win-voucher.com Open in urlscan Pro
2606:4700:3034::681c:16f1  Malicious Activity! Public Scan

Submitted URL: http://wereldbeeld.xyz/969d2g8t0202523/MzS1MDAwMbU0NDQ0MzM0stQzTTVKsTQzNTezNDYydNADAA,,/click/aHR0cDovL2hhcmR0YWlsLW10Y...
Effective URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Submission: On January 27 via api from BE

Summary

This website contacted 4 IPs in 5 countries across 6 domains to perform 39 HTTP transactions. The main IP is 2606:4700:3034::681c:16f1, located in United States and belongs to CLOUDFLARENET, US. The main domain is win-voucher.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on September 10th 2019. Valid for: a year.
This is the only time win-voucher.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer) Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 195.123.226.140 59729 (ITL-)
1 1 2001:41d0:701... 16276 (OVH)
1 1 51.75.67.102 16276 (OVH)
36 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a04:4e42:3::621 54113 (FASTLY)
1 13.225.78.100 16509 (AMAZON-02)
39 4
Apex Domain
Subdomains
Transfer
36 win-voucher.com
win-voucher.com
270 KB
1 pushnami.com
api.pushnami.com
7 KB
1 jsdelivr.net
cdn.jsdelivr.net
2 KB
1 downhill-mtb.eu
downhill-mtb.eu
203 B
1 hardtail-mtb.be
hardtail-mtb.be
296 B
1 wereldbeeld.xyz
wereldbeeld.xyz
319 B
39 6
Domain Requested by
36 win-voucher.com win-voucher.com
cdn.jsdelivr.net
1 api.pushnami.com win-voucher.com
1 cdn.jsdelivr.net win-voucher.com
1 downhill-mtb.eu 1 redirects
1 hardtail-mtb.be 1 redirects
1 wereldbeeld.xyz 1 redirects
39 6

This site contains links to these domains. Also see Links.

Domain
manygreatthingsonline.com
superdeluxeevents.com
globalrewards2.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-09-10 -
2020-09-09
a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year crt.sh
*.pushnami.com
Amazon
2019-06-14 -
2020-07-14
a year crt.sh

This page contains 2 frames:

Primary Page: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Frame ID: 556BE7E069473D07655B5FBE9A7D01C1
Requests: 37 HTTP requests in this frame

Frame: https://win-voucher.com/offerwall/shopper_survey/assets/hub.html?s2=GOVH3-455306&s1=1735
Frame ID: 050DFD03F49959BA23945D489D55F93E
Requests: 2 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://wereldbeeld.xyz/969d2g8t0202523/MzS1MDAwMbU0NDQ0MzM0stQzTTVKsTQzNTezNDYydNADAA,,/click/aHR0c... HTTP 302
    http://hardtail-mtb.be/zV1hBkyclRMu7t9gYv HTTP 302
    https://downhill-mtb.eu/aff_c?offer_id=8850&aff_id=3951&aff_sub=1735&aff_sub2=GOVH3-455306&aff_sub3=1 HTTP 302
    https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

39
Requests

97 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

4
IPs

5
Countries

279 kB
Transfer

508 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wereldbeeld.xyz/969d2g8t0202523/MzS1MDAwMbU0NDQ0MzM0stQzTTVKsTQzNTezNDYydNADAA,,/click/aHR0cDovL2hhcmR0YWlsLW10Yi5iZS96VjFoQmt5Y2xSTXU3dDlnWXY HTTP 302
    http://hardtail-mtb.be/zV1hBkyclRMu7t9gYv HTTP 302
    https://downhill-mtb.eu/aff_c?offer_id=8850&aff_id=3951&aff_sub=1735&aff_sub2=GOVH3-455306&aff_sub3=1 HTTP 302
    https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
win-voucher.com/offerwall/shopper_survey/
Redirect Chain
  • http://wereldbeeld.xyz/969d2g8t0202523/MzS1MDAwMbU0NDQ0MzM0stQzTTVKsTQzNTezNDYydNADAA,,/click/aHR0cDovL2hhcmR0YWlsLW10Yi5iZS96VjFoQmt5Y2xSTXU3dDlnWXY
  • http://hardtail-mtb.be/zV1hBkyclRMu7t9gYv
  • https://downhill-mtb.eu/aff_c?offer_id=8850&aff_id=3951&aff_sub=1735&aff_sub2=GOVH3-455306&aff_sub3=1
  • https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
31 KB
7 KB
Document
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58d0ecb2a24b209e3455a02f6989caeb6ecd11bd7e8cfc2d47078ed7a103e97c

Request headers

:method
GET
:authority
win-voucher.com
:scheme
https
:path
/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
date
Mon, 27 Jan 2020 12:49:17 GMT
content-type
text/html
set-cookie
__cfduid=d39012673b98830f8326b30519b3c3c5a1580129357; expires=Wed, 26-Feb-20 12:49:17 GMT; path=/; domain=.win-voucher.com; HttpOnly; SameSite=Lax
last-modified
Fri, 17 Jan 2020 09:33:47 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
55bad8860a90d72d-FRA
content-encoding
br

Redirect headers

status
302
date
Mon, 27 Jan 2020 12:49:17 GMT
server
Apache/2.4.6 (CentOS)
x-backend-server
GOVH3
location
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
content-type
text/html; charset=UTF-8
modernizr-2.js
win-voucher.com/offerwall/shopper_survey/assets/
18 KB
7 KB
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/modernizr-2.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d28407398f32d697b111e4945263c10f197961f32dbbeb8a670febb5dfe420b

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
W/"4c1e-59c3e9576454f-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=19486
cf-ray
55bad8867bdad72d-FRA
cf-bgj
minify
jquery.js
win-voucher.com/offerwall/shopper_survey/assets/
91 KB
31 KB
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/jquery.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
530aff8de7840ac26ae374ecbcee42785ebbc96bcfa123bbadcb6679dbdc14a8

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
W/"16b81-59c3e9571672f-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=93057
cf-ray
55bad8867be2d72d-FRA
cf-bgj
minify
prelander.min.js
cdn.jsdelivr.net/npm/oa-frontend-conversiontracking@%5E1.0.9/dist/
4 KB
2 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/oa-frontend-conversiontracking@%5E1.0.9/dist/prelander.min.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a301d44ba9f23475c30a676048611aa17bc9271f41dad382d7204a25a8db4d89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Mon, 27 Jan 2020 12:49:17 GMT
content-length
1497
x-served-by
cache-ams21035-AMS, cache-fra19120-FRA
etag
W/"10b3-KEOrvSqRrF4uHNkBs2GD71SCSGU"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
jquery-1.js
win-voucher.com/offerwall/shopper_survey/assets/
94 KB
32 KB
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/jquery-1.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33158c6da5969dc254037dd573a8a290cb12197b03d03a7c9446f6cea18f783c

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
W/"1762a-59c3e956f5bbb-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=95786
cf-ray
55bad8867be3d72d-FRA
cf-bgj
minify
service-worker.js
win-voucher.com/offerwall/shopper_survey/assets/
211 B
229 B
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/service-worker.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a36f1fb71bec1e87fd32c9a04657951412583a665a4405b174feb0dcedc2d9bc

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
W/"e1-59c3e9580f7aa-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=225
cf-ray
55bad8867be5d72d-FRA
cf-bgj
minify
pushnami.js
win-voucher.com/offerwall/shopper_survey/assets/
323 B
247 B
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/pushnami.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aea989e7eddae706fa7edd31caa6474a5a555171537a26aef354d9836118eee4

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
W/"196-59c3e95791be4-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=406
cf-ray
55bad8867be6d72d-FRA
cf-bgj
minify
5d93a033681d700012b5df5d
win-voucher.com/offerwall/shopper_survey/assets/
24 KB
24 KB
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/5d93a033681d700012b5df5d
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d3296fb98deb62d4255eef1d5cce3e1c1fba5120de1dbb5d64aa51c835b9550

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
DYNAMIC
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
etag
W/"60f7-59c3e9559cc0e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
status
200
cf-ray
55bad8867be7d72d-FRA
style03.css
win-voucher.com/offerwall/shopper_survey/assets/
8 KB
2 KB
Stylesheet
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/style03.css
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff7c3044e8b33a7e133030df14790571ea37abe142082b567d2b856807b252ee

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:14 GMT
server
cloudflare
age
617
etag
W/"2945-59c3e95898721-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=14400
cf-polished
origSize=10565
cf-ray
55bad8867bdcd72d-FRA
cf-bgj
minify
style.html
win-voucher.com/offerwall/shopper_survey/assets/
315 B
244 B
Stylesheet
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/style.html
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 16 Jan 2020 09:38:14 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/html
status
200
cf-ray
55bad8867bddd72d-FRA
script.html
win-voucher.com/offerwall/shopper_survey/assets/
315 B
244 B
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/script.html
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/html
status
200
cf-ray
55bad8867bead72d-FRA
shadowbox.css
win-voucher.com/offerwall/shopper_survey/assets/
3 KB
1 KB
Stylesheet
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/shadowbox.css
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f9bf55a8635791ec446b4f0478f44479ae5ee621b9dc99d3ee4c3b1b8bc6104

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
W/"dda-59c3e9582d43d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=14400
cf-polished
origSize=3546
cf-ray
55bad8867be0d72d-FRA
cf-bgj
minify
shadowbox.js
win-voucher.com/offerwall/shopper_survey/assets/
64 KB
18 KB
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/shadowbox.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01e978849b7144b7240770a0114ef2a0b0ce3e242914c748f43c4717531855c8

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
W/"101c8-59c3e9584fb09-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-polished
origSize=65992
cf-ray
55bad8867bebd72d-FRA
cf-bgj
minify
satsnew.png
win-voucher.com/offerwall/shopper_survey/assets/
10 KB
11 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/satsnew.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9df9cd0420fc04c298ed3b841e4510a301ba1c5494b508cfe0e33bc2a26ea14d

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
"29aa-59c3e957e1175"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad8867becd72d-FRA
content-length
10666
netherlandsflag.png
win-voucher.com/offerwall/shopper_survey/assets/
4 KB
4 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/netherlandsflag.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f88e5374cf4f1e180ae5a1df834d158af580396ab37f8e31c6712909832779ee

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
"1097-59c3e9577a8ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad8869cadd72d-FRA
content-length
4247
43b402ec6d3136d717f8ccb2a82df6d9.png
win-voucher.com/offerwall/shopper_survey/assets/
5 KB
5 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/43b402ec6d3136d717f8ccb2a82df6d9.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a4f5c1fc0e5bf43bf196f8ea5407b7a7a6b6361b5a2267fddccdc5e4ca3d65d

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"12ff-59c3e955e1d8d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886cd21d72d-FRA
content-length
4863
96c98442d8cbe19e0a3a0f94c1ab266e.png
win-voucher.com/offerwall/shopper_survey/assets/
5 KB
5 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/96c98442d8cbe19e0a3a0f94c1ab266e.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20eb0df91b530ba4dca5b2d6f2244da383664daf8861a5fbcc0d5d5c4818f108

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"1280-59c3e955f5227"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886cd27d72d-FRA
content-length
4736
2ebdcbbe75f2e771343491a1541c83b7.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/2ebdcbbe75f2e771343491a1541c83b7.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"5b1-59c3e955831e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886cd4fd72d-FRA
content-length
1457
0039d2a7dcbf1a1b449884e25d738020.jpg
win-voucher.com/offerwall/shopper_survey/assets/
646 B
724 B
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/0039d2a7dcbf1a1b449884e25d738020.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"286-59c3e955ca68b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd5bd72d-FRA
content-length
646
11pro.jpg
win-voucher.com/offerwall/shopper_survey/assets/
4 KB
4 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/11pro.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
832410bab87d55da700ca016dfe5b4ae87ef3295a3998e806027ce016555caf7

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"f44-59c3e955b5a80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd5dd72d-FRA
content-length
3908
9227ed9e10072ce0bac69dc54109221b.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/9227ed9e10072ce0bac69dc54109221b.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ea6b093885ce53036c4b381a1ce1496d53029b9a205fe9471666022efde5d8f

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"494-59c3e9561da9c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd60d72d-FRA
content-length
1172
s10.jpg
win-voucher.com/offerwall/shopper_survey/assets/
6 KB
6 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/s10.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b25f318915e405c84600633c5e0ba3534c856ec3fcfb3332ae49d3e461cb7b18

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:13 GMT
server
cloudflare
age
617
etag
"16ca-59c3e957c8eba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd61d72d-FRA
content-length
5834
ipadpro.jpg
win-voucher.com/offerwall/shopper_survey/assets/
13 KB
13 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/ipadpro.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bf164633b7b17122f9e582fdd06d9b3cea8d4775f50693da7030f7bb624a323

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
"328d-59c3e956d5fe8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd65d72d-FRA
content-length
12941
MACBOOK1.jpg
win-voucher.com/offerwall/shopper_survey/assets/
27 KB
27 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/MACBOOK1.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de56dac9f293a003191f0db3a559e1c59ccbc9bbf6c64cc86fde69937408a8d0

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
"6cef-59c3e9574ab25"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd66d72d-FRA
content-length
27887
note.jpg
win-voucher.com/offerwall/shopper_survey/assets/
13 KB
13 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/note.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c17e0a61b3e0a81116ba57f784f1d292c19bdcc9d6e7ce93d076247ed820118

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Fri, 17 Jan 2020 09:19:49 GMT
server
cloudflare
age
617
etag
"3241-59c52718ce73f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd69d72d-FRA
content-length
12865
tv.jpg
win-voucher.com/offerwall/shopper_survey/assets/
26 KB
26 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/tv.jpg
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e8f03483181c029369c78b5603fd57afae4b266d85d6c808ccd180367d1bb46

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Fri, 17 Jan 2020 09:19:50 GMT
server
cloudflare
age
617
etag
"66bf-59c52718f6bcb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd6bd72d-FRA
content-length
26303
1e6d83832acbb01290e1bfa1a8e8fb92.png
win-voucher.com/offerwall/shopper_survey/assets/
2 KB
2 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/1e6d83832acbb01290e1bfa1a8e8fb92.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18b60afc8548639623f2395f3f828b2ea05d029d0218b9632ee85909ef8071f4

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:10 GMT
server
cloudflare
age
617
etag
"607-59c3e9556bae0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd6fd72d-FRA
content-length
1543
dfc8d9b89c6dddb687ed0ba468ef093d.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/dfc8d9b89c6dddb687ed0ba468ef093d.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b0c81aa2f2e5fda1c499501edad4927ade4d57d5d31887c076e5769e9ea2866

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
"43e-59c3e9569f4e2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd72d72d-FRA
content-length
1086
275a3c6d7250fc618c5f32e5bd565b9a.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
2 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/275a3c6d7250fc618c5f32e5bd565b9a.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
596505ae2d99cbcc964752ea4c998a6b51c5c829c6b8befd5ec5e90571ac6c0a

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"5f6-59c3e95606b69"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd73d72d-FRA
content-length
1526
9687746dd2c717af90e79afa47b8c92b.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/9687746dd2c717af90e79afa47b8c92b.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c6c0ed2601deeefd179e1922d9f017701169372b21079f842fc67e44022a126

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"4a4-59c3e9565d243"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd76d72d-FRA
content-length
1188
52480de1a60ed5f717a3f73abef62e13.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/52480de1a60ed5f717a3f73abef62e13.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"577-59c3e95647698"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd78d72d-FRA
content-length
1399
13863e1661e2893d8bb6c5d912b2f59f.png
win-voucher.com/offerwall/shopper_survey/assets/
1 KB
1 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/13863e1661e2893d8bb6c5d912b2f59f.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4604e524a2131ee561e13c9fe760267a0bbc64ca91027ab92fd355ff4dc1514d

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:11 GMT
server
cloudflare
age
617
etag
"460-59c3e9563325e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd7cd72d-FRA
content-length
1120
Stormin.png
win-voucher.com/offerwall/shopper_survey/assets/
3 KB
3 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/Stormin.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3d577c228bfea41c5c87f3967f34e403578ea27a6c94daa034910e9eb4eaec0

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:14 GMT
server
cloudflare
age
617
etag
"cab-59c3e95864afb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd7ed72d-FRA
content-length
3243
Korea4.png
win-voucher.com/offerwall/shopper_survey/assets/
13 KB
13 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/Korea4.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a7d3e1656bff3cafdfe9413064b8be509fb505378226c108b78c7ca0d7aed31

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
"342b-59c3e9572f5a2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd80d72d-FRA
content-length
13355
bcf7f117acc460e9148a3031c5b6c4e4.png
win-voucher.com/offerwall/shopper_survey/assets/
4 KB
4 KB
Image
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/bcf7f117acc460e9148a3031c5b6c4e4.png
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
597fb65af1d452e7346e3d24adead2908ddf2c3bae4a6ae5c4e7440e33bd39b4

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
"f6b-59c3e95672a05"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
55bad886dd82d72d-FRA
content-length
3947
countdown.js
win-voucher.com/offerwall/shopper_survey/assets/
497 B
342 B
Script
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/countdown.js
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ac816e41740bfa7bbbfcadd182df3177e0d440368d57bc4b45074f95d2caf1b

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
server
cloudflare
age
617
etag
W/"1f1-59c3e95689d20-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
55bad8868c47d72d-FRA
cf-bgj
minify
5d93a033681d700012b5df5d
api.pushnami.com/scripts/v1/pushnami-adv/
24 KB
7 KB
Script
General
Full URL
https://api.pushnami.com/scripts/v1/pushnami-adv/5d93a033681d700012b5df5d
Requested by
Host: win-voucher.com
URL: https://win-voucher.com/offerwall/shopper_survey/assets/pushnami.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.78.100 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-100.fra2.r.cloudfront.net
Software
/
Resource Hash
bb49f87b4f5330878dd5703ea8bc041f254ad3bda32728457b1e56b66ed075cb

Request headers

Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 12:49:18 GMT
via
1.1 a32f966fc5896281eb3de44fd8f57d40.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
vary
accept-encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
no-cache
content-encoding
gzip
x-amz-cf-id
-gYwDjCU9FIdIbbNS4nqbuCN921AyNajl6gv6hH9mKqFEqWLkr9JQQ==
hub.html
win-voucher.com/offerwall/shopper_survey/assets/ Frame 050D
0
0

hub.html
win-voucher.com/offerwall/shopper_survey/assets/ Frame 050D
2 KB
1008 B
Document
General
Full URL
https://win-voucher.com/offerwall/shopper_survey/assets/hub.html?s2=GOVH3-455306&s1=1735
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/oa-frontend-conversiontracking@%5E1.0.9/dist/prelander.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::681c:16f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8bdd32a6145e201365f990fee83a503d022e6013bf33fcb709882f7263ebad7

Request headers

:method
GET
:authority
win-voucher.com
:scheme
https
:path
/offerwall/shopper_survey/assets/hub.html?s2=GOVH3-455306&s1=1735
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
sec-fetch-mode
nested-navigate
referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735
accept-encoding
gzip, deflate, br
cookie
__cfduid=d39012673b98830f8326b30519b3c3c5a1580129357
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://win-voucher.com/offerwall/shopper_survey/index.html?s2=GOVH3-455306&s1=1735

Response headers

status
200
date
Mon, 27 Jan 2020 12:49:17 GMT
content-type
text/html
last-modified
Thu, 16 Jan 2020 09:38:12 GMT
vary
Accept-Encoding,User-Agent
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
55bad886fe0ad72d-FRA
content-encoding
br

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
win-voucher.com
URL
https://win-voucher.com/offerwall/shopper_survey/assets/hub.html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer) Generic (Online)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| html5 object| Modernizr function| yepnope object| respond function| $ function| jQuery object| months object| days object| time object| d string| dateNow function| socle function| asdf function| datehax object| pushWrap function| showFbChkOptIn undefined| o object| Pushnami object| Shadowbox function| nextQuestion function| drawszlider function| selectReward function| showModal object| comments number| slidewhere number| holvanszlider object| mydate number| year number| day number| month number| daym object| jsc function| skip_qq

1 Cookies

Domain/Path Name / Value
.win-voucher.com/ Name: __cfduid
Value: d39012673b98830f8326b30519b3c3c5a1580129357

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pushnami.com
cdn.jsdelivr.net
downhill-mtb.eu
hardtail-mtb.be
wereldbeeld.xyz
win-voucher.com
win-voucher.com
13.225.78.100
195.123.226.140
2001:41d0:701:1100::1f26
2606:4700:3034::681c:16f1
2a04:4e42:3::621
51.75.67.102
01e978849b7144b7240770a0114ef2a0b0ce3e242914c748f43c4717531855c8
0ac816e41740bfa7bbbfcadd182df3177e0d440368d57bc4b45074f95d2caf1b
0e8f03483181c029369c78b5603fd57afae4b266d85d6c808ccd180367d1bb46
18b60afc8548639623f2395f3f828b2ea05d029d0218b9632ee85909ef8071f4
20eb0df91b530ba4dca5b2d6f2244da383664daf8861a5fbcc0d5d5c4818f108
2b0c81aa2f2e5fda1c499501edad4927ade4d57d5d31887c076e5769e9ea2866
2d28407398f32d697b111e4945263c10f197961f32dbbeb8a670febb5dfe420b
2ea6b093885ce53036c4b381a1ce1496d53029b9a205fe9471666022efde5d8f
2f9bf55a8635791ec446b4f0478f44479ae5ee621b9dc99d3ee4c3b1b8bc6104
33158c6da5969dc254037dd573a8a290cb12197b03d03a7c9446f6cea18f783c
3c6c0ed2601deeefd179e1922d9f017701169372b21079f842fc67e44022a126
4604e524a2131ee561e13c9fe760267a0bbc64ca91027ab92fd355ff4dc1514d
530aff8de7840ac26ae374ecbcee42785ebbc96bcfa123bbadcb6679dbdc14a8
58d0ecb2a24b209e3455a02f6989caeb6ecd11bd7e8cfc2d47078ed7a103e97c
596505ae2d99cbcc964752ea4c998a6b51c5c829c6b8befd5ec5e90571ac6c0a
597fb65af1d452e7346e3d24adead2908ddf2c3bae4a6ae5c4e7440e33bd39b4
5c17e0a61b3e0a81116ba57f784f1d292c19bdcc9d6e7ce93d076247ed820118
6a7d3e1656bff3cafdfe9413064b8be509fb505378226c108b78c7ca0d7aed31
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b
7d3296fb98deb62d4255eef1d5cce3e1c1fba5120de1dbb5d64aa51c835b9550
832410bab87d55da700ca016dfe5b4ae87ef3295a3998e806027ce016555caf7
8a4f5c1fc0e5bf43bf196f8ea5407b7a7a6b6361b5a2267fddccdc5e4ca3d65d
8bf164633b7b17122f9e582fdd06d9b3cea8d4775f50693da7030f7bb624a323
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
9df9cd0420fc04c298ed3b841e4510a301ba1c5494b508cfe0e33bc2a26ea14d
a301d44ba9f23475c30a676048611aa17bc9271f41dad382d7204a25a8db4d89
a36f1fb71bec1e87fd32c9a04657951412583a665a4405b174feb0dcedc2d9bc
aea989e7eddae706fa7edd31caa6474a5a555171537a26aef354d9836118eee4
b25f318915e405c84600633c5e0ba3534c856ec3fcfb3332ae49d3e461cb7b18
bb49f87b4f5330878dd5703ea8bc041f254ad3bda32728457b1e56b66ed075cb
c8bdd32a6145e201365f990fee83a503d022e6013bf33fcb709882f7263ebad7
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
de56dac9f293a003191f0db3a559e1c59ccbc9bbf6c64cc86fde69937408a8d0
f3d577c228bfea41c5c87f3967f34e403578ea27a6c94daa034910e9eb4eaec0
f88e5374cf4f1e180ae5a1df834d158af580396ab37f8e31c6712909832779ee
ff7c3044e8b33a7e133030df14790571ea37abe142082b567d2b856807b252ee