news.promovacances.com Open in urlscan Pro
91.230.178.143 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblT...
Submission: On April 19 via api (April 19th 2022, 7:07:44 am UTC) from SE — Scanned from DE

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 28 HTTP transactions. The main IP is 91.230.178.143, located in Belgium and belongs to SENTIA, NL. The main domain is news.promovacances.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 21st 2021. Valid for: a year.

This is the only time news.promovacances.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	91.230.178.143 91.230.178.143	8315 (SENTIA) (SENTIA)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	193.46.206.2 193.46.206.2	29301 (KARAVEL-AS) (KARAVEL-AS)
14	2606:4700::68... 2606:4700::6811:7912	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	193.46.206.3 193.46.206.3	29301 (KARAVEL-AS) (KARAVEL-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
28	6

1 91.230.178.143 (Belgium)

ASN8315 (SENTIA, NL)
PTR: webcpp143.slgnt.eu

news.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.46.206.2 (Aulnay-sous-Bois, France)

ASN29301 (KARAVEL-AS, FR)

www.promovacances.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6811:7912 (United States)

ASN13335 (CLOUDFLARENET, US)

karavel.slgnt.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 193.46.206.3 (Aulnay-sous-Bois, France)

ASN29301 (KARAVEL-AS, FR)

static2.service-voyages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	slgnt.eu karavel.slgnt.eu	138 KB
10	service-voyages.com static2.service-voyages.com	570 KB
2	promovacances.com news.promovacances.com www.promovacances.com — Cisco Umbrella Rank: 820408	154 KB
1	gstatic.com fonts.gstatic.com	31 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	1 KB
28	5

	Domain	Requested by
14	karavel.slgnt.eu	news.promovacances.com
10	static2.service-voyages.com	news.promovacances.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.promovacances.com	news.promovacances.com
1	fonts.googleapis.com	news.promovacances.com
1	news.promovacances.com
28	6

This site contains no links.

Subject Issuer	Validity	Valid
news.promovacances.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-21` - `2022-10-23`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.promovacances.com Sectigo RSA Domain Validation Secure Server CA	`2020-07-08` - `2022-08-06`	2 years	crt.sh
*.slgnt.eu DigiCert TLS RSA SHA256 2020 CA1	`2021-09-02` - `2022-09-23`	a year	crt.sh
*.service-voyages.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-17` - `2022-07-09`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Frame ID: 5129AD0037100106D7D4D0145F5535EE
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Promovacances

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

28
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

894 kB
Transfer

891 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request optiextension.dll Show response
news.promovacances.com/optiext/ 147 KB
147 KB 360ms
177ms Document
text/html 91.230.178.143
SENTIA

General

Check archive.org

Show headers Download Go to

Full URL

https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

91.230.178.143 , Belgium, ASN8315 (SENTIA, NL),

Reverse DNS

webcpp143.slgnt.eu

Software

Resource Hash

74c9a003ddc5d32aaf08a3d625e51b2d2de510b2432e3fa17c072055cf668e1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Tag: 10692
Content-Length: 150273
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Apr 2022 07:07:38 GMT
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubdomains
X-Xss-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
1 KB 38ms
16ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

14d8bb1713827daa61294574499215b53d9fcae6d860b838cce28ccbc553c7bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 07:04:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 19 Apr 2022 07:07:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 19 Apr 2022 07:07:39 GMT

GET
H2 200 logo-pmvc.png
www.promovacances.com/v2/static/img/logos/ 7 KB
7 KB 76ms
24ms Image
image/png 193.46.206.2
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.promovacances.com/v2/static/img/logos/logo-pmvc.png
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.2 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 7474980e225d0426c9b8bf4da83050641ba808ea13e965f2d7db18ab81891fb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.84.73%10,10570
date: Tue, 19 Apr 2022 07:07:38 GMT
via: RPX03-H
last-modified: Thu, 14 Apr 2022 15:57:52 GMT
server: nginx
age: 247
vary: X-Forwarded-Proto
content-type: image/png
cache-control: max-age=3600
content-length: 7391
accept-ranges: bytes
x-device: desktop
x-lb: lb56

GET
H2 200 NL_DM_17_03.jpg
karavel.slgnt.eu/images/pmvc/DM/2022/ 78 KB
79 KB 89ms
35ms Image
image/jpeg 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/DM/2022/NL_DM_17_03.jpg

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3a5f4326006d47056d523ff70c18ce3477675b87bfb9e238ea3d4685844c22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 1347
cf-polished: origSize=83256
last-modified: Thu, 17 Mar 2022 15:49:02 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 80359
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "663a7286163ad81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf258eb01f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 formulaire.jpg
karavel.slgnt.eu/images/pmvc/BadSender_template/ 7 KB
7 KB 79ms
26ms Image
image/jpeg 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/formulaire.jpg

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

138bd1cf598c49599d29027c9c80353794af62b585c166828f92077940a3f70d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 280
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:37:38 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 7134
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ac5ca745e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf258ef01f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 formulaire_mobile.jpg
karavel.slgnt.eu/images/pmvc/BadSender_template/ 6 KB
6 KB 81ms
28ms Image
image/jpeg 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/formulaire_mobile.jpg

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12a8d17b2d8dcd3d613e7c0f50e0b259987f232ef19db5ed9893761d5420c0a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 280
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:37:38 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 5689
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "34f8b045e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf258f201f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 sejour_TERXXX101707601_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 109 KB
109 KB 491ms
72ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_TERXXX101707601_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 1789b37f39418f02c7778fdc732ec3080d9119e43e4610a659d5beaa223d072e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:32:52 GMT
server: nginx
age: 339501
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 111734
x-lb: lb56

GET
H2 200 sejour_TERXXX102648801_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 116 KB
116 KB 490ms
71ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_TERXXX102648801_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 5b90a304403462b89a03a5f39018c70243a09978b63ea30d3fd93ab7f1bb4443

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:49:24 GMT
server: nginx
age: 339603
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 118693
x-lb: lb56

GET
H2 200 sejour_477194_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 53 KB
53 KB 489ms
71ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_477194_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: fb82b868b2f7332d0e6be5a1a9e52ef14cd023b2dc8fd2fead91578e1b2841c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 14:42:35 GMT
server: nginx
age: 339635
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 54493
x-lb: lb56

GET
H2 200 sejour_539386_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 44 KB
44 KB 489ms
72ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_539386_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: ad4bb7ad676d00ae0102774b4c87953a72b1f27c77c57591a7ab64e1f8d75717

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:34:48 GMT
server: nginx
age: 339524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 44574
x-lb: lb56

GET
H2 200 sejour_483104_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 46 KB
46 KB 440ms
47ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_483104_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 00ba23826fdf6cf0c877ce16b5260e3bcf4cc188e2c9c3dbe7e82b6f574dc541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:14:24 GMT
server: nginx
age: 339249
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 47215
x-lb: lb56

GET
H2 200 sejour_560554_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 29 KB
29 KB 463ms
71ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_560554_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: 4fc7c20bfd47111fc7c6418e4e5d32abff9aca50d578dfe73c23b679dba3fc91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.93%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Mon, 31 Jan 2022 12:09:06 GMT
server: nginx
age: 339501
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 29575
x-lb: lb56

GET
H2 200 sejour_553842_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 34 KB
34 KB 49ms
48ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_553842_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: df6cdd53b5e1a5ca287d6c439865eeaed6c3cc1c99ea77bba4369af0adb31ba4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:36:46 GMT
server: nginx
age: 339626
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 34764
x-lb: lb56

GET
H2 200 sejour_520258_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 45 KB
46 KB 48ms
47ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_520258_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: d8984d27d8b6a81d70138e89dfbb1ba09565c87b66b6784645d18704e41004d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:19:29 GMT
server: nginx
age: 339220
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 46525
x-lb: lb56

GET
H2 200 sejour_532127_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 51 KB
51 KB 70ms
69ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_532127_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: d962773f1c62358c22e35d0c24cdee3f86158457ab3d4fda1420f7d23bb2a966

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Wed, 15 Dec 2021 15:31:29 GMT
server: nginx
age: 339524
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 52399
x-lb: lb56

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 30 KB
31 KB 34ms
8ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@500;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://news.promovacances.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 11:55:47 GMT
x-content-type-options: nosniff
age: 587512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Apr 2023 11:55:47 GMT

GET
H2 200 sejour_564582_pgbighdnl.jpg
static2.service-voyages.com/photos/vacances/voyage/ 40 KB
40 KB 69ms
69ms Image
image/jpeg 193.46.206.3
KARAVEL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static2.service-voyages.com/photos/vacances/voyage/sejour_564582_pgbighdnl.jpg
Requested by: Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.46.206.3 Aulnay-sous-Bois, France, ASN29301 (KARAVEL-AS, FR),
Reverse DNS
Software: nginx /
Resource Hash: e1b022e9816bb9232d658f03a9817615b53ad86700b31510807f5ef8fe26e57a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-krvl: 10.12.24.92%10,80
date: Tue, 19 Apr 2022 07:07:39 GMT
via: RPX04-H
last-modified: Sat, 19 Feb 2022 07:07:49 GMT
server: nginx
age: 339605
content-type: image/jpeg
cache-control: max-age=864000
accept-ranges: bytes
content-length: 41211
x-lb: lb56

GET
H2 200 Vacances_de_Printemps_NL_600x180.jpg
karavel.slgnt.eu/images/pmvc/Thematique/2022/04_Avril/ 37 KB
37 KB 40ms
38ms Image
image/jpeg 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/Thematique/2022/04_Avril/Vacances_de_Printemps_NL_600x180.jpg

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ade9fbba9e040d7a5c2ea89cb9165b975b383f47c458003b8906019fb2f17e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 1794
cf-polished: origSize=42152
last-modified: Wed, 06 Apr 2022 16:05:04 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 37916
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "382c1614d049d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2893101f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reassurance_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 509 B
593 B 32ms
30ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_01.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 509
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "72eae3c8e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2893301f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reassurance_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 835 B
954 B 29ms
26ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_02.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 835
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "e278eac8e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2893701f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reassurance_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 1 KB
2 KB 36ms
34ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_03.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 1485
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "3c46f0c8e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2993d01f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reassurance_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 2 KB
2 KB 29ms
27ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reassurance_04.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 2080
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "9ac4f5c8e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2993e01f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_01.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 422 B
505 B 29ms
28ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_01.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 422
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "c288ffc8e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2993f01f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_02.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 515 B
598 B 30ms
28ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_02.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 515
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "e6739c9e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2994001f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_03.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 569 B
653 B 33ms
31ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_03.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 569
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "ae6211c9e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2994201f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_04.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 566 B
650 B 29ms
28ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_04.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:18 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 566
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "b8451fc9e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2994301f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_05.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 622 B
728 B 28ms
27ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_05.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:19 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 622
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "58ba28c9e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2994401f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

GET
H2 200 reseau_06.png
karavel.slgnt.eu/images/pmvc/BadSender_template/ 510 B
593 B 34ms
34ms Image
image/png 2606:4700::6811:7912
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://karavel.slgnt.eu/images/pmvc/BadSender_template/reseau_06.png

Requested by

Host: news.promovacances.com
URL: https://news.promovacances.com/optiext/optiextension.dll?ID=gKLgNSaxXVaCPkFtoYXng8fY+wN1T1lUfNdauqKSabLBD7S2oKsAOWwBHsMc+rsJblTatSohSJGGthNs9fzwDKAocskwF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7912 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.promovacances.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 07:07:39 GMT
cf-cache-status: HIT
age: 555
cf-polished: status=not_needed
last-modified: Thu, 08 Jul 2021 10:41:19 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-length: 510
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "16bc31c9e573d71:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 6fe3cdf2995301f8-ZRH
expires: Tue, 19 Apr 2022 07:37:39 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
karavel.slgnt.eu
news.promovacances.com
static2.service-voyages.com
www.promovacances.com
193.46.206.2
193.46.206.3
2606:4700::6811:7912
2a00:1450:4001:810::200a
2a00:1450:4001:82b::2003
91.230.178.143
00ba23826fdf6cf0c877ce16b5260e3bcf4cc188e2c9c3dbe7e82b6f574dc541
05c8a610a82fb3458e6c0fac1fd3cc5d77fb82df693e444e149123266bdb25a0
0d3a5f4326006d47056d523ff70c18ce3477675b87bfb9e238ea3d4685844c22
12a8d17b2d8dcd3d613e7c0f50e0b259987f232ef19db5ed9893761d5420c0a6
138bd1cf598c49599d29027c9c80353794af62b585c166828f92077940a3f70d
14d8bb1713827daa61294574499215b53d9fcae6d860b838cce28ccbc553c7bd
1789b37f39418f02c7778fdc732ec3080d9119e43e4610a659d5beaa223d072e
1b937a6724d0a4915fe19263cf02aa47a5d9701f01a5d4bd4593203a9245efd2
1ca56a9981a7aa6b16b3358b131d1a3ab888f89e2fbf77b8f6ee753538e69b20
4648593a37cd430a04e4d273500d1849078d949ef5e075c33c582304fb461771
4fc7c20bfd47111fc7c6418e4e5d32abff9aca50d578dfe73c23b679dba3fc91
56f9d9ac8e022bdffe90e5ea222e0099084072bc37d46bccf64230558f6dfaab
5b90a304403462b89a03a5f39018c70243a09978b63ea30d3fd93ab7f1bb4443
6113fdc6fcb67bdceb7fc59bb6d1999ee8520b36ececdc828cad28fc6b2ccf75
7474980e225d0426c9b8bf4da83050641ba808ea13e965f2d7db18ab81891fb5
74c9a003ddc5d32aaf08a3d625e51b2d2de510b2432e3fa17c072055cf668e1f
78855da594035f29c6f9799362cd236be3d043a628cb753a8ed21df9df7a6a8a
ad4bb7ad676d00ae0102774b4c87953a72b1f27c77c57591a7ab64e1f8d75717
ade9fbba9e040d7a5c2ea89cb9165b975b383f47c458003b8906019fb2f17e8f
b5ebe7b667f75cce0369db099978a387edfd901382f08e810c80c7106c3931a9
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
d8984d27d8b6a81d70138e89dfbb1ba09565c87b66b6784645d18704e41004d9
d962773f1c62358c22e35d0c24cdee3f86158457ab3d4fda1420f7d23bb2a966
dd6e8c99fbad9e65a8e679ac89cb2ebbf64903c5f88f8cec87ac8fd22c056596
df6cdd53b5e1a5ca287d6c439865eeaed6c3cc1c99ea77bba4369af0adb31ba4
e1b022e9816bb9232d658f03a9817615b53ad86700b31510807f5ef8fe26e57a
fb82b868b2f7332d0e6be5a1a9e52ef14cd023b2dc8fd2fead91578e1b2841c9
fef1f8b8a8e917b71f27b6b06d522cfa5c88b5c36b21dc53925648d006acf643

news.promovacances.com Open in urlscan Pro 91.230.178.143 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

28 Requests

100 %HTTPS

50 %IPv6

5 Domains

6 Subdomains

6 IPs

4 Countries

894 kBTransfer

891 kBSize

0 Cookies

0 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

news.promovacances.com Open in urlscan Pro
91.230.178.143 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

4
Countries

894 kB
Transfer

891 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions