e1a2986a31e72bee23327309b6d55f9d1dfc2e3e09f472
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Tag
10692
Content-Length
151663
Content-Type
text/html; charset=UTF-8
Date
Tue, 19 Apr 2022 07:08:35 GMT
Referrer-Policy
strict-origin
Strict-Transport-Security
max-age=31536000; includeSubdomains
X-Xss-Protection
1; mode=block
css2
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
14d8bb1713827daa61294574499215b53d9fcae6d860b838cce28ccbc553c7bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 06:34:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 19 Apr 2022 07:08:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 19 Apr 2022 07:08:35 GMT
logo-pmvc.png
www.promovacances.com/v2/static/img/logos/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.promovacances.com/v2/static/img/logos/logo-pmvc.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
7474980e225d0426c9b8bf4da83050641ba808ea13e965f2d7db18ab81891fb5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.84.69%10,10570
date
Tue, 19 Apr 2022 07:08:35 GMT
via
RPX04-H
last-modified
Thu, 14 Apr 2022 15:57:52 GMT
server
nginx
age
3582
vary
X-Forwarded-Proto
content-type
image/png
cache-control
max-age=3600
content-length
7391
accept-ranges
bytes
x-device
desktop
x-lb
lb56
NL_le_top_promos_du_moment_PMVC_vgn.jpg
karavel.slgnt.eu/images/pmvc/PRMPGi/ 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/PRMPGi/NL_le_top_promos_du_moment_PMVC_vgn.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68478ef878c4ecf57fc0d2eb5570006849bfef0891dc26a0b130a6d26b7aaa54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
177
cf-polished
origSize=62490
last-modified
Tue, 06 Jul 2021 14:17:17 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
60716
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"aed37a07172d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ccc368ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
sejour_532772_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_532772_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
97b59f9001ae8461529173ba7b3643557ef4e761576f7d475ca7c6f61016fc70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.93%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:37:31 GMT
server
nginx
age
339635
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
48586
x-lb
lb56
sejour_553771_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_553771_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
97f290e4ef95219bc4f6085f5da24572612f159ca2a1a2de8bfe221e152cf9c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:44:21 GMT
server
nginx
age
339630
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
42744
x-lb
lb56
sejour_551805_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		33 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_551805_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
2dba01501300e985cb1731f94e3301a653b54eeee2e3ef2799f57e9d7d7e692d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:39:14 GMT
server
nginx
age
339635
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
33626
x-lb
lb56
sejour_492171_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_492171_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
deb9f78612aa43b69e972ac8fb246e3eeced85f59f548e109423699b733dd04a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:16:15 GMT
server
nginx
age
339635
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
57390
x-lb
lb56
sejour_527382_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_527382_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
4be8237b1d09b009220dd02bef54f81bd63a5e2aebfba4ee640aee656ec2be0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.93%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:20:32 GMT
server
nginx
age
339618
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
35026
x-lb
lb56
sejour_554908_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_554908_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
a3ef72dc8f56ddab1879f4d0d1753fad35926680ae58ee91d881e52f379c2fa0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:34:37 GMT
server
nginx
age
339498
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
22612
x-lb
lb56
sejour_513964_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_513964_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
bc57bd62a2e5f70e59da754dea482df895551284587609359f24cc32976d1dae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:18:45 GMT
server
nginx
age
339635
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
74484
x-lb
lb56
sejour_495909_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_495909_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
86efe5fc9900b088d20f0b1bda861c2706b64c2816d74bcc2f3b8a6ed4a08f47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:16:53 GMT
server
nginx
age
339635
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
53198
x-lb
lb56
sejour_508369_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_508369_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
3172503640aa095a03213896fd18208d6bdacd16f243802f6fb7357d3edda29b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.93%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 15:18:02 GMT
server
nginx
age
339498
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
25034
x-lb
lb56
sejour_477194_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.service-voyages.com/photos/vacances/voyage/sejour_477194_pgbighdnl.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.149.66.18 , France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software
nginx /
Resource Hash
fb82b868b2f7332d0e6be5a1a9e52ef14cd023b2dc8fd2fead91578e1b2841c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl
10.12.24.92%10,80
date
Tue, 19 Apr 2022 07:08:42 GMT
via
RPX08-H
last-modified
Wed, 15 Dec 2021 14:42:35 GMT
server
nginx
age
339606
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
54493
x-lb
lb56
Vacances_de_Printemps_NL_600x180.jpg
karavel.slgnt.eu/images/pmvc/Thematique/2022/04_Avril/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/Thematique/2022/04_Avril/Vacances_de_Printemps_NL_600x180.jpg
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade9fbba9e040d7a5c2ea89cb9165b975b383f47c458003b8906019fb2f17e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
236
cf-polished
origSize=42152
last-modified
Wed, 06 Apr 2022 16:05:04 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
37916
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"382c1614d049d81:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ccc768ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reassurance_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		509 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_01.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
509
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"72eae3c8e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ccc668ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reassurance_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		835 B
919 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_02.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
835
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"e278eac8e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed0a68ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reassurance_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_03.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
1485
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"3c46f0c8e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed0d68ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reassurance_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_04.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
2080
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"9ac4f5c8e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1168ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		422 B
505 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_01.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
422
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"c288ffc8e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1368ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		515 B
598 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_02.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
515
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"e6739c9e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1468ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		569 B
653 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_03.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
569
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"ae6211c9e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1668ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		566 B
650 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_04.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
566
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"b8451fc9e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1868ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_05.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		622 B
705 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_05.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
622
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"58ba28c9e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1968ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
reseau_06.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 		510 B
616 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_06.png
Requested by
Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=kOPkPDeKos7BzNjt5TRC9FD6P+uEUP+0iknMqpKxqhLFR3_6INTBhDgKwTvxxuBPkGNlN41CBF4qh2QeCOMEDot7R9dDR7petqCM8Mkc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:7a12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://news.promovacances.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 19 Apr 2022 07:08:35 GMT
cf-cache-status
HIT
age
1510
cf-polished
status=not_needed
last-modified
Thu, 08 Jul 2021 10:41:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-length
510
x-xss-protection
1; mode=block
referrer-policy
strict-origin
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"16bc31c9e573d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=1800
accept-ranges
bytes
cf-ray
6fe3cf52ed1a68ec-FRA
expires
Tue, 19 Apr 2022 07:38:35 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://news.promovacances.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 12 Apr 2022 11:55:47 GMT
x-content-type-options
nosniff
age
587568
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 12 Apr 2023 11:55:47 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
karavel.slgnt.eu
news.promovacances.com
static2.service-voyages.com
www.promovacances.com
193.46.206.3
195.149.66.18
2606:4700::6811:7a12
2a00:1450:4001:810::200a
2a00:1450:4001:82b::2003
91.230.178.143
05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0
14d8bb1713827daa61294574499215b53d9fcae6d860b838cce28ccbc553c7bd
1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2
1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20
2dba01501300e985cb1731f94e3301a653b54eeee2e3ef2799f57e9d7d7e692d
3172503640aa095a03213896fd18208d6bdacd16f243802f6fb7357d3edda29b
4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771
4be8237b1d09b009220dd02bef54f81bd63a5e2aebfba4ee640aee656ec2be0f
56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab
6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75
68478ef878c4ecf57fc0d2eb5570006849bfef0891dc26a0b130a6d26b7aaa54
7474980e225d0426c9b8bf4da83050641ba808ea13e965f2d7db18ab81891fb5
78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a
86efe5fc9900b088d20f0b1bda861c2706b64c2816d74bcc2f3b8a6ed4a08f47
97b59f9001ae8461529173ba7b3643557ef4e761576f7d475ca7c6f61016fc70
97f290e4ef95219bc4f6085f5da24572612f159ca2a1a2de8bfe221e152cf9c0
a3ef72dc8f56ddab1879f4d0d1753fad35926680ae58ee91d881e52f379c2fa0
ade9fbba9e040d7a5c2ea89cb9165b975b383f47c458003b8906019fb2f17e8f
b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9
bc57bd62a2e5f70e59da754dea482df895551284587609359f24cc32976d1dae
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596
deb9f78612aa43b69e972ac8fb246e3eeced85f59f548e109423699b733dd04a
dfe79904ff32a64343e1a2986a31e72bee23327309b6d55f9d1dfc2e3e09f472
fb82b868b2f7332d0e6be5a1a9e52ef14cd023b2dc8fd2fead91578e1b2841c9
fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643