urlscan.io logo urlscan.io
SecurityTrails logo

secure.bravofly.com.au Open in urlscan Pro
2606:4700::6811:2cec  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure.lastminute.com/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Effective URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Submission: On June 17 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 23 HTTP transactions. The main IP is 2606:4700::6811:2cec, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is secure.bravofly.com.au.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 10th 2018. Valid for: a year.
This is the only time secure.bravofly.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
11 54.230.93.169 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 54.230.93.150 16509 (AMAZON-02)
23 6
1    2606:4700::6812:8e1b (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
secure.lastminute.com
3    2606:4700::6811:2cec (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
secure.bravofly.com.au
11    54.230.93.169 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-169.fra2.r.cloudfront.net
assets.staticroot.com
3    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
2    2606:4700::6810:baf0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn-cms01.staticroot.com
3    2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
1    54.230.93.150 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-150.fra2.r.cloudfront.net
www3.staticroot.com
Domain Requested by
11 assets.staticroot.com secure.bravofly.com.au
assets.staticroot.com
3 fonts.gstatic.com secure.bravofly.com.au
3 fonts.googleapis.com secure.bravofly.com.au
3 secure.bravofly.com.au assets.staticroot.com
2 cdn-cms01.staticroot.com secure.bravofly.com.au
1 www3.staticroot.com
1 secure.lastminute.com 1 redirects
23 7

This site contains no links.

Subject Issuer Validity Valid
www.lastminute.com
COMODO RSA Organization Validation Secure Server CA		 2018-09-10 -
2019-09-10		 a year crt.sh
*.staticroot.com
Sectigo RSA Domain Validation Secure Server CA		 2019-05-13 -
2020-05-12		 a year crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-05-21 -
2019-08-13		 3 months crt.sh
*.google.com
Google Internet Authority G3		 2019-05-21 -
2019-08-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Frame ID: C58F593A9C954F47666786AC70B0B835
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://secure.lastminute.com/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ HTTP 302
    https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

23
Requests

100 %
HTTPS

71 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

487 kB
Transfer

1598 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure.lastminute.com/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ HTTP 302
    https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
secure.bravofly.com.au/booking/holder/invoice/
Redirect Chain
  • https://secure.lastminute.com/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
  • https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
106 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:2cec , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f66744d01c7ab524cae5c2a2312c2b5131d3566e63c4bd8d836657f530d8b936
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
secure.bravofly.com.au
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 09:18:14 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d13681b75fcad8fdcaf7f2de6c1843a251560763094; expires=Tue, 16-Jun-20 09:18:14 GMT; path=/; domain=.bravofly.com.au; HttpOnly opco-production-pci=c8f46516e3a80647d9705fdb7dbd7d15c8c575a5; Path=/; HttpOnly JSESSIONID=5B41BD02E6A932A351086E161761A96B; Path=/booking; HttpOnly __cfruid=071ff5324c705e4f64bfe2153d118fe75a3f4213-1560763094; path=/; domain=.bravofly.com.au; HttpOnly
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Strict-Transport-Security
max-age=60
Access-Control-Allow-Origin
*
X-BF-tracing-hostId
opco-stable-5f5bbcf77c-ckvx8
X-BF-tracing-spanId
0000000
X-BF-tracing-appName
opco
X-BF-tracing-parent-spanId
X-BF-tracing-traceId
ce57ec36-40a8-47e5-bb80-4ecd6eeca15d
X-BF-tracing-methodName
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Pragma
no-cache
Expires
0
X-Frame-Options
SAMEORIGIN
Content-Language
en-US
Vary
Accept-Encoding
Via
1.1 secure.bravofly.com.au
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
4e83ef5ec8666497-FRA
Content-Encoding
br

Redirect headers

Date
Mon, 17 Jun 2019 09:18:14 GMT
Content-Length
0
Connection
keep-alive
Set-Cookie
__cfduid=d1284fe736f818757a95ec09e8cd903f71560763094; expires=Tue, 16-Jun-20 09:18:14 GMT; path=/; domain=.lastminute.com; HttpOnly opco-production-pci=2abf6d41b1673d7f0b6d9352e56dcff32483e420; Path=/; HttpOnly JSESSIONID=4545FA0EC827BA08B9CB686ACBDB4180; Path=/booking; HttpOnly __cfruid=7d3b13126a6ccffc75f56486fcbc7c64c9515d52-1560763094; path=/; domain=.lastminute.com; HttpOnly
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Strict-Transport-Security
max-age=60
Access-Control-Allow-Origin
*
X-BF-tracing-hostId
opco-stable-5f5bbcf77c-9l6hn
X-BF-tracing-spanId
0000000
X-BF-tracing-appName
opco
X-BF-tracing-parent-spanId
X-BF-tracing-traceId
220fe297-d883-439a-b6da-29badae42c0a
X-BF-tracing-methodName
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Pragma
no-cache
Expires
0
X-Frame-Options
SAMEORIGIN
Location
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Content-Language
en-US
Via
1.1 secure.lastminute.com
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server
cloudflare
CF-RAY
4e83ef5c3c39c2a9-FRA
merchant_group_bravofly.css
assets.staticroot.com/opco-ui/dist/13.33.0/styles/personalization/merchant_group_bravofly/ 		548 KB
77 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/styles/personalization/merchant_group_bravofly/merchant_group_bravofly.css
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
0b02319ea89d1803368dd17621f706acfbbe9f3ef5bb2058d187b0b4463160f7
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:06:05 GMT
content-encoding
gzip
last-modified
Tue, 21 May 2019 08:49:28 GMT
server
nginx/1.11.3
age
730
etag
W/"5ce3bb98-88fcb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
status
200
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
Ut76R-W62jI6rlPQ4Uga9Qn4-LTplfU8ivILs3tIijNApcVZvJhzrQ==
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
css
fonts.googleapis.com/ 		5 KB
678 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,600&subset=latin-ext
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
cd75e2f016e3b6a673da5eb5bd65f106cab905757eec2e1f0b34b6cbf0e08484
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 17 Jun 2019 09:18:15 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 17 Jun 2019 09:18:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 17 Jun 2019 09:18:15 GMT
cap-bvf-footer-2.73.0-TAG.min.css
cdn-cms01.staticroot.com/etc/clientlibs/entry-pages-cap/ 		21 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-cms01.staticroot.com/etc/clientlibs/entry-pages-cap/cap-bvf-footer-2.73.0-TAG.min.css
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:baf0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4fb2f6d14e9916da76e3341c2352bd219b2c1015dc67c9b9caaf92ca2aa73080
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 09:18:15 GMT
Via
1.1 cdn-cms01.staticroot.com, 1.1 cdn-cms01.staticroot.com
CF-Cache-Status
HIT
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
br
X-NodeID
lm-prod6-publish-3 - t=1558954800425089 D=151
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 23 May 2019 13:56:28 GMT
Server
cloudflare
ETag
W/"5440-5898e72cef948-gzip"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
X-R
rapido-e01
CF-RAY
4e83ef602d5f6443-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Expires
Tue, 16 Jun 2020 09:18:15 GMT
cap-footer-2.73.0-TAG.js
cdn-cms01.staticroot.com/etc/clientlibs/entry-pages-cap/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-cms01.staticroot.com/etc/clientlibs/entry-pages-cap/cap-footer-2.73.0-TAG.js
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:baf0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0836ba3f75f46e46c4a68e822ba5043326220187fa659f4e345ad597763f98d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 09:18:15 GMT
Via
1.1 cdn-cms01.staticroot.com, 1.1 cdn-cms01.staticroot.com
CF-Cache-Status
HIT
Cf-Polished
origSize=21979
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
br
X-NodeID
lm-prod6-publish-3 - t=1558950808052298 D=196
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 23 May 2019 10:16:25 GMT
Server
cloudflare
ETag
W/"55db-5898b5fe63b8c-gzip"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cf-Bgj
minify
Cache-control
public, max-age=31536000
X-R
rapido-e02
CF-RAY
4e83ef603f64d6b1-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Expires
Tue, 16 Jun 2020 09:18:15 GMT
vendor1.min.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		445 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/vendor1.min.js
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
5b55aef0f880c5b5a8eb1d1c81bb8a3c000bf421f9942c53fe88711610e06f85
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:06:29 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 13:10:48 GMT
server
nginx/1.11.3
age
706
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
etag
"5cbf0ed8-6f478"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
0XYJN_zo-rvQcugfZd2tWfxkhtMPOtyrAdFh5dbpuq104MSxCT1uEQ==
x-xss-protection
1; mode=block
vendor2.min.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/vendor2.min.js
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

access-control-allow-origin
*
brg-ui-checkout.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/brg-ui-checkout.js
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
03ffcd0d7d6d5f7337882dbe06ce3c1c74fa6e346f3fcd8f1daa9da7d273aa28
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:05:26 GMT
content-encoding
gzip
last-modified
Mon, 03 Jun 2019 10:04:03 GMT
server
nginx/1.11.3
age
769
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
etag
"5cf4f093-3465"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
Dhh15IlJMV4qF9bKY9sin6esm6DR5KDwMYMSKrFNJCr-BjDgY77vtg==
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		12 KB
814 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
ebe7f9c6a2d1885e9e7cfeccc2bd8ea7071b3053dc38df8ba9a16d39897e2d5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 17 Jun 2019 09:18:15 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 17 Jun 2019 09:18:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 17 Jun 2019 09:18:15 GMT
css
fonts.googleapis.com/ 		4 KB
600 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu:400,500
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
ab1d9fd71250f17e04142d2b700dfc0024bf16f9db1880f9e9791c7af46f94ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 17 Jun 2019 09:18:15 GMT
server
ESF
access-control-allow-origin
*
date
Mon, 17 Jun 2019 09:18:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Mon, 17 Jun 2019 09:18:15 GMT
mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v16/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800
Origin
https://secure.bravofly.com.au

Response headers

date
Mon, 03 Jun 2019 18:58:10 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:11:28 GMT
server
sffe
age
1174805
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9016
x-xss-protection
0
expires
Tue, 02 Jun 2020 18:58:10 GMT
vendor2.min.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/vendor2.min.js
Requested by
Host: secure.bravofly.com.au
URL: https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

access-control-allow-origin
*
0.bundle.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		117 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/0.bundle.js
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/brg-ui-checkout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
df31a0511f33d8fd5cab739a22221dbcea3483df7b0ffb0b60adebc4a45f4daa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:05:40 GMT
content-encoding
gzip
last-modified
Tue, 23 Apr 2019 13:10:30 GMT
server
nginx/1.11.3
age
755
etag
W/"5cbf0ec6-1d562"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
fgZcLjD3IdXDStgxZLhPGzTjGE94W5Drk4rjD4ZDfgaM8evkXXb00Q==
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
4.bundle.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		49 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/4.bundle.js
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/brg-ui-checkout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
b32223414f64cba9787f48af6ae1504a4f68fafa1b43fc486f34390f6aedcc6a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:05:57 GMT
content-encoding
gzip
last-modified
Mon, 03 Jun 2019 10:04:03 GMT
server
nginx/1.11.3
age
738
etag
W/"5cf4f093-c5b6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
2_7ao0CijcWf8FrpF_MT0m55GRtRYc-jCB3uGVGieQ3dh04NJXs_yA==
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
11.bundle.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		39 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/11.bundle.js
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/brg-ui-checkout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
88953b137466498b5094e77572ca5b82ea4b501891145bfa92b3074cf3039146
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 09:07:55 GMT
content-encoding
gzip
last-modified
Mon, 03 Jun 2019 10:04:03 GMT
server
nginx/1.11.3
age
620
etag
W/"5cf4f093-9c2e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
6Z4Ff6fGtko6B0rghT7Z-wQ5z-QlNvyDRH6Cikc_YsttCWyFst9apA==
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
30.bundle.js
assets.staticroot.com/opco-ui/dist/13.33.0/scripts/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/30.bundle.js
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/brg-ui-checkout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
aa0051e04a2e128c64632a3a4f9e71d03d95d91a607e295c3ba417d13526072b
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 07 Jun 2019 09:14:06 GMT
content-encoding
gzip
last-modified
Mon, 03 Jun 2019 10:04:03 GMT
server
nginx/1.11.3
age
84221
etag
W/"5cf4f093-1b37"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
1AZeutoFoTwiL3gQCA5wcOMXi53UC04ilCdO6ov_PfFDSlmSbaGsgw==
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
secure.bravofly.com.au/booking/api/dialingCode/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.bravofly.com.au/booking/api/dialingCode/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/vendor1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:2cec , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cc0cde5a5fbb72a6769a57e2fe832ebc9a4a3fbe6d93e4681b3a5d1759e752e
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 09:18:15 GMT
X-BF-tracing-spanId
0000000
X-Content-Type-Options
nosniff
X-BF-tracing-hostId
opco-stable-5f5bbcf77c-ckvx8
Access-Control-Allow-Origin
*
X-BF-tracing-methodName
Connection
keep-alive
X-BF-tracing-parent-spanId
X-BF-tracing-traceId
5fb5d0c9-6bfd-400e-af6e-1c4dc5d512b8
X-BF-tracing-appName
opco
Content-Encoding
br
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
cloudflare
X-Frame-Options
SAMEORIGIN
ETag
W/"cf7802f2cba0bb8db56fc003498e487b0e2bc7c373938b6e8787c5898aa06a78"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Strict-Transport-Security
max-age=60
Content-Type
application/json
Via
1.1 secure.bravofly.com.au
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding
chunked
CF-RAY
4e83ef613b066497-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Expires
0
ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
secure.bravofly.com.au/booking/api/internationalCode/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.bravofly.com.au/booking/api/internationalCode/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
Requested by
Host: assets.staticroot.com
URL: https://assets.staticroot.com/opco-ui/dist/13.33.0/scripts/vendor1.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:2cec , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cc0cde5a5fbb72a6769a57e2fe832ebc9a4a3fbe6d93e4681b3a5d1759e752e
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://secure.bravofly.com.au/booking/holder/invoice/ZKLY-TBRGLOAIPLPALPXFCS-WQUJ
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 17 Jun 2019 09:18:15 GMT
X-BF-tracing-spanId
0000000
X-Content-Type-Options
nosniff
X-BF-tracing-hostId
opco-stable-5f5bbcf77c-ckvx8
Access-Control-Allow-Origin
*
X-BF-tracing-methodName
Connection
keep-alive
X-BF-tracing-parent-spanId
X-BF-tracing-traceId
d185b430-7fd5-422e-ad6f-42dcfd5243bc
X-BF-tracing-appName
opco
Content-Encoding
br
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
cloudflare
X-Frame-Options
SAMEORIGIN
ETag
W/"cf7802f2cba0bb8db56fc003498e487b0e2bc7c373938b6e8787c5898aa06a78"
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Strict-Transport-Security
max-age=60
Content-Type
application/json
Via
1.1 secure.bravofly.com.au
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Transfer-Encoding
chunked
CF-RAY
4e83ef614c14d6d9-FRA
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Expires
0
bravofly.svg
assets.staticroot.com/lmn-assets-ui/1.1.0/logos/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.staticroot.com/lmn-assets-ui/1.1.0/logos/bravofly.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.15.10 /
Resource Hash
449ee7825e50d06b97ffbb45725fee7432832b2640739e3b0ea0c275355ea3b8
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assets.staticroot.com/opco-ui/dist/13.33.0/styles/personalization/merchant_group_bravofly/merchant_group_bravofly.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 17 Jun 2019 04:36:45 GMT
content-encoding
gzip
last-modified
Tue, 05 Dec 2017 10:27:21 GMT
server
nginx/1.15.10
age
18959
via
1.1 assets.staticroot.com, 1.1 143574384d395dec5e078f9c0bab3391.cloudfront.net (CloudFront)
etag
W/"5a267489-149a"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
x-amz-cf-pop
FRA2
access-control-allow-origin
*
x-amz-cf-id
xrWGKIlQdYuW2lzZQNaVd6FLlFip0h8WT_a-HpyDlmDDzNuAN19Z7w==
x-xss-protection
1; mode=block
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v16/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v16/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800
Origin
https://secure.bravofly.com.au

Response headers

date
Sun, 02 Jun 2019 16:34:50 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:10:29 GMT
server
sffe
age
1269805
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9132
x-xss-protection
0
expires
Mon, 01 Jun 2020 16:34:50 GMT
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v16/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v16/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800
Origin
https://secure.bravofly.com.au

Response headers

date
Fri, 14 Jun 2019 03:53:48 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 Mar 2019 20:11:39 GMT
server
sffe
age
278667
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9180
x-xss-protection
0
expires
Sat, 13 Jun 2020 03:53:48 GMT
bf_font_filled.ttf
assets.staticroot.com/brg-icons-ui/4.5.0/fonts/ 		83 KB
83 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.staticroot.com/brg-icons-ui/4.5.0/fonts/bf_font_filled.ttf
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.169 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-169.fra2.r.cloudfront.net
Software
nginx/1.11.3 /
Resource Hash
13c0954e6b7e05559f2b13a6acd940ffa89f1df584b37895de2ca149c932c391
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://assets.staticroot.com/opco-ui/dist/13.33.0/styles/personalization/merchant_group_bravofly/merchant_group_bravofly.css
Origin
https://secure.bravofly.com.au

Response headers

date
Sun, 16 Jun 2019 09:24:27 GMT
via
1.1 assets.staticroot.com, 1.1 412049da39a44d4e9af054ecc17534dd.cloudfront.net (CloudFront)
last-modified
Fri, 19 Oct 2018 07:32:21 GMT
server
nginx/1.11.3
age
86790
etag
"5bc98885-14b30"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2
accept-ranges
bytes
access-control-allow-origin
*
content-length
84784
x-xss-protection
1; mode=block
x-amz-cf-id
LMtFIoyFUzhMeDzCEej4-L6yHfMuef9viHs4_wjDfaRGXN2pLGoBBA==
flags.png
www3.staticroot.com/images/opco/intl-tel-input/ 		60 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.staticroot.com/images/opco/intl-tel-input/flags.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.150 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-150.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f83ada0cf29aeabfa9464db48bf5ef523e5de65fdbedf791fb58887ef3bd1b9c

Request headers

Referer
https://assets.staticroot.com/opco-ui/dist/13.33.0/styles/personalization/merchant_group_bravofly/merchant_group_bravofly.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Jun 2019 17:01:25 GMT
Via
1.1 d41256fff4c52560b6f36cf42caee95d.cloudfront.net (CloudFront)
Age
60922
x-amz-meta-permissions
33204
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
61105
X-Amz-Cf-Id
HFdYshIL84EWti5A3dZGKP2zrnpqjIQCKIx8U8ndXwCiuP8OD2ETqQ==
x-amz-meta-owner
1003
Last-Modified
Tue, 05 Dec 2017 16:21:20 GMT
Server
AmazonS3
ETag
"4086989170509eb2a0413a8116361b78"
Content-Type
image/png
X-Amz-Cf-Pop
FRA2
Accept-Ranges
bytes
x-amz-meta-group
1000

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| core object| __core-js_shared__ function| cmsFooterInit object| flatDictionary string| locale string| resourcesPath object| invoiceOpts string| STATUS_OPENED string| STATUS_CLOSED string| ICON_OPENED string| ICON_CLOSED number| MAX_VISIBLE_LINES function| $ function| _isNotAlreadyRendered function| _areTextLinesMoreThan function| _countLines function| _setExpandable function| _buildExpandableUI function| _toggleDetails object| MasterPass function| jQuery object| i18n object| intlTelInputUtils object| Handlebars object| webpackJsonp function| setImmediate function| clearImmediate object| Backbone object| checkoutData

4 Cookies

Domain/Path Name / Value
.bravofly.com.au/ Name: __cfruid
Value: 071ff5324c705e4f64bfe2153d118fe75a3f4213-1560763094
secure.bravofly.com.au/ Name: opco-production-pci
Value: c8f46516e3a80647d9705fdb7dbd7d15c8c575a5
.bravofly.com.au/ Name: __cfduid
Value: d13681b75fcad8fdcaf7f2de6c1843a251560763094
secure.bravofly.com.au/booking Name: JSESSIONID
Value: 5B41BD02E6A932A351086E161761A96B

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.staticroot.com
cdn-cms01.staticroot.com
fonts.googleapis.com
fonts.gstatic.com
secure.bravofly.com.au
secure.lastminute.com
www3.staticroot.com
2606:4700::6810:baf0
2606:4700::6811:2cec
2606:4700::6812:8e1b
2a00:1450:4001:809::200a
2a00:1450:4001:815::2003
54.230.93.150
54.230.93.169
03ffcd0d7d6d5f7337882dbe06ce3c1c74fa6e346f3fcd8f1daa9da7d273aa28
0b02319ea89d1803368dd17621f706acfbbe9f3ef5bb2058d187b0b4463160f7
0cc0cde5a5fbb72a6769a57e2fe832ebc9a4a3fbe6d93e4681b3a5d1759e752e
13c0954e6b7e05559f2b13a6acd940ffa89f1df584b37895de2ca149c932c391
449ee7825e50d06b97ffbb45725fee7432832b2640739e3b0ea0c275355ea3b8
4fb2f6d14e9916da76e3341c2352bd219b2c1015dc67c9b9caaf92ca2aa73080
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5b55aef0f880c5b5a8eb1d1c81bb8a3c000bf421f9942c53fe88711610e06f85
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
88953b137466498b5094e77572ca5b82ea4b501891145bfa92b3074cf3039146
aa0051e04a2e128c64632a3a4f9e71d03d95d91a607e295c3ba417d13526072b
ab1d9fd71250f17e04142d2b700dfc0024bf16f9db1880f9e9791c7af46f94ed
b32223414f64cba9787f48af6ae1504a4f68fafa1b43fc486f34390f6aedcc6a
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
cd75e2f016e3b6a673da5eb5bd65f106cab905757eec2e1f0b34b6cbf0e08484
d0836ba3f75f46e46c4a68e822ba5043326220187fa659f4e345ad597763f98d
df31a0511f33d8fd5cab739a22221dbcea3483df7b0ffb0b60adebc4a45f4daa
ebe7f9c6a2d1885e9e7cfeccc2bd8ea7071b3053dc38df8ba9a16d39897e2d5f
f66744d01c7ab524cae5c2a2312c2b5131d3566e63c4bd8d836657f530d8b936
f83ada0cf29aeabfa9464db48bf5ef523e5de65fdbedf791fb58887ef3bd1b9c