Report - www.vouchers-sg-51.com/cgi-bin/wingame.pl

Report Overview

Submitted URL
www.vouchers-sg-51.com/cgi-bin/wingame.pl
IP
104.18.10.234
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-12 21:54:26
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	486 B	17 kB	216.58.207.227
static.cleverpush.com	16927	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	399 B	57 kB	172.67.71.184
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	104.18.32.68
sgapac.mycleverpush.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	529 B	421 B	159.69.145.0
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.2 kB	155 kB	35.241.9.150
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.76.226
getpocket.cdn.mozilla.net	1369	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	38 kB	34.120.5.221
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
detectportal.firefox.com	1601	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	428 B	34.107.221.82
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	402 B	746 B	142.250.74.106
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.86.38.2
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	840 B	12 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
shavar.services.mozilla.com	3602	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	453 B	204 B	34.215.6.110
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.131
api.cleverpush.com	16719	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	22 kB	104.26.14.31
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	39 kB	34.120.237.76
www.vouchers-sg-51.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	633 kB	104.18.11.234

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-12	medium	www.vouchers-sg-51.com/cgi-bin/wingame.pl	Phishing
2022-12-12	medium	www.vouchers-sg-51.com/wingame/50/css/sweepstake.css?2022-12-12.2	Phishing
2022-12-12	medium	www.vouchers-sg-51.com/_global/css/default.css?2022-12-12.2	Phishing
2022-12-12	medium	www.vouchers-sg-51.com/_global/wingame/74/js/series.js?2022-12-12.2	Phishing
2022-12-12	medium	www.vouchers-sg-51.com/_global/wingame/74/themes/black_000000/css/theme.css?2022-12-12.2	Phishing
2022-12-12	medium	www.vouchers-sg-51.com/files/web/sponsor/_sponsoren/script_50.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	www.vouchers-sg-51.com/wingame/global/js/global.js?2022-12-12.2	495 B	2023-03-07	2023-05-25
Pretty URL www.vouchers-sg-51.com/wingame/global/js/global.js?2022-12-12.2 IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:47 Last Seen2023-05-25 19:33:01 Times Seen7 Hash 1b98ea3cb9f9d5125064031e36e955d6 ce14a655950d8464be8378ba4dcbb4bfa8477b59 41c9ca1210a14096e9078bd3d713390d07e5efb4bdd433f839dee3b0f0c25d61 Loading...

	www.vouchers-sg-51.com/wingame/50/js/sweepstake.js?2022-12-12.2	3.0 kB	2023-03-08	2023-05-21
Pretty URL www.vouchers-sg-51.com/wingame/50/js/sweepstake.js?2022-12-12.2 IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-05-21 19:42:31 Times Seen4 Hash 8d00fee382917cf48c50cbabb52372e2 ae18b425d6425f2c6676c86da167fe79ca436e62 59504615f381b121722bbcca0e8069cd63313ecdfd7e2a46d5dc8859358d3fa3 Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	1.1 kB	2023-03-07	2024-03-27
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:39 Last Seen2024-03-27 02:14:42 Times Seen115 Hash f14a731981e984c04d08ef668d96d867 23f77eca9c9754fc400db2bfc242088b96ff4e1e 9e727340d7fb316cf59618a46bebc2e45ffcd55904bc1aceac7f4760e5827669 Loading...

	sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com	309 B	2023-03-07	2023-03-17
Pretty URL sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com IP 159.69.145.0 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:47 Last Seen2023-03-17 10:37:07 Times Seen1 Hash 6c088f5aff164f4fd6e11d1fc5450a5f 7c5f7294f4d768eef68f59c051e08c5b0c2f82cc 276f9c4f00aee87e91bac5471e74a8e5cafab9e1941f64bc8837bc953fea3b1d Loading...

	www.vouchers-sg-51.com/files/web/sponsor/_sponsoren/script_50.js	4.0 kB	2023-03-08	2023-03-13
Pretty URL www.vouchers-sg-51.com/files/web/sponsor/_sponsoren/script_50.js IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-13 08:04:59 Times Seen1 Hash 074f3bddc488fe7e034fcfd71666b410 e617010a7ff782c1d54acf39258b03066127788b c4975ba239bea06f62ef68ad908c963934439d3f53c0710ba99fcb271cadb61d Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	2.9 kB	2023-03-07	2024-03-27
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:40 Last Seen2024-03-27 02:14:42 Times Seen142 Hash 8f844149e7f42121069aecaac33b39d1 470fa242d44e1f8d909200723c8680024860483e 1b694f99a79e26d1ef7459a6759cb3e4a6a7e7b6e3f1e199dce185d71b955f5a Loading...

	static.cleverpush.com/channel/loader/3zxL2HhGxKQQZYwsP.js	209 kB	2023-03-09	2023-03-09
Pretty URL static.cleverpush.com/channel/loader/3zxL2HhGxKQQZYwsP.js IP 172.67.71.184 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 04:34:57 Last Seen2023-03-09 05:06:11 Times Seen1 Hash e2b84f43e67a9e202870f859cf663e37 3eec0b482144d5c0bdb1a1f4353e92ad78e79941 8bc7644b48d4a8eebfbb7b29937f0bc0285e4f3d18d8763ed9403013be8406a0 Loading...

	static.cleverpush.com/sdk/chunk/115.ba0d7343026308ac5af6.js	14 kB	2023-03-08	2023-03-13
Pretty URL static.cleverpush.com/sdk/chunk/115.ba0d7343026308ac5af6.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-13 11:43:27 Times Seen1 Hash bdf3b760e2b81b6f97aa3f8f66d110e5 1672ad41f69faa3e9b782a8bc91e2af179ac15f7 61bd25db9e9cd5fcc44afc53fe9f72a60487085491595001a2841bde54d5abf9 Loading...

	static.cleverpush.com/sdk/chunk/251.ff5b3c0c290e9961835b.js	5.6 kB	2023-03-08	2023-05-05
Pretty URL static.cleverpush.com/sdk/chunk/251.ff5b3c0c290e9961835b.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-05-05 05:44:00 Times Seen105 Hash e89cddaa8c63cff3a495570a91d5e690 397783dc44bf1885bf55f65bc11361d0389bd0d9 df124351501a3a62b99269da55fa305a5584a9e80e84f4ecf72cdd54d4978204 Loading...

	static.cleverpush.com/sdk/chunk/818.2053369c6ba49d7081f4.js	7.5 kB	2023-03-08	2023-03-13
Pretty URL static.cleverpush.com/sdk/chunk/818.2053369c6ba49d7081f4.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-13 19:28:26 Times Seen1 Hash 9c2d7319802a49372e38ced07eee7c81 7494e53ab7e7a26d1f38b5a45b490501dd5f49a8 bbf8b26356a91137293331c7299846d0e3b394732a158b0c28a5e09333279647 Loading...

	static.cleverpush.com/sdk/chunk/720.88a3607d4c17ce2453f0.js	48 kB	2023-03-08	2023-03-13
Pretty URL static.cleverpush.com/sdk/chunk/720.88a3607d4c17ce2453f0.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-13 20:04:56 Times Seen1 Hash 068eefa4304043bf1bb6ddedb6bea8e9 06258e665fd5b5de2c1e4c645498b9e21d82f695 16dfc52adc4b2e77ac5881bf9ecfd0250aaba890abc09b3ad674cc62e455c0be Loading...

	static.cleverpush.com/sdk/chunk/103.b06b9a0145dcabe481ae.js	98 kB	2023-03-08	2023-03-12
Pretty URL static.cleverpush.com/sdk/chunk/103.b06b9a0145dcabe481ae.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-12 20:31:59 Times Seen1 Hash c86abffed45846c44a1f82cb01c240b0 69f964f7387b7d80032e8fbff19f4738c5741156 1ec8dc19ecab9f739cfd58f49179a4b96e94c86139132d732e12bfcccb939348 Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	107 B	2023-03-09	2023-03-09
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 05:06:11 Last Seen2023-03-09 05:06:11 Times Seen1 Hash 368d2d458f8ee6943b06f96ec101a90a 7c7613aa232b89d79a1589574eac744aa2d3a56a e9f28b692e7e198903535d475a4f320a6d0ca10094c2f9c1b914b4bb2818bad8 Loading...

	www.vouchers-sg-51.com/_global/js/scripts.js?2022-12-12.2	57 kB	2023-03-07	2023-05-28
Pretty URL www.vouchers-sg-51.com/_global/js/scripts.js?2022-12-12.2 IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:39 Last Seen2023-05-28 17:27:42 Times Seen96 Hash 4eeb3045b35ec60ac8efdecc52a59c44 bc53e3f6d8cd4feb5bd63129e8cd27b6fef2b79d 0277c1245f8103772c6a4a0a401df99e3bf8de48b79d3fc7689106759b80070a Loading...

	www.vouchers-sg-51.com/_global/js/framework/MooTools-Core-1.6.0-compressed.js?2022-12-12.2	90 kB	2023-03-07	2024-03-27
Pretty URL www.vouchers-sg-51.com/_global/js/framework/MooTools-Core-1.6.0-compressed.js?2022-12-12.2 IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:39 Last Seen2024-03-27 02:14:42 Times Seen143 Hash fcb1c635899fd1e781349468b8e5bb84 b9aa7889137b9f895effaf70bbf830346f205738 be0e66141e099739e90785e74a75e7aba4a5a3aa36c414e867c41f0ced9b0a36 Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	3.5 kB	2023-03-07	2024-01-09
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:39 Last Seen2024-01-09 08:53:43 Times Seen24 Hash 60fc73f1db2b66a884b41438e678dcd1 e1151c0fd36699bfb79de308085af9c99d36e9c2 2e7406fa9d170fa4788a366eb21c16937c3fbcabce7b7dc0e24158a2a5f1cf87 Loading...

	static.cleverpush.com/sdk/chunk/5.114db37e0f7e023a27ac.js	34 kB	2023-03-08	2023-03-13
Pretty URL static.cleverpush.com/sdk/chunk/5.114db37e0f7e023a27ac.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-03-13 05:46:51 Times Seen1 Hash 4e709fa3adcaf7e57f8afce46ca2963a 399da9fe083b7ecc0ce9e7283934c4a421dbb162 e5fe9fd0aa472fd0ce47490757341a45ac208820e1cabae999b9f948b6e0cdad Loading...

	sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com	70 kB	2023-03-09	2023-03-12
Pretty URL sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com IP 159.69.145.0 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:50:59 Last Seen2023-03-12 12:26:27 Times Seen1 Hash a406637f8755f7a4eb8caf4f315c3b9b 0236bffeeb9c117a29da2ec9f5449699b4b724e6 c7910a9d7d5bd588284ea43107041751f98eda71ccb5647a714c3eea96d87d46 Loading...

	www.vouchers-sg-51.com/_global/wingame/74/js/series.js?2022-12-12.2	16 kB	2023-03-07	2024-01-09
Pretty URL www.vouchers-sg-51.com/_global/wingame/74/js/series.js?2022-12-12.2 IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:59:20 Last Seen2024-01-09 08:53:43 Times Seen68 Hash a3f603406b47edd3f97e48640afbe427 146bb9b28184485d5bac01c11a6ac23f67fdbc71 398c728c2c48a8bacca49d082597c6de06028aa7adb9032c7c5cff08cc17ebaf Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	33 B	2023-03-07	2024-03-27
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:39 Last Seen2024-03-27 02:14:42 Times Seen142 Hash 09a035e29ea6d0dc014a73cc7d4dccc0 e75a3da7b29e61396d79e4db8a01d879e4807360 4238d27bdd7b3cea5b12b7125e126fe578db472e52bc31ae63bd7755bf645cbe Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	743 B	2023-03-08	2023-05-09
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-05-09 08:16:47 Times Seen3 Hash 320b6116edc59b4f72655138eb6437da d209207536cf605c9ab75130a39d12f1adbe17a1 c4e7785a19176644b06dfa26f4ee6df1e0fc7ef7e65403c6d9c8208fade23889 Loading...

	www.vouchers-sg-51.com/cgi-bin/wingame.pl?	21 B	2023-03-08	2023-05-21
Pretty URL www.vouchers-sg-51.com/cgi-bin/wingame.pl? IP 104.18.11.234 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:06:52 Last Seen2023-05-21 19:42:31 Times Seen4 Hash 1498f344cab909b01adfae7c44f143d9 6cfac95206d6591601660ab6b0cf540cedd1f85d eb85cd214d8a9d6188d18c2245026d3717b67c6612f8a9d714d614c1fcda6eb5 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 372312e323c9d6b3f53eefa2ab96ce31	37 B	2023-03-07	2023-05-03
Pretty Observations First Seen2023-03-07 01:11:40 Last Seen2023-05-03 00:58:57 Times Seen30 Hash 372312e323c9d6b3f53eefa2ab96ce31 cab1ddd7e352e5d1d0683207b9affcf902799e63 c7c863c5380711a4ba46d00eb8cabf7fbfc119abf20e621046b1f068e9630efc Loading...

HTTP Transactions (74)

URL IP Response Size

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Mon, 12 Dec 2022 12:42:55 GMT
Age: 33074
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

www.vouchers-sg-51.com/cgi-bin/wingame.pl

104.18.11.234

302 Found

75 B

URL HTTP/1.1
www.vouchers-sg-51.com/cgi-bin/wingame.pl
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with no line terminators
Size
75 B (75 bytes)
Hash
1b45f80ccb4ef2dc7558651258e2403f
3d37f4e233a565714bbfd376e8871f0769c2cc7f
edb10bf04694b659de9d2c328ec95854369f8ce4e111218e60b87c4064af93a2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cgi-bin/wingame.pl HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Mon, 12 Dec 2022 21:54:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
URI: <https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?>
X-Map-Context: sg
X-Served-By: d-04
Strict-Transport-Security: max-age=31536000
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7789b2685cd0b4e8-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4ae9e5f654895e63f3a0a13c5eb18c1
630e510407bacc5b4d0ca073173c65078d77aa72
722cb340d2866bd284e11b419c9ec9df095da8143bc8b15a51757f1738c2fa35

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "722CB340D2866BD284E11B419C9EC9DF095DA8143BC8B15A51757F1738C2FA35"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9831
Expires: Tue, 13 Dec 2022 00:38:00 GMT
Date: Mon, 12 Dec 2022 21:54:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3c0c53379f331e934f61070074d41035
420f6e542cbf741838566f22e475a80e2f600d21
4b7213ec107cdf1c2cd61a124453fb682ec291af0004d071105c87e2fe7528f5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B7213EC107CDF1C2CD61A124453FB682EC291AF0004D071105C87E2FE7528F5"
Last-Modified: Mon, 12 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9083
Expires: Tue, 13 Dec 2022 00:25:32 GMT
Date: Mon, 12 Dec 2022 21:54:09 GMT
Connection: keep-alive

getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30

34.120.5.221

200 OK

37 kB

URL HTTP/2
getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30
IP
34.120.5.221:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
37 kB (37324 bytes)
Hash
cd508cb2fa2249e004f2f05d80e13e13
5e5aedee8df1bd8144ea87cdf35ae046428e64b3
c5b4505950c8d39a2362605eaa080c9792cdbf150658974ba620a79360138dc1

HTTP Headers

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=NO&count=30 HTTP/1.1
Host: getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
vary: Accept-Encoding
content-location: global-recs.php
tcn: choice
x-frame-options: SAMEORIGIN
status: 200 OK
x-source: Pocket
pragma: cache
p3p: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa OUR IND UNI COM NAV INT STA PRE"
x-cache: Miss from cloudfront
x-amz-cf-pop: SEA73-P2
x-amz-cf-id: iw7CwQFBXZeCUeURW-bpwZ0--ixWbU3Uipf3bbTKFEt3lZoiINYHfw==
content-encoding: gzip
via: 1.1 6a63e853422f3197776fb098fab5a416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:51:27 GMT
content-type: application/json
content-length: 37324
age: 162
cache-control: s-maxage=900,public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dbd022fec0a71226daaf29b7563a8896
c37d14dc7b3849a4bb815fa325fb5e70fae54039
22da5e6e3f9507688fc8cb02183d52cf38f4adf8b2c6c52eaf5f88182471efeb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22DA5E6E3F9507688FC8CB02183D52CF38F4ADF8B2C6C52EAF5F88182471EFEB"
Last-Modified: Sun, 11 Dec 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2997
Expires: Mon, 12 Dec 2022 22:44:06 GMT
Date: Mon, 12 Dec 2022 21:54:09 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: aSIneM8riLc0D25dtwBI+s9FlZ28Qeq4dG0o8QS+l6tHOPkUb9J5RKIFi8ZIpqc4EJjiQXGWQQsobCSco+bQ+Q==
x-amz-request-id: ZSAEVVDZ2B4E01B8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 12 Dec 2022 21:29:21 GMT
age: 1488
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b8fe6ec1ac390bc5b90b68b0e3005299
4ce20d527fcc93a2a6d1c5f3ab73ee8ded2a57f2
1755a645d41780a9e54ee1ad04a2b293d16d2a98e543f81835c3a66e3d58c3be

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1755A645D41780A9E54EE1AD04A2B293D16D2A98E543F81835C3A66E3D58C3BE"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7586
Expires: Tue, 13 Dec 2022 00:00:35 GMT
Date: Mon, 12 Dec 2022 21:54:09 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 12 Dec 2022 21:33:43 GMT
content-type: application/json
age: 1226
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 12 Dec 2022 21:54:09 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
330253d1412f2bc019b9e616429bdd2c
be98309fd772c5a0fd976917357ab64040e0e9ac
9d72de8f62383856d0bc595d03aec1f32430470cfe5528a53227fe8402a95432

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D72DE8F62383856D0BC595D03AEC1F32430470CFE5528A53227FE8402A95432"
Last-Modified: Sun, 11 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Tue, 13 Dec 2022 03:53:45 GMT
Date: Mon, 12 Dec 2022 21:54:09 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
eb2d59cdcb72a43b02b054cf9a42ea71
f68a68d3536b42d96380bb43293cb8c901a78f11
ff76738f3b31ee3c799ede5cc438dd1375198a5d87b49a376071e171d527373f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4348
Cache-Control: max-age=162812
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:10 GMT
Etag: "63976b02-1d7"
Expires: Wed, 14 Dec 2022 19:07:42 GMT
Last-Modified: Mon, 12 Dec 2022 17:55:14 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 12 Dec 2022 21:33:17 GMT
age: 1253
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee19f96e42a0eca99d00c8d91f977c35
3bf8dbf8b8ce6ea7adadf7bb92cae2f9502fbee9
6d8adcb1494bfe2ca73cd6b77eb57b2d08e07b05eb892fea98a1fde0bfb2ea12

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4294
Cache-Control: max-age=131055
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:10 GMT
Etag: "6396ef2b-1d7"
Expires: Wed, 14 Dec 2022 10:18:25 GMT
Last-Modified: Mon, 12 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2

34.215.6.110

200 OK

8 B

URL HTTP/1.1
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP
34.215.6.110:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
8 B (8 bytes)
Hash
29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b

HTTP Headers

POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Mon, 12 Dec 2022 21:54:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close

push.services.mozilla.com/

35.86.38.2

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.86.38.2:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QeZGjDdR0MhPU5VW4Dkbmg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fMjmNL9fe/l5vAK7MZ6T7f1AO+U=

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0f3dad0d025c4b6b8abd5d698f00cfbd
3a82ecac8709c7acd620316502a0e774ac3b1170
8d98454c05e1bfb1e534913e69fe76f4b0cb619c02626bcdc163f7be48b1621f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221670878649293%22

35.241.9.150

200 OK

22 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221670878649293%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (21675), with no line terminators
Size
22 kB (21675 bytes)
Hash
0a12f0cec348b0fd1421ddacdf0f4347
048b1bc1de8b280a24375d2f8e69096dba113444
5ee4953b3ec37e1803fe8fa9ead3cf92caeb656b4df0bdf107097684b3d84fc8

HTTP Headers

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221670878649293%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 21675
via: 1.1 google
date: Mon, 12 Dec 2022 21:02:21 GMT
last-modified: Mon, 12 Dec 2022 20:57:29 GMT
content-type: application/json
age: 3109
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1670524641328&_since=%221666204638208%22

35.241.9.150

200 OK

8.3 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1670524641328&_since=%221666204638208%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (8322), with no line terminators
Size
8.3 kB (8322 bytes)
Hash
7124adf8e0faebbc77b775185aaf3b33
aacce2c95e9e0c77a0d356fd948b3298937ef6c3
eec0a6dea45d80964aa28968deac9c4cc4190f7aeb28205a8448304499cc9c88

HTTP Headers

GET /v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=1670524641328&_since=%221666204638208%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 8322
via: 1.1 google
date: Mon, 12 Dec 2022 20:59:08 GMT
age: 3302
last-modified: Thu, 08 Dec 2022 18:37:21 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
x-amz-id-2: mNeKAmFtIhruR6sOXk321vde87DsAQ2908IMrUPt4yy04H3oW6G3+KsiVegYU27h2WjKTGWT+b4=
x-amz-request-id: DAVEKTE06BM4B3GF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 12 Dec 2022 21:49:46 GMT
age: 264
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_929_1596511615_cp_image_42_929_1573524638.png

104.18.11.234

200 OK

22 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_929_1596511615_cp_image_42_929_1573524638.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 289 x 301, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21767 bytes)
Hash
7981da3a02a5756780c085f1f0c3fb19
7d1afa793be355b01b7fd2e50ba783204cbb1047
4ef88b4d9af615ce74727672a2a6600052d4a66b3ac52763c34545fc599fbb14

HTTP Headers

GET /files/web/freetest/_images/image_1049_929_1596511615_cp_image_42_929_1573524638.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 21767
last-modified: Tue, 04 Aug 2020 03:26:55 GMT
etag: "5f28d57f-5507"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fff68b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_925_1596511614_cp_image_42_925_1573524638.png

104.18.11.234

200 OK

22 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_925_1596511614_cp_image_42_925_1573524638.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 289 x 301, 8-bit colormap, non-interlaced\012- data
Size
22 kB (21544 bytes)
Hash
fb3179b1bc6a0e16b7e7cdcec81a2dbe
2751107432076aca4bc2976374240e8f4b4f9c65
966920de5000bf33ff4b2ac41928716f8572053e53b894ab017143a59115cec6

HTTP Headers

GET /files/web/freetest/_images/image_1049_925_1596511614_cp_image_42_925_1573524638.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 21544
last-modified: Tue, 04 Aug 2020 03:26:54 GMT
etag: "5f28d57e-5428"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fff57b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_927_1596511614_cp_image_42_927_1573524638.png

104.18.11.234

200 OK

22 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_927_1596511614_cp_image_42_927_1573524638.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 289 x 301, 8-bit colormap, non-interlaced\012- data
Size
22 kB (22240 bytes)
Hash
bd81aeb07c60b9be44a848d07fdcb044
ec650a2422feb29605fb94eed562f37cf35947f1
86d02a86afcc245d53be26b56b724eff30c90c0d9de1143fcbabc4943e67a5a1

HTTP Headers

GET /files/web/freetest/_images/image_1049_927_1596511614_cp_image_42_927_1573524638.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 22240
last-modified: Tue, 04 Aug 2020 03:26:54 GMT
etag: "5f28d57e-56e0"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fff5fb4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_886_1596511612_cp_image_42_886_1573524648.png

104.18.11.234

200 OK

71 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_886_1596511612_cp_image_42_886_1573524648.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 285 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
71 kB (70868 bytes)
Hash
578da5634cb60866130d1ec589afb392
8b2e75e1ad26cc368d4e8e243b8b5ed1674c7dc0
17164a0d41aa14cf37a0c0fc99cbdc4c496d91dd5015e1a488c2acb18a8c6c50

HTTP Headers

GET /files/web/freetest/_images/image_1049_886_1596511612_cp_image_42_886_1573524648.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 70868
last-modified: Tue, 04 Aug 2020 03:26:52 GMT
etag: "5f28d57c-114d4"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fef32b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_887_1596511612_cp_image_42_887_1574740535.png

104.18.11.234

200 OK

77 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_887_1596511612_cp_image_42_887_1574740535.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 285 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
77 kB (76611 bytes)
Hash
2f3dd28b519f2dca8c9e1c3951e1fef1
87a5cd0c89c018ee7487137943b86a7629900aa9
000f05262c894def5376da7f83f3771a1de7ec9babd5bb81d1dacbf58a9fb26e

HTTP Headers

GET /files/web/freetest/_images/image_1049_887_1596511612_cp_image_42_887_1574740535.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 76611
last-modified: Tue, 04 Aug 2020 03:26:52 GMT
etag: "5f28d57c-12b43"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fff4db4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_890_1596511612_cp_image_42_890_1574740536.png

104.18.11.234

200 OK

72 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_890_1596511612_cp_image_42_890_1574740536.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 285 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
72 kB (72459 bytes)
Hash
ae5004d1c0d0f375f9d8ab4f2372edf1
d44167cb48e66c411d8439eb7d3a5538749c7329
c070523be8a4f81b4aeaf351744001d17e7883dd54b9fc4f5376a3ceffbf1e40

HTTP Headers

GET /files/web/freetest/_images/image_1049_890_1596511612_cp_image_42_890_1574740536.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 72459
last-modified: Tue, 04 Aug 2020 03:26:52 GMT
etag: "5f28d57c-11b0b"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2700f77b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_889_1596511612_cp_image_42_889_1573524648.png

104.18.11.234

200 OK

160 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_889_1596511612_cp_image_42_889_1573524648.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 385 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
160 kB (159989 bytes)
Hash
a56dc40996d5413b2407ad228b34473f
5922cc501e4d244a37d33c58bb6518cacb5f98c0
273cb9ebfe1499aedb2cfe631024f0105a87db5b46de63e4b5e0e1a664d97be8

HTTP Headers

GET /files/web/freetest/_images/image_1049_889_1596511612_cp_image_42_889_1573524648.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 159989
last-modified: Tue, 04 Aug 2020 03:26:52 GMT
etag: "5f28d57c-270f5"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2701f86b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_888_1596511612_cp_image_42_888_1574740535.png

104.18.11.234

200 OK

58 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/freetest/_images/image_1049_888_1596511612_cp_image_42_888_1574740535.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 285 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
58 kB (57530 bytes)
Hash
a93eefeabd3f51a47c11f4ef085c216d
cc6a9c3e55ffcfb4d4de4079f820aadf03c101fc
a19953eea68cc0ddf20778a10207d79347742a4957ca7a17d36715ad36ab5c49

HTTP Headers

GET /files/web/freetest/_images/image_1049_888_1596511612_cp_image_42_888_1574740535.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: image/png
content-length: 57530
last-modified: Tue, 04 Aug 2020 03:26:52 GMT
etag: "5f28d57c-e0ba"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2700f73b4fd-OSL
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1670868498453&_since=%221666279968541%22

35.241.9.150

200 OK

55 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1670868498453&_since=%221666279968541%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (55436), with no line terminators
Size
55 kB (55436 bytes)
Hash
47223470b3e7808c95734e4bbd1bded7
036381c6e01f95c5cf343d221099fd64a73f00e7
3e1dde5ee8d5d3bf168546b39909e94e33a2b862dbb93d0a65d94b55cd46bee3

HTTP Headers

GET /v1/buckets/main/collections/nimbus-desktop-experiments/changeset?_expected=1670868498453&_since=%221666279968541%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 55436
via: 1.1 google
date: Mon, 12 Dec 2022 21:30:21 GMT
age: 1429
last-modified: Mon, 12 Dec 2022 18:08:18 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/wingame/50/js/sweepstake.js?2022-12-12.2

104.18.11.234

200 OK

1.5 kB

URL HTTP/2
www.vouchers-sg-51.com/wingame/50/js/sweepstake.js?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1478 bytes)
Hash
cd2c2e6ba56fa3dae80c1ac8e1bf86bd
6919b65d9e81c277a40f2fc7ae97413b9c9af64b
8eb8ea910bcd253aa7ec970940a1ef9df5971ec88b0f06b907fd662d553d39b1

HTTP Headers

GET /wingame/50/js/sweepstake.js?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 08 Jun 2020 08:52:50 GMT
etag: W/"5eddfc62-ba3"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fdf1db4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/js/scripts.js?2022-12-12.2

104.18.11.234

200 OK

29 kB

URL HTTP/2
www.vouchers-sg-51.com/_global/js/scripts.js?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
29 kB (29008 bytes)
Hash
dbdab315d39922caf5c154c6339e6227
636e2e0cfabff93b581ebd609598d09890150416
7c66f312f15dc5b9867fc54bdfc23ace443e4365e47ffc4594c0920c136260a7

HTTP Headers

GET /_global/js/scripts.js?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 21 Jul 2022 07:31:48 GMT
etag: W/"62d900e4-dd9a"
x-map-context: sg
x-served-by: d-01
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fcf0ab4fd-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.vouchers-sg-51.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:54 GMT
expires: Thu, 07 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 440417
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1670864154336&_since=%221657747510534%22

35.241.9.150

200 OK

1.9 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1670864154336&_since=%221657747510534%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1870), with no line terminators
Size
1.9 kB (1870 bytes)
Hash
3f4f9c4f83d779d53337d74ee16e9fb3
99f1eb7c1b4fc78c3f7d2084a47bbbc080114aa7
5df090a4493f38f761496807ba054b8f48ace10b459739ca1079d8e9a52e8050

HTTP Headers

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1670864154336&_since=%221657747510534%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1870
via: 1.1 google
date: Mon, 12 Dec 2022 20:59:08 GMT
age: 3303
last-modified: Mon, 12 Dec 2022 16:55:54 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6d462d3e6bc6168ee30040355f8b96ee
7578100cefe27a95fc25fa11481d78353185a9f0
7371baa9980618773809e1f238fb57f8ec6eef6bdc37d127bead092b7fde990c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Dec 2022 21:54:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22

35.241.9.150

200 OK

1.5 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1506), with no line terminators
Size
1.5 kB (1506 bytes)
Hash
60aff2c76d83b244d81d756641018f0a
baf1ab10d05ecfa5499ed6b5d9852ab843037e0e
cfeca2c493d5d5342e1fb3689e562c8725a8f72b806998596354db5a2e7fbf87

HTTP Headers

GET /v1/buckets/main/collections/cfr/changeset?_expected=1666894461944&_since=%221659547595259%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1506
via: 1.1 google
date: Mon, 12 Dec 2022 21:28:33 GMT
age: 1538
last-modified: Mon, 12 Dec 2022 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1670630464513&_since=%221666483264567%22

35.241.9.150

200 OK

55 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1670630464513&_since=%221666483264567%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (55266), with no line terminators
Size
55 kB (55266 bytes)
Hash
5d2fb5722e6042a1560c246186743a70
726069d7106d0c0e4062969f77be7d2f6fd6aff1
77246389c44e20939ee5db84acddf57176e58c5b8e11764b860c191c631d0de5

HTTP Headers

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1670630464513&_since=%221666483264567%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 55266
via: 1.1 google
date: Mon, 12 Dec 2022 21:42:43 GMT
age: 688
last-modified: Sat, 10 Dec 2022 00:01:04 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_229_1378106311.jpg

104.18.11.234

200 OK

1.2 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_229_1378106311.jpg
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 30, 8-bit gray+alpha, non-interlaced\012- data
Size
1.2 kB (1194 bytes)
Hash
138269e0d78814c79c96bde6916e21a1
b044fd802f0e648fd22c19bae34a9dcf49a91c56
a7d53245b9c0e48179a6c4a7bc87df311e2fb325ff7c9e018d2e33d5dc518f8c

HTTP Headers

GET /files/web/sponsor/_logos/logo1_229_1378106311.jpg HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/jpeg
content-length: 1194
last-modified: Mon, 02 Sep 2013 07:18:32 GMT
etag: "52243bc8-4aa"
x-map-context: sg
x-served-by: d-01
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2725a23b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_27_1343995230.png

104.18.11.234

200 OK

2.6 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_27_1343995230.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 80 x 30, 8-bit/color RGBA, non-interlaced\012- data
Size
2.6 kB (2601 bytes)
Hash
55b41c6934b3eff9839a40bf998099fc
83e0eeee1ad4d9347e675aacfa05dc286d37d3d8
e1f1d92ff6f91a4fd00415f1ba16805170ea4d9cc7a9a5503e686bd14593aaad

HTTP Headers

GET /files/web/sponsor/_logos/logo1_27_1343995230.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/png
content-length: 2601
last-modified: Mon, 13 Aug 2012 09:16:31 GMT
etag: "5028c5ef-a29"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2725a21b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_441_1490784069.jpg

104.18.11.234

200 OK

13 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_441_1490784069.jpg
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 30, 8-bit grayscale, non-interlaced\012- data
Size
13 kB (12940 bytes)
Hash
3b6ff1999a66922904b1c6b8ad51fc00
d1d919cec99f63fa2048e87d9ff4dd7173238abe
c897745d331defcc9183d25af5ece629fc535f492f6b009d42a90f0dc5ef0c26

HTTP Headers

GET /files/web/sponsor/_logos/logo1_441_1490784069.jpg HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/jpeg
content-length: 12940
last-modified: Wed, 29 Mar 2017 10:41:09 GMT
etag: "58db8f45-328c"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2723a02b4fd-OSL
X-Firefox-Spdy: h2

static.cleverpush.com/channel/loader/3zxL2HhGxKQQZYwsP.js

172.67.71.184

200 OK

56 kB

URL HTTP/2
static.cleverpush.com/channel/loader/3zxL2HhGxKQQZYwsP.js
IP
172.67.71.184:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65491)
Size
56 kB (56167 bytes)
Hash
daac3368172a096867f1e0a888f2942c
a6a7aa5f5c0c071ac10fd44720bc94fe6b18c4b2
c5ac173098997967f6022f5725131f78ffcdc5d384225a1126c382ae57d13910

HTTP Headers

GET /channel/loader/3zxL2HhGxKQQZYwsP.js HTTP/1.1
Host: static.cleverpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
x-amz-id-2: kOmNlQ8hQ/MAYlSw1RNX/itg58DorumEwEBEKK//PULpcTnywgP1we3AigwPXBpC4DO9p77sPKs=
x-amz-request-id: 2V6SK9JRB4NGPT18
last-modified: Sun, 11 Dec 2022 00:03:07 GMT
etag: W/"e2b84f43e67a9e202870f859cf663e37"
cache-control: public, max-age=21600
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SfvpATVS9jq3yWx7uMkxDOaS3BOd0G%2FPUMadO2741T96Yy%2Bs7ErxJTc9%2BenLxvchWu2iAgvKlVxaFGEUnj9KpjA9Oqjmbbs88LP9HEAlvL4JphuJfDHeaMgLKunNG8trlFEWQ3BcTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b27079c9b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_542_1450867072.png

104.18.11.234

200 OK

1.3 kB

URL HTTP/2
www.vouchers-sg-51.com/files/web/sponsor/_logos/logo1_542_1450867072.png
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 100 x 30, 8-bit gray+alpha, non-interlaced\012- data
Size
1.3 kB (1302 bytes)
Hash
f482011337a1fd30d43c4c16fd6fae99
42b84caf4bee84f5e6bc2799d47ed421c0afa5ee
1491ba98acf990484c8a649bfb0f7bc6fe24c676463c76e93d418ca24ce145a3

HTTP Headers

GET /files/web/sponsor/_logos/logo1_542_1450867072.png HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/png
content-length: 1302
last-modified: Wed, 23 Dec 2015 10:37:53 GMT
etag: "567a7981-516"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2725a26b4fd-OSL
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22

35.241.9.150

200 OK

1.7 kB

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (1719), with no line terminators
Size
1.7 kB (1719 bytes)
Hash
a4052b022cb93eb55aabe7cb67679df3
901bc58019c1c287782342cfcb9ad01ba4fa8657
959141ba846caac38284518837678def1e8c7d372a3b946a6c3e85ae5bfed470

HTTP Headers

GET /v1/buckets/main/collections/query-stripping/changeset?_expected=1667238122278&_since=%221656585893704%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 1719
via: 1.1 google
date: Mon, 12 Dec 2022 21:12:52 GMT
age: 2479
last-modified: Thu, 08 Dec 2022 16:36:44 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_static/_global/_supload/images/bg_supermarket_sg-pre_01.jpg

104.18.11.234

200 OK

27 kB

URL HTTP/2
www.vouchers-sg-51.com/_static/_global/_supload/images/bg_supermarket_sg-pre_01.jpg
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 2000x603, components 3\012- data
Size
27 kB (26983 bytes)
Hash
cc26fcca4a111a7607dbbc38d85f8bc0
067658a2e35d6d23d84795e0dfe2560051c493f0
5f3f5bf2b2567a61e56f292ceac28e5283dac84e983754e0e3e75c093e5cad9d

HTTP Headers

GET /_static/_global/_supload/images/bg_supermarket_sg-pre_01.jpg HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/jpeg
content-length: 26983
etag: "3869087883"
last-modified: Tue, 12 Nov 2019 02:07:13 GMT
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2725a24b4fd-OSL
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
fe5c50a76f4dcc706e43c0d6d469fdd2
d3f5bb89c0c997f3349678cdd2ab0fc43332c1cb
04ce917c21da2c3833baa3e84d83b21e5b5367d690d6afc203f3b0f6ca54e652

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 12 Dec 2022 21:54:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 11 Dec 2022 12:45:38 GMT
Expires: Sun, 18 Dec 2022 12:45:37 GMT
Etag: "d3f5bb89c0c997f3349678cdd2ab0fc43332c1cb"
Cache-Control: max-age=484885,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7789b2744d5bb4fd-OSL

firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22

35.241.9.150

200 OK

935 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (935), with no line terminators
Size
935 B (935 bytes)
Hash
fc59df2a1ddb194b9927e1bd05da82a5
54ae083c87343de5c5082cd16f6e4ec8e45769bc
cb645a2b572db86fddd92d7b4f54c55f1cb6ecada044fff5b5aea30e7df875f4

HTTP Headers

GET /v1/buckets/main/collections/message-groups/changeset?_expected=1670425599656&_since=%221665698079854%22 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 935
via: 1.1 google
date: Mon, 12 Dec 2022 21:12:31 GMT
age: 2500
last-modified: Wed, 07 Dec 2022 15:06:39 GMT
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258

35.241.9.150

200 OK

682 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
730583ac85dd27656bad88150567d34a
c05375ce2016cc335fffbfc76974348032951545
07ef5576f95557ec9f756e4ddfba277e3308d897c86ad5bc9dcd6e8e7270fb26

HTTP Headers

GET /v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258 HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 682
via: 1.1 google
date: Mon, 12 Dec 2022 21:09:54 GMT
age: 2657
last-modified: Mon, 05 Dec 2022 16:36:54 GMT
etag: "1670258214122"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

detectportal.firefox.com/success.txt?ipv4

34.107.221.82

200 OK

8 B

URL HTTP/1.1
detectportal.firefox.com/success.txt?ipv4
IP
34.107.221.82:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
8 B (8 bytes)
Hash
ae780585f49b94ce1444eb7d28906123
7d5ca8c0c03e883c56c4eb1ef6f6bb9bccad4d86
81b2bd4ea98c8db66554fbc8d7637a1a69a130f331feb732b75caab4c4868fd5

HTTP Headers

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Mon, 12 Dec 2022 12:42:55 GMT
Age: 33076
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600

api.cleverpush.com/channel/optin-visitor

104.26.14.31

200 OK

20 kB

URL HTTP/2
api.cleverpush.com/channel/optin-visitor
IP
104.26.14.31:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
20 kB (19647 bytes)
Hash
b7f2828e87f4d54cb86892e1a8c39b90
9d7582853b3655bd690328dfd41eb80670bc141c
743bcc7fa784313c0018a8e2e0689b45227b34f6cf793c4aefded72b188af6fa

HTTP Headers

OPTIONS /channel/optin-visitor HTTP/1.1
Host: api.cleverpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.vouchers-sg-51.com/
Origin: https://www.vouchers-sg-51.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: application/json; charset=utf-8
content-length: 0
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-headers: origin, x-requested-with, content-type, accept, accept-language
access-control-allow-methods: OPTIONS, GET, POST, PATCH, PUT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7Ad3CrgU28Uurfacj0xenaUWx2Q%2FfvV3LtoZO1GYKDJUtUtL30zozNOA9UMAmKYEILEvSRjIPb4I7OwSz441MsT0sTBtGE5TxNEEfWSn3fPxesTiUpKnBD8LLHLiM1L%2B9wtiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7789b2761b81fabc-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/wingame/74/css/series.css?2022-12-12.2

104.18.11.234

200 OK

27 kB

URL HTTP/2
www.vouchers-sg-51.com/_global/wingame/74/css/series.css?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
27 kB (27057 bytes)
Hash
aad3826028e4e9e1433225ecddc12549
0802ecca9ae7b19ecf742236c4e52706f5329369
a714c1f97744ab11c7dc57b8c6cb5b4c83213d063c53987350822cd82d334ebf

HTTP Headers

GET /_global/wingame/74/css/series.css?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Apr 2022 09:50:17 GMT
etag: W/"625e85d9-616e"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fceeab4fd-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a3e13e78f90788c56a93f7ffd9be884
bb6e2205661434f2eb8964f59b8f0d950c11ba0d
48f33f6b844a6e9f9087e6ce54394c6af9ded4d02b4d9ba18a9fb711eb180b2c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48F33F6B844A6E9F9087E6CE54394C6AF9DED4D02B4D9BA18A9FB711EB180B2C"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11019
Expires: Tue, 13 Dec 2022 00:57:50 GMT
Date: Mon, 12 Dec 2022 21:54:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a3e13e78f90788c56a93f7ffd9be884
bb6e2205661434f2eb8964f59b8f0d950c11ba0d
48f33f6b844a6e9f9087e6ce54394c6af9ded4d02b4d9ba18a9fb711eb180b2c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48F33F6B844A6E9F9087E6CE54394C6AF9DED4D02B4D9BA18A9FB711EB180B2C"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11019
Expires: Tue, 13 Dec 2022 00:57:50 GMT
Date: Mon, 12 Dec 2022 21:54:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a3e13e78f90788c56a93f7ffd9be884
bb6e2205661434f2eb8964f59b8f0d950c11ba0d
48f33f6b844a6e9f9087e6ce54394c6af9ded4d02b4d9ba18a9fb711eb180b2c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48F33F6B844A6E9F9087E6CE54394C6AF9DED4D02B4D9BA18A9FB711EB180B2C"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11019
Expires: Tue, 13 Dec 2022 00:57:50 GMT
Date: Mon, 12 Dec 2022 21:54:11 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7a3e13e78f90788c56a93f7ffd9be884
bb6e2205661434f2eb8964f59b8f0d950c11ba0d
48f33f6b844a6e9f9087e6ce54394c6af9ded4d02b4d9ba18a9fb711eb180b2c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48F33F6B844A6E9F9087E6CE54394C6AF9DED4D02B4D9BA18A9FB711EB180B2C"
Last-Modified: Mon, 12 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11019
Expires: Tue, 13 Dec 2022 00:57:50 GMT
Date: Mon, 12 Dec 2022 21:54:11 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8841 bytes)
Hash
9051770b3587c195bea670f8820e8cfe
abf58087f0e345202da088238daea85d177b431b
f687a10c0ae63699a551977e9a4ec5bc7ba606b1925178d7ed4ec6728889bb2e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9aa9678b-479f-4894-b9e7-3d05e236f19c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8841
x-amzn-requestid: 09b64f8e-60c0-4cf6-a0dc-15e597bd9d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c5eMWH7MIAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393aa4e-3471ee5f5a78b55c424e2c6d;Sampled=0
x-amzn-remapped-date: Fri, 09 Dec 2022 21:36:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wk9BI6v5Q6COMKhEiVyGW07a43hO-gddJZdFGb-Miu4LuOa7azKqyQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 22:36:02 GMT
age: 83889
etag: "abf58087f0e345202da088238daea85d177b431b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d2521f8-aba3-4e43-a61f-566b33d81a58.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7235 bytes)
Hash
61696fbb8743437b191c7141bc43228f
9f3da5618cd81d8b94b89a38860b5ea0e677b181
e299f7842035dfae92b63c388613da806030c9e70f6344dd0c8e9176baa2a671

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d2521f8-aba3-4e43-a61f-566b33d81a58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7235
x-amzn-requestid: e718a827-339f-47c3-ba93-870818e8be5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c83b3HgvoAMFiwg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639505e5-6d9ec8a939af617b7ce5f3ed;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 22:19:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5YmFEB4u4FakAcTVYzxgtp7S4SpMQirzSC4njjh97hFX6v8iPkUCVg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Dec 2022 23:15:34 GMT
age: 81517
etag: "9f3da5618cd81d8b94b89a38860b5ea0e677b181"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/cgi-bin/global.pl?todo=log_misc&ident=cleverpush_show

104.18.11.234

200 OK

9.7 kB

URL HTTP/2
www.vouchers-sg-51.com/cgi-bin/global.pl?todo=log_misc&ident=cleverpush_show
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
9.7 kB (9703 bytes)
Hash
cc301d52ed615f5b1ac5f3f820484644
761d35d4de2474f5ed91a3440dbe9b4f37db7eba
96bfb7389229699fe08af173fa3385655b4309398285e1680344fa4fc6b18283

HTTP Headers

GET /cgi-bin/global.pl?todo=log_misc&ident=cleverpush_show HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: text/html
x-map-context: sg
x-served-by: d-02
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7789b275ef9cb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3bd4c12-e778-472e-ac9c-d2cd99425501.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6619 bytes)
Hash
f885add3e7cb373da8fbb0e773b169d0
b5d9aea1fcf2c7139710dd8b1cf06f595f59e3a2
8e527efa846977908cbf1b9b82f6a09fc84a512f62286c5ef4410b6ffd76d3cd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3bd4c12-e778-472e-ac9c-d2cd99425501.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6619
x-amzn-requestid: 3f7210b8-b010-4d13-9ea2-ab331dfb6700
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c0rHIHhjoAMFixQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6391befa-090c90f7543e16cb678e0524;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 10:39:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: USIXU8S44hzxs_HMcUDEwyxD-DkuIxUBtawh1uMo4p_7PGLMSwewLw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 07:44:31 GMT
age: 50980
etag: "b5d9aea1fcf2c7139710dd8b1cf06f595f59e3a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa97997d5-6f2f-45e7-8b56-795bebd84b54.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12503 bytes)
Hash
554fa9188556c1f0dac094819827a9e9
71c7162977f3ff9baf295d684ad45ab394ba33f2
910391e3686ed9314b09693500ccd41995efcdef8d2f4df7eb4c327f2eac2eff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa97997d5-6f2f-45e7-8b56-795bebd84b54.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12503
x-amzn-requestid: 805024f4-b82a-4a3d-b0ef-045572febf05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dDWeeG2lIAMF3vQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63979df6-358be30b5b63c8bb5248871d;Sampled=0
x-amzn-remapped-date: Mon, 12 Dec 2022 21:32:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XiL6HKsj9KMDsukD4kroJFGBFTKJd002Jr8xTDkjXKS8b_lOokLAyw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Dec 2022 21:53:49 GMT
age: 759
etag: "71c7162977f3ff9baf295d684ad45ab394ba33f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/wingame/global/js/global.js?2022-12-12.2

104.18.11.234

200 OK

5.0 kB

URL HTTP/2
www.vouchers-sg-51.com/wingame/global/js/global.js?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
5.0 kB (5019 bytes)
Hash
ef4cbe3aaecf5c52a6a2fb2af46d770c
5b8ea475d7a89995744808de2eadde183fc9af2a
4a63d2f8c478d375968d644ed11fe91366ecfb944477b58f4e21e1df697dda0e

HTTP Headers

GET /wingame/global/js/global.js?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
last-modified: Tue, 19 May 2020 09:57:38 GMT
etag: W/"5ec3ad92-1ef"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b26fdf0eb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/fonts/font-awesome-4.6.3/css/font-awesome.min.css?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/_global/fonts/font-awesome-4.6.3/css/font-awesome.min.css?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /_global/fonts/font-awesome-4.6.3/css/font-awesome.min.css?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Thu, 18 Aug 2016 09:52:51 GMT
etag: W/"57b58573-71c7"
x-map-context: sg
x-served-by: d-03
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fbee0b4fd-OSL
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,700

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Dec 2022 21:54:10 GMT
date: Mon, 12 Dec 2022 21:54:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/wingame/50/css/sweepstake.css?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/wingame/50/css/sweepstake.css?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /wingame/50/css/sweepstake.css?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 07 Nov 2022 14:24:35 GMT
etag: W/"63691523-183a"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fcef1b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/favicon.ico

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/favicon.ico
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: image/x-icon
last-modified: Mon, 04 May 2020 09:08:58 GMT
etag: W/"5eafdbaa-10be"
x-map-context: sg
x-served-by: d-04
expires: Tue, 13 Dec 2022 21:54:11 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7789b2744d5fb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

api.cleverpush.com/channel/confirm-alert

104.26.14.31

200 OK

0 B

URL HTTP/2
api.cleverpush.com/channel/confirm-alert
IP
104.26.14.31:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /channel/confirm-alert HTTP/1.1
Host: api.cleverpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.vouchers-sg-51.com/
Content-Type: application/json
Origin: https://www.vouchers-sg-51.com
Content-Length: 103
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-headers: origin, x-requested-with, content-type, accept, accept-language
access-control-allow-methods: OPTIONS, GET, POST, PATCH, PUT
strict-transport-security: max-age=15724800; includeSubDomains
x-backend-server: cleverpush-worker-15
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWYOEQiJDv8Gm95htcnGkjzM6xuIq8LV7zt2jF%2B%2BJFflmYVh2W14NcJ%2FWgA1HT5Mxup211hxVaAKv7ixvzSwUUoCh59f3xWd43azDKVdPTYsV29SqL3PgVLfzWsBMdHbAbZa%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7789b2768c0ffabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/css/default.css?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/_global/css/default.css?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_global/css/default.css?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Mon, 18 Feb 2019 07:52:24 GMT
etag: W/"5c6a6438-10e7"
x-map-context: sg
x-served-by: d-01
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fbed7b4fd-OSL
X-Firefox-Spdy: h2

sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com

159.69.145.0

200 OK

0 B

URL HTTP/2
sgapac.mycleverpush.com/iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com
IP
159.69.145.0:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /iframe?origin=https%3A%2F%2Fwww.vouchers-sg-51.com HTTP/1.1
Host: sgapac.mycleverpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: origin, x-requested-with, content-type, accept
cache-control: public, max-age=1800
x-robots-tag: noindex
strict-transport-security: max-age=15724800; includeSubDomains
x-cache-status: HIT
x-backend-server: cleverpush-worker-3
content-encoding: gzip
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/wingame/74/js/series.js?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/_global/wingame/74/js/series.js?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_global/wingame/74/js/series.js?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 25 Nov 2020 12:42:01 GMT
etag: W/"5fbe5119-3e54"
x-map-context: sg
x-served-by: d-01
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fdf13b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/js/framework/MooTools-Core-1.6.0-compressed.js?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/_global/js/framework/MooTools-Core-1.6.0-compressed.js?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /_global/js/framework/MooTools-Core-1.6.0-compressed.js?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 10 Nov 2017 11:48:17 GMT
etag: W/"5a059201-15e64"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fcf08b4fd-OSL
X-Firefox-Spdy: h2

api.cleverpush.com/channel/optin-visitor

104.26.14.31

200 OK

0 B

URL HTTP/2
api.cleverpush.com/channel/optin-visitor
IP
104.26.14.31:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /channel/optin-visitor HTTP/1.1
Host: api.cleverpush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.vouchers-sg-51.com/
Content-Type: application/json
Origin: https://www.vouchers-sg-51.com
Content-Length: 54
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:11 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache
access-control-allow-origin: *
access-control-allow-headers: origin, x-requested-with, content-type, accept, accept-language
access-control-allow-methods: OPTIONS, GET, POST, PATCH, PUT
strict-transport-security: max-age=15724800; includeSubDomains
x-backend-server: cleverpush-worker-15
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29tR%2BX6%2BDDZrlpToqDvS3mCs9fkLIWxgFMyM116%2BWvKbvh3SRrlCcGSinnebYS0ZlHlm3lqXhXhZFwqHVqJmrUWRthdXsFqU1S9dk30pPJxgkAMlQfe1TijP6LLQCOM9mU0JHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7789b2768c07fabc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/cgi-bin/wingame.pl?

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/cgi-bin/wingame.pl?
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cgi-bin/wingame.pl? HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/html;charset=UTF-8
x-firstpage: 1
x-page: pregame
x-map-context: sg
x-served-by: d-01
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7789b26b2f6eb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/_global/wingame/74/themes/black_000000/css/theme.css?2022-12-12.2

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/_global/wingame/74/themes/black_000000/css/theme.css?2022-12-12.2
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /_global/wingame/74/themes/black_000000/css/theme.css?2022-12-12.2 HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 05 Dec 2017 08:06:31 GMT
etag: W/"5a265387-25ef"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fcf03b4fd-OSL
X-Firefox-Spdy: h2

www.vouchers-sg-51.com/files/web/sponsor/_sponsoren/script_50.js

104.18.11.234

200 OK

0 B

URL HTTP/2
www.vouchers-sg-51.com/files/web/sponsor/_sponsoren/script_50.js
IP
104.18.11.234:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /files/web/sponsor/_sponsoren/script_50.js HTTP/1.1
Host: www.vouchers-sg-51.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.vouchers-sg-51.com/cgi-bin/wingame.pl?
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Dec 2022 21:54:10 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 01 Nov 2022 08:39:05 GMT
etag: W/"6360db29-fbf"
x-map-context: sg
x-served-by: d-02
expires: Tue, 13 Dec 2022 21:54:10 GMT
cache-control: public, max-age=86400
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 7789b26fef2db4fd-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations