adleadpro.scaletrk.com/click?o=7323&a=2560
3.72.178.250301 Moved Permanently 134 B URL HTTP/1.1 adleadpro.scaletrk.com/click?o=7323&a=2560
IP 3.72.178.250:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /click?o=7323&a=2560 HTTP/1.1
Host: adleadpro.scaletrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Wed, 14 Sep 2022 21:35:50 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://adleadpro.scaletrk.com:443/click?o=7323&a=2560
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 14 Sep 2022 20:59:23 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -epKgWiUxFPpSBp8r-TgITFvj8mzZqhaE2jfmeu1dWK2LbvGnhShcQ==
Age: 2187
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9910
Expires: Thu, 15 Sep 2022 00:21:00 GMT
Date: Wed, 14 Sep 2022 21:35:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 14 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Yk7ufAWGYdiolgAZfU65R--9wqee9RazbfuSR_jz8UuuMW8Yw7fU3A==
age: 61235
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 4bd3107d19357b8905f44e78671de481
933b4f80a11cd021a0ad5b59d840c1a94dffbbee
d2b90d012733e30df4a8e73a4bfa7310a2cc7a894caf19b05bc965d6ba513a39
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:50 GMT
Last-Modified: Wed, 14 Sep 2022 19:56:35 GMT
Server: ECS (nyb/1D34)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: mRDn3SPTnRUmKztbpQSlI4U0ODXCuYG9o96QD-JOu4ds5YwqU8Nv-w==
Age: 5955
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 14 Sep 2022 21:35:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 14 Sep 2022 21:03:22 GMT
Cache-Control: max-age=3600
Expires: Wed, 14 Sep 2022 21:10:49 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a9120cc3ff449047c990e82a4d5566ba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: auSDgb8AgmS7HbekRpGntMkkqtPtiBRZ98UTiwrrowUfMi3ky2jyyg==
Age: 1948
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 8dcb36acdaedd246e4640c0bee828cc6
4fe91e02b79e9d96c6191da340da233fcd62a0df
78c3078ff3957ebe5d5c5fa726400467b676c13c4eb32452f9782439fbce3e3b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:50 GMT
Server: ECS (dcb/7EA7)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9Dqhwe_ra0HwxDsst6Uc6kE39tWDDAYkUR_mHRSg_WIg_ZbeDFelfg==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3ac56507d17ffff5e8b486406985d68
17d26336cd8ea65af3f23db166945f1b3fbbfbab
e7e321340eed681c1269f715b0214e1511d5762fffbe930e7c157b800afa9a39
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5936
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:50 GMT
Last-Modified: Wed, 14 Sep 2022 19:56:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
adleadpro.scaletrk.com/click?o=7323&a=2560
3.72.178.250302 Found 619 B URL HTTP/2 adleadpro.scaletrk.com/click?o=7323&a=2560
IP 3.72.178.250:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (485)
Hash 6f710625ff636e2000ccfdcb2ba34e0a
9026f2607825b38eff9417ab60c2ff3e229f532d
80dff5dcc74e75f6b005c420631b73de07ae7eb651b1cfaa4b7f3343e452aeb2
GET /click?o=7323&a=2560 HTTP/1.1
Host: adleadpro.scaletrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 14 Sep 2022 21:35:50 GMT
content-type: text/html; charset=UTF-8
location: https://tracking.tgmfr.com/aff_c?offer_id=1555&aff_id=2260&source=adleadpro&aff_sub=2560_&aff_sub2=86c1acd9cff42f910850dfbd89445ace
server: nginx/1.20.0
x-powered-by: PHP/7.4.21
set-cookie: U-3f24bb08a5741e4197af64e1f93a5029=unique; expires=Fri, 14-Oct-2022 21:35:50 GMT; Max-Age=2592000; path=/; secure; SameSite=None
o_3f24bb08a5741e4197af64e1f93a5029=af9919ec-4462-4c73-b12b-54d903c50b14; expires=Wed, 21-Sep-2022 21:35:50 GMT; Max-Age=604800; path=/; secure; SameSite=None
advanced-core=2rmekrsv77jm51mfhtag07gp0o; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
X-Firefox-Spdy: h2
push.services.mozilla.com/
44.228.207.167101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.228.207.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: g1a6tQ/M5D2YNieE8vf6qw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Z0Qxh/dej4qiXI1iAkaAAZHkcKo=
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 0c579bc415583371f8e4bb1cd1baa616
29b87d6595c27d7f2d2f7a29f9a4a23114249447
4ea45294ce084217ce545ba60a437c2a2c5016dead5c87b9a7a859eceb1d7b9d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:51 GMT
Last-Modified: Wed, 14 Sep 2022 21:08:11 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: nAbloyYIBsOOGKNUClp-ILEV3RToDocyH0QyLPB_wE5WRF8FYt98bA==
Age: 1660
cache.consentframework.com/js/pa/26948/c/Ifv2D/stub
104.26.5.102200 OK 1.3 kB URL HTTP/2 cache.consentframework.com/js/pa/26948/c/Ifv2D/stub
IP 104.26.5.102:0
File type ASCII text, with very long lines (1604), with no line terminators
Hash 7e162ec39a826c9c4b6b8e267aae8542
d88b0b60df4a1de5f2ee5a207bc3034f3760cbbf
d50f6fc4dd4142c6f20abe2a4843e8cc1577afb4f5b7cf6e6db651dda3991565
GET /js/pa/26948/c/Ifv2D/stub HTTP/1.1
Host: cache.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: text/javascript; charset=UTF-8
cache-control: max-age=3600
strict-transport-security: max-age=15724800; includeSubDomains; preload
last-modified: Wed, 14 Sep 2022 20:46:42 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BiMcaG6UQtBKOjuRTfmL6eCfZ%2BuolrYG4rLozgFoG%2F1qc%2BBTzX%2Fb5t0KCswEvA0xQJ6y1oAJsdml4iWi9t8mKdYVaCk9ykit1tVnI%2Fb1yZ3Ky2yas5JljNqM8CzkX%2FH92b9lgZIAWejfYQ8N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ac413caca60b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 793f340f5cf0bf7f3f7286e8e933801b
5ef69e8b8b683f5c4793a186f367618ebab6561a
fa9b429030ed39302b94a104c3e4968232e796f71f53e898463471e9faca33d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA9B429030ED39302B94A104C3E4968232E796F71F53E898463471E9FACA33D0"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2352
Expires: Wed, 14 Sep 2022 22:15:03 GMT
Date: Wed, 14 Sep 2022 21:35:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 793f340f5cf0bf7f3f7286e8e933801b
5ef69e8b8b683f5c4793a186f367618ebab6561a
fa9b429030ed39302b94a104c3e4968232e796f71f53e898463471e9faca33d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA9B429030ED39302B94A104C3E4968232E796F71F53E898463471E9FACA33D0"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2293
Expires: Wed, 14 Sep 2022 22:14:04 GMT
Date: Wed, 14 Sep 2022 21:35:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 34de4f79f16cc311ff5db3bd57c35775
e54ab7d879b20e125be3fadebd3718c4a639d884
ae57a0ea1caa11cdbca66a49be0cd942397fdc8c20e5bcd022284387ba23c96b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AE57A0EA1CAA11CDBCA66A49BE0CD942397FDC8C20E5BCD022284387BA23C96B"
Last-Modified: Wed, 14 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16273
Expires: Thu, 15 Sep 2022 02:07:04 GMT
Date: Wed, 14 Sep 2022 21:35:51 GMT
Connection: keep-alive
imgs.tagadamedia.com/contest/prod/us/98/986.jpg
138.199.37.231200 OK 329 kB URL HTTP/2 imgs.tagadamedia.com/contest/prod/us/98/986.jpg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 750x350, components 3\012- data
Size 329 kB (329034 bytes)
Hash 1f64faddc055d55665268f35e118a8be
2ddcb8aab7ecc6cfb2d359e8793f70d2445953ff
1d323a535d35555fa957e52391a712a731925115a2c0dbf32aae364edcce08ed
GET /contest/prod/us/98/986.jpg HTTP/1.1
Host: imgs.tagadamedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: image/jpeg
content-length: 329034
server: BunnyCDN-DE-863
cdn-pullzone: 61945
cdn-uid: 5d127034-96a6-45e8-a482-4f40615f18db
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 15 Jun 2020 15:27:11 GMT
x-amz-id-2: SmtJGyMbKzYMcVMEB5ZKkADpB7nMhny6N9LKJRYLw0UDy9T9bQRwGsFTnJEUxM73dB58OtRTkHs=
x-amz-request-id: R1XSFED2S2JESJBJ
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 09/13/2022 12:52:37
cdn-edgestorageid: 863
cdn-status: 200
cdn-requestid: a04cd510fffcd49cda3d607dc3bcf78e
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
imgs.tagadamedia.com/contest/prod/us/98/985.jpg
138.199.37.231200 OK 451 kB URL HTTP/2 imgs.tagadamedia.com/contest/prod/us/98/985.jpg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 580x690, components 3\012- data
Size 451 kB (451232 bytes)
Hash beaeb8d7c49518bd880b0c9dade6ff4e
6641774bfc17ba49b286b6b71520419690734719
1462d6017c07e5aa62cc74c6ec9e59a150452bc6a92dbd71625fcbf236c07616
GET /contest/prod/us/98/985.jpg HTTP/1.1
Host: imgs.tagadamedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: image/jpeg
content-length: 451232
server: BunnyCDN-DE-863
cdn-pullzone: 61945
cdn-uid: 5d127034-96a6-45e8-a482-4f40615f18db
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 15 Jun 2020 15:27:10 GMT
x-amz-id-2: aIb8O6C/7p/fB/APH4u6vdAoua+v8wJmjJWlE/8L9udv+l22JTgh4xT/+7H5hlytI83CWpZFhT4=
x-amz-request-id: R1XVYJXCJ42WVFEE
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 09/13/2022 12:52:37
cdn-edgestorageid: 756
cdn-status: 200
cdn-requestid: 3b6e780e2c3a0170662436ef15aba209
cdn-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
choices.consentframework.com/js/pa/26948/c/Ifv2D/cmp
51.158.29.13200 OK 208 kB URL HTTP/1.1 choices.consentframework.com/js/pa/26948/c/Ifv2D/cmp
IP 51.158.29.13:0
File type Unicode text, UTF-8 text, with very long lines (65513), with no line terminators
Size 208 kB (208311 bytes)
Hash 31c14a804adc52571fe9680b87db5817
34060575c8229281f7bb9626d5a152df1b2d3ff9
06768ce10435f60f797fef94b0ec964ceeb7dd9952feae7700363b6feb695dbd
GET /js/pa/26948/c/Ifv2D/cmp HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:51 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=3600
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Content-Encoding: gzip
vouchersavenue.com/css/themes/bigbtn.css?id=72502ea78e1c771fbd56
34.224.77.61200 OK 12 kB URL HTTP/2 vouchersavenue.com/css/themes/bigbtn.css?id=72502ea78e1c771fbd56
IP 34.224.77.61:0
File type ASCII text, with very long lines (12099), with no line terminators
Hash 72502ea78e1c771fbd569868fc6d2237
cb073d1f8b5b2fd005ec23897a7f30d9f853fcf3
e1f2f8f22b4b0be6c762fca0c0e431a065a74fe83d90ace130cba88b371852a7
Analyzer Verdict Alert fortinet Phishing
GET /css/themes/bigbtn.css?id=72502ea78e1c771fbd56 HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/online-payment-gift-card/signup/1
Cookie: AWSALB=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; AWSALBCORS=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: text/css
content-length: 12099
set-cookie: AWSALB=eRnjK04xGTEMpknqcHDGv5KrvpVYBlKu/mO/L+BFgdUHWaTpnMDQyCT7aw4wQGdLH1W3gthbcrUrVqWGWX1tvLFOmOvVLeJXyWKRXol3sYAUMT51MMQVvU0lmVmK; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/
AWSALBCORS=eRnjK04xGTEMpknqcHDGv5KrvpVYBlKu/mO/L+BFgdUHWaTpnMDQyCT7aw4wQGdLH1W3gthbcrUrVqWGWX1tvLFOmOvVLeJXyWKRXol3sYAUMT51MMQVvU0lmVmK; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.1
last-modified: Wed, 14 Sep 2022 15:27:14 GMT
etag: "6321f2d2-2f43"
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2
vouchersavenue.com/ehawktalon.js
34.224.77.61200 OK 44 kB URL HTTP/2 vouchersavenue.com/ehawktalon.js
IP 34.224.77.61:0
File type Unicode text, UTF-8 text, with very long lines (32046)
Hash c220ef9c60efe1d6dd5cd2b1bdb13e69
c7d6622fdd3f96b59ea0b224fa32d64e17cadf09
6168d2efb0d3eb49178246a7e68b1d3dc71e0314c46876aa10eb258bb61f6171
Analyzer Verdict Alert fortinet Phishing
GET /ehawktalon.js HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/online-payment-gift-card/signup/1
Cookie: AWSALB=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; AWSALBCORS=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: application/javascript
content-length: 43847
set-cookie: AWSALB=pYXy8yzZmKNsHwQYsa2Lzw0fOZGGLLuvho/SLg/tSYo9GNHExjlrqj1cVQ3oqI1HHIqegxCiiJvZ7X45ydbILoLiQkrxq4c2ysyWHbhwfcH4NfpwvqUF78Q0f00K; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/
AWSALBCORS=pYXy8yzZmKNsHwQYsa2Lzw0fOZGGLLuvho/SLg/tSYo9GNHExjlrqj1cVQ3oqI1HHIqegxCiiJvZ7X45ydbILoLiQkrxq4c2ysyWHbhwfcH4NfpwvqUF78Q0f00K; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.1
last-modified: Tue, 02 Aug 2022 09:45:52 GMT
etag: "62e8f250-ab47"
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10568
Expires: Thu, 15 Sep 2022 00:32:00 GMT
Date: Wed, 14 Sep 2022 21:35:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10568
Expires: Thu, 15 Sep 2022 00:32:00 GMT
Date: Wed, 14 Sep 2022 21:35:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9bfbb189fcbbdc76ff274e424f39053
de008d728f2274f08019c97bc969ddd6fe64a65d
a4f07d30f29e785e2ee605aee590ab928c3e1412f4dc61ff163cf32445cc3af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A4F07D30F29E785E2EE605AEE590AB928C3E1412F4DC61FF163CF32445CC3AF4"
Last-Modified: Tue, 13 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10568
Expires: Thu, 15 Sep 2022 00:32:00 GMT
Date: Wed, 14 Sep 2022 21:35:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56811a1a20a467464e1f3da171ef8b14
366b2090d409d694b72b4b4131df46dd65d69c5a
4c208fb88884166adf4ecc5882f75948b4a87d85c76ad6e7137e8edbd125c996
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff2b71bb0-fd92-43d0-8cd0-b426d0b88ee8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15547
x-amzn-requestid: a78f7d90-84c3-4198-88bf-1d722c37f09f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4EUDoAMF13A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-49535e5525606250306488ba;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CWzE6n2U7hSFcSIHX5z76DPIid9pvbOqM6ikOlegBxzbuRThMeLKZA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:11 GMT
age: 4481
etag: "366b2090d409d694b72b4b4131df46dd65d69c5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f5befd5bb8e6d5dad2465be69d5a33e4
e5b46c3ca439a09950290cada1af5e27cede10f2
4dc0a3373fb4c1830c4e2420dddbcbe8dceecf10e969cbe8d02368e41207832c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34a3d36b-806f-4fea-a370-b26c1e8473d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5988
x-amzn-requestid: a0d81c7a-14e3-443d-8fb7-19241f06d3c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yaux0H77IAMF2_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f80b-0fe6fbbe75e891b925f88dc2;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: sXVy7OFoVpLgfEUTqNaYBESwKOhqP9mG-uOb80Ye6bFb518BB-Panw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:11 GMT
age: 4481
etag: "e5b46c3ca439a09950290cada1af5e27cede10f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vouchersavenue.com/js/app.js?id=b69bfdb8cbdf6e831bd3
34.224.77.61200 OK 962 kB URL HTTP/2 vouchersavenue.com/js/app.js?id=b69bfdb8cbdf6e831bd3
IP 34.224.77.61:0
File type Unicode text, UTF-8 text, with very long lines (61143), with no line terminators
Size 962 kB (961898 bytes)
Hash b69bfdb8cbdf6e831bd37b6b7f80e7e9
936c1e2c6531dbe6e174ed470936dfae0f1cd2be
97f80638f2d190e82815f8ecf6e85a17abbb629f5b273058a7300517f4dcb6e6
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js?id=b69bfdb8cbdf6e831bd3 HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/online-payment-gift-card/signup/1
Cookie: AWSALB=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; AWSALBCORS=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: application/javascript
content-length: 961898
set-cookie: AWSALB=MWgnOGEaxPg+9yJuWl05HzQKLejChnTF2v8UTPd49BvYQVSOSj8IgKCh3RWyLwvueGAvsJY4n+kd3FSLP7Vn1dzFD2YpqYyenu9XJLQ9kf3wIC+55w7Xz4+RQbGh; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/
AWSALBCORS=MWgnOGEaxPg+9yJuWl05HzQKLejChnTF2v8UTPd49BvYQVSOSj8IgKCh3RWyLwvueGAvsJY4n+kd3FSLP7Vn1dzFD2YpqYyenu9XJLQ9kf3wIC+55w7Xz4+RQbGh; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.1
last-modified: Wed, 14 Sep 2022 15:27:14 GMT
etag: "6321f2d2-ead6a"
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c1314c7778ea0d32e8c69dae0c38b6d
c4772b9b182f9f905fead84f3761fe296073ca65
5fc8dc23f9b4d150b834aa69b358edd9f9f5f449607df07d579df66098d8aac6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10366
x-amzn-requestid: c66a0e06-d45c-4d16-ba0c-bf6a2368cfc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YVQPkH2RoAMFX2w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ec730-5174741f2d86d3ea018e452f;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 05:44:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 0ieBLVDdyIQuPO5pdM8wzjY2XwaMhLJhJWAUtsLfgiWTKVBTOws1tQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 17:55:53 GMT
age: 13199
etag: "c4772b9b182f9f905fead84f3761fe296073ca65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fef8234ab83f6f8f8b29665f592cbc9f
a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7
569c8c9736026fc310e148d4d74081e96a86245baaa1f784280d44a1cbd25ed0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16b1b829-b672-479c-964a-2f636f65f91e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14151
x-amzn-requestid: d5bc9be4-af3a-40fd-bfc9-1ac4769d2d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv4GhboAMF2dA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7ff-375df72d2d67582635b9e4ae;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: CZRpgjU_AxNYoyeSTOwhJhONl2DS4pvCLJ62RgAFp0flw-kPz3GkpQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 19:32:55 GMT
age: 7377
etag: "a3e706d6309e4a9d7b293f2b9255f1550ba5e9b7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0789404fdbe3613d465d8fa89a63d7b8
0617d2e513097ca415a1d07cd39b1cb64d832ecf
80e55e383f354113c3694bbcc00fd1c544a97079bd3c462f1b90e952c0634bac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8cb650f7-1b0f-4a3d-898f-97b846afe9db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10138
x-amzn-requestid: bdf798d9-6729-4363-a900-f32c4041d0c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YU5qsGZ-oAMFQ1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ea311-7b146c0620a83d5c00446f87;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 03:10:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qXiu9j6ht1_T8fMsK5WXU-t7EQGF8tqVDO-wcl4QoFmCQEpdU5mjug==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:10 GMT
age: 4482
etag: "0617d2e513097ca415a1d07cd39b1cb64d832ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed1a966e9770807ef8b4f57a5113d29a
d843a3d371ee0424004f68ccc32ce06e6bc6e6c7
4932c01d3db39a9ac2f0f7e2693af95e5a334697edfd8d078fd52e421ba43721
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-P645S3F
142.250.74.72200 OK 66 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-P645S3F
IP 142.250.74.72:0
File type ASCII text, with very long lines (63457)
Hash fa098f7928873bac5d831841fe5bb5d0
ce776527f39b7ca57981ad0ca2275b12306896cb
4c18e47fbd68fd3979d72cfebb352d86eb3b4bb4d2ab38dc2d0ddbb7d89b24cd
GET /gtm.js?id=GTM-P645S3F HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 14 Sep 2022 21:35:52 GMT
expires: Wed, 14 Sep 2022 21:35:52 GMT
cache-control: private, max-age=900
last-modified: Wed, 14 Sep 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 66454
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ed1a966e9770807ef8b4f57a5113d29a
d843a3d371ee0424004f68ccc32ce06e6bc6e6c7
4932c01d3db39a9ac2f0f7e2693af95e5a334697edfd8d078fd52e421ba43721
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
choices.consentframework.com/api/v1/public/consent-string
51.158.29.13200 OK 0 B URL HTTP/1.1 choices.consentframework.com/api/v1/public/consent-string
IP 51.158.29.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v1/public/consent-string HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vouchersavenue.com/
Origin: https://vouchersavenue.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:53 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
choices.consentframework.com/api/v1/public/user-action
51.158.29.13200 OK 0 B URL HTTP/1.1 choices.consentframework.com/api/v1/public/user-action
IP 51.158.29.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v1/public/user-action HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vouchersavenue.com/
Origin: https://vouchersavenue.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:53 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
choices.consentframework.com/api/v1/public/consent-string
51.158.29.13200 OK 241 B URL HTTP/1.1 choices.consentframework.com/api/v1/public/consent-string
IP 51.158.29.13:0
File type JSON data\012- , ASCII text, with very long lines (444), with no line terminators
Hash b0bfebd6d4b7541c153341ae304e8280
ce48cf95198cb72abf2efe0ff59a5f5e3945c876
5f0145cd880109126184493514bc4a9fa4bf315d683ac91430d6a62cdd18369e
POST /api/v1/public/consent-string HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
Content-Type: application/json
Origin: https://vouchersavenue.com
Content-Length: 535
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:53 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
Content-Encoding: gzip
choices.consentframework.com/api/v1/public/user-action
51.158.29.13200 OK 0 B URL HTTP/1.1 choices.consentframework.com/api/v1/public/user-action
IP 51.158.29.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v1/public/user-action HTTP/1.1
Host: choices.consentframework.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
Content-Type: application/json
Origin: https://vouchersavenue.com
Content-Length: 159
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:53 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 383f68e6eb2573ef429abab15d5d6f5d
181090f71b01a7c5441a89ee2b26357851b880eb
e8c97705035e1dc9311e14bba7fe989415ce238f5b71279765964043650d5d9e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6559
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:53 GMT
Last-Modified: Wed, 14 Sep 2022 19:46:35 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
js.cookieless-data.com/GS.d?pa=26948&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&r=&rand=1663191338598&gdpr=1&gdpr_consent=CPfSv8APfSv8ABcAIBENCgCgAAAAAH_AABpwIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKAJMNW4gC7MscCbQMIoEQIwrCQqAUAEFAMLRAYAODgp2VgE-sIGACAUARgRAhxBRgwCAAASAJCIAJAiwQCIAiAQAAgARCIQAETAIKACwMAgABANAxACgAECQgyICIpTAgKgSCA1sqEEoK9DTCAOs8AKBRGxUACJJABSAAJCwcAwRICViyQJMUb5AAAA&globalscope=false&cookieless_optout=0&tbp=true
212.129.3.113200 OK 0 B URL HTTP/1.1 js.cookieless-data.com/GS.d?pa=26948&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&r=&rand=1663191338598&gdpr=1&gdpr_consent=CPfSv8APfSv8ABcAIBENCgCgAAAAAH_AABpwIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKAJMNW4gC7MscCbQMIoEQIwrCQqAUAEFAMLRAYAODgp2VgE-sIGACAUARgRAhxBRgwCAAASAJCIAJAiwQCIAiAQAAgARCIQAETAIKACwMAgABANAxACgAECQgyICIpTAgKgSCA1sqEEoK9DTCAOs8AKBRGxUACJJABSAAJCwcAwRICViyQJMUb5AAAA&globalscope=false&cookieless_optout=0&tbp=true
IP 212.129.3.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /GS.d?pa=26948&uf_bday=&uf_gender=&cmp=0&u=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&r=&rand=1663191338598&gdpr=1&gdpr_consent=CPfSv8APfSv8ABcAIBENCgCgAAAAAH_AABpwIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARKAJMNW4gC7MscCbQMIoEQIwrCQqAUAEFAMLRAYAODgp2VgE-sIGACAUARgRAhxBRgwCAAASAJCIAJAiwQCIAiAQAAgARCIQAETAIKACwMAgABANAxACgAECQgyICIpTAgKgSCA1sqEEoK9DTCAOs8AKBRGxUACJJABSAAJCwcAwRICViyQJMUb5AAAA&globalscope=false&cookieless_optout=0&tbp=true HTTP/1.1
Host: js.cookieless-data.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Wed, 14 Sep 2022 21:35:53 GMT
Content-Length: 0
Connection: keep-alive
Expires: Tue, 01 Jan 2000 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
X-Xss-Protection: 0
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
P3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Strict-Transport-Security: max-age=15724800; includeSubDomains; preload
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fcb6a572b3b9950d361ac1741f7d0547
5dc50a5e0fda3332e625901fb645420becd68fa2
431a883c35035a83616ef850bd5f3a9d4d3247d54bc2ca90bc2b4026de27941a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "431A883C35035A83616EF850BD5F3A9D4D3247D54BC2CA90BC2B4026DE27941A"
Last-Modified: Mon, 12 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3294
Expires: Wed, 14 Sep 2022 22:30:47 GMT
Date: Wed, 14 Sep 2022 21:35:53 GMT
Connection: keep-alive
data.perfmaker.net/website/614210c6324d8/tag.js
212.83.189.65200 OK 1.3 kB URL HTTP/1.1 data.perfmaker.net/website/614210c6324d8/tag.js
IP 212.83.189.65:0
File type ASCII text, with very long lines (655)
Hash 0ea86643881ed1ec98181e79cdd4896b
45d33ed775febe62f73236d9994680a4f0e3e81c
4267182750d321d46f84e432fa5151e804d3e79baba20d98eeeee0dfe954b671
GET /website/614210c6324d8/tag.js HTTP/1.1
Host: data.perfmaker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-powered-by: Express
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
etag: W/"fac-SSgATG4Yd4piSQtgauC969rTic4"
content-encoding: gzip
date: Wed, 14 Sep 2022 21:35:53 GMT
keep-alive: timeout=5
transfer-encoding: chunked
set-cookie: sid=s6; path=/
cache-control: private
analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRK97NBJ857475I0MEDG
104.84.152.241200 OK 39 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/sdk.js?sdkid=BRK97NBJ857475I0MEDG
IP 104.84.152.241:0
ASN #20940 Akamai International B.V.
Hash 46538c2bf3eb2e8e11e6d453da208f92
591d2b24030d832f2f33602e6c331c4159357e02
ceadffbfe91b9722a4be76486c3c9f0defdbe8a6a3f57ae2adcdac5f93412740
GET /i18n/pixel/sdk.js?sdkid=BRK97NBJ857475I0MEDG HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022091421355366927A0FD6AA92972299
x-tt-trace-host: 014c3d3a48b720cad047ee4725ef00c61ea9100f488fbe968d3522ee3004f59590ea15ff6df0f5f25efdc81d2b18545aa2bdcc6083d835b626a13e257f0c5ec0b8d50637171ba9a9a309721ac9f06a1a0d
content-encoding: gzip
expires: Wed, 14 Sep 2022 21:35:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 14 Sep 2022 21:35:53 GMT
x-cache: TCP_MISS from a104-84-152-237.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=95
x-origin-response-time: 95,104.84.152.237
x-akamai-request-id: 2698f2f
X-Firefox-Spdy: h2
tag.perfmaker.net/version/perfmaker-v1.52.2/perfmaker.2.js
35.190.50.134200 OK 76 kB URL HTTP/2 tag.perfmaker.net/version/perfmaker-v1.52.2/perfmaker.2.js
IP 35.190.50.134:0
File type ASCII text, with very long lines (65465)
Hash 1808f20b45f59f131697e477d12717c6
5d5a359f02bdb7ce1a3c34b7c910a1f5c193bafc
d408855f4a7ded56720ff69f8e1156d9585607031649407bb16f1d08eb8bf5cd
GET /version/perfmaker-v1.52.2/perfmaker.2.js HTTP/1.1
Host: tag.perfmaker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycduOwLsZ5U6ZIhlNSvp5AnV5WIZCplyjIdFpThZ_BQ4_ZzL8OBuLFndwcHDFr0HX7TeKVYGh1XDMYrUQhae1qHLyReNA_DPz
x-goog-generation: 1658924556448927
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 76140
content-encoding: gzip
x-goog-hash: crc32c=voNflg==, md5=GAjyC0X1nxMWl+R30ScXxg==
x-goog-storage-class: STANDARD
accept-ranges: bytes
vary: Accept-Encoding
content-length: 76140
server: UploadServer
date: Wed, 14 Sep 2022 21:35:53 GMT
last-modified: Wed, 27 Jul 2022 12:22:36 GMT
etag: "1808f20b45f59f131697e477d12717c6"
content-type: application/javascript; charset=utf-8
age: 0
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 33704362984f24f802fcb0ca87a5df20
2300aa55ff1e8cf1709e4ecd51c79df854064cd6
1eefe393886003081e0498febaa9b898b55947b82ef2f0859d46840616316820
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:53 GMT
Last-Modified: Wed, 14 Sep 2022 21:21:23 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7K2CTkoR0P0247Ut_v2se9VZQ9u2VV6zoD_TlwG0i7SswLPTItYEmA==
Age: 870
ocsp.pki.goog/s/gts1d4/jAc1Y0BkrUA
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/jAc1Y0BkrUA
IP 142.250.74.3:0
Hash be06c9912d57fb43cb5884b9c28e0163
e5bab69aeaf97303887a4013e99313c4e85338d8
00f6db42e3c45d5511b0d08192bf45f0168b9f29627be985b5aa869f657fe34e
POST /s/gts1d4/jAc1Y0BkrUA HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:53 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577
52.21.229.184301 Moved Permanently 134 B URL HTTP/2 api.trustedform.com/trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577
IP 52.21.229.184:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /trustedform.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577 HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: awselb/2.0
date: Wed, 14 Sep 2022 21:35:53 GMT
content-type: text/html
content-length: 134
location: https://cdn.trustedform.com:443/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 2046757bd1cf33c955ae88f3bb337e6e
27bb80614abebcc6d2c4bf8297a02ef0cfbd599e
f59b6cb18177afbbd65851ca5dd60425ea67342c00a2be75886b297315820599
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:53 GMT
Last-Modified: Wed, 14 Sep 2022 20:06:30 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bskh88csgM-CAaurvM-WyKEFvpfDsEtLIk4TmnoO44ESan1qB9yp6g==
Age: 5363
data.perfmaker.net/data/website/614210c6324d8/settings/d18cb54287d2ac7592e9a43a479c3ba01be06f92
212.83.189.65200 OK 2.8 kB URL HTTP/1.1 data.perfmaker.net/data/website/614210c6324d8/settings/d18cb54287d2ac7592e9a43a479c3ba01be06f92
IP 212.83.189.65:0
File type Unicode text, UTF-8 text, with very long lines (20974), with no line terminators
Hash e7be8254ab9709d2130b03d06bd86f88
6f3399a8daddc943fffdc336bc32e2f2a1217437
411d3dd477057b740de4d3f44a211b7b693a3ecf03237e88f59775080a46ca75
GET /data/website/614210c6324d8/settings/d18cb54287d2ac7592e9a43a479c3ba01be06f92 HTTP/1.1
Host: data.perfmaker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
Origin: https://vouchersavenue.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-powered-by: Express
access-control-allow-origin: https://vouchersavenue.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
etag: W/"51f1-F7Pd6wipuOwigQQtZSMl1kTvO4w"
content-encoding: gzip
date: Wed, 14 Sep 2022 21:35:53 GMT
keep-alive: timeout=5
transfer-encoding: chunked
set-cookie: sid=s5; path=/
cache-control: private
analytics.tiktok.com/api/v2/pixel
104.84.152.241200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP 104.84.152.241:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 768
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Cookie: _ttp=2EmCQ9PPr3IEcC9cmaBtRAXEqww
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 202209142135532964DF6DC39C1DACFD3B
x-tt-trace-host: 014c3d3a48b720cad047ee4725ef00c61ea9100f488fbe968d3522ee3004f595906cf0a916e04eb3316e0e2cc718f429dc68013edf7a01613c5b76d3afd38b0de9c1e186f3c9f1188529a39d19e439bccf
expires: Wed, 14 Sep 2022 21:35:54 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 14 Sep 2022 21:35:54 GMT
x-cache: TCP_MISS from a104-84-152-237.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=12, cdn-cache; desc=MISS, edge; dur=1, origin; dur=112
x-origin-response-time: 112,104.84.152.237
x-akamai-request-id: 2699240
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 97030f66fc9056c1f836f123093ac4c1
246967f1a3afad77530c74bf5fcd7225e588a032
26b4ab464b83c0956d81f56846dba143755692fb0b79d5dbd6161d60c7c896e0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:54 GMT
Last-Modified: Wed, 14 Sep 2022 21:02:10 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: woBeWOPKabAd5TaanzCxNGXmIbohw-DhTR0vj-W50hBjDodVsrvH3g==
Age: 2024
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Wed, 14 Sep 2022 20:41:12 GMT
expires: Wed, 14 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 3282
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ed97a4b82680caefc4ffdebf786e12fc
a638a68f346844709bac57a92bf3d2c28043165e
b81ed44963f5d8b54c62e7fe18db301d3c8eeaf8fbbfb099270562156e12fdc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1623)
Hash 4738d969770682feba80f04bf171d65b
be0e0ceb91bf5ed0c64b0f3f2cc2c99c6d4cd6b7
1daca97cf9e8078299f94c50346e45fead45bf908ca97ded912f26986c1c4e9a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 14 Sep 2022 21:35:54 GMT
expires: Wed, 14 Sep 2022 21:35:54 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 15579141248118922429
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 39aa25d8411997d98f9093c19b0ccbca
3cb31e92d707cd561897042ed1a09de5a79e7108
f1b7b71241b580ec34281f5addc49d716eac9ecc46a3217e646c76e6dc8d4578
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
trc.pushnami.com/api/push/track
44.198.94.52204 No Content 0 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 44.198.94.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Referer: https://vouchersavenue.com/
Origin: https://vouchersavenue.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 14 Sep 2022 21:35:54 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age: 86400
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
d2m2wsoho8qq12.cloudfront.net/iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE
143.204.42.229200 OK 1.4 kB URL HTTP/1.1 d2m2wsoho8qq12.cloudfront.net/iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE
IP 143.204.42.229:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ef825b8a88a51cd76a51d08dfc1d4f99
5bf247bd91a4be0c3b76a70ec8e5e462de0e9f3b
2ac453ec379c3e7b0fa69b810ecf2d6771de3e7611a2599a20f8e8ce9a240af1
GET /iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE HTTP/1.1
Host: d2m2wsoho8qq12.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 02 Jun 2022 15:26:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 14 Sep 2022 02:41:42 GMT
ETag: W/"6298d697-dbb"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GGSBKKd6Y-KFmxqG9kYUFj3j_0FbbMARwQ5taVIJCBgfCIt7suXmJg==
Age: 68052
create.lidstatic.com/campaign/beb516a1-60ed-00cc-73eb-a6a318cfa8e9.js?snippet_version=2
104.22.39.182200 OK 40 kB URL HTTP/2 create.lidstatic.com/campaign/beb516a1-60ed-00cc-73eb-a6a318cfa8e9.js?snippet_version=2
IP 104.22.39.182:0
File type Unicode text, UTF-8 text, with very long lines (32003)
Hash f9c19cad4d5aa6e37042af02b0584433
837bf19bd0fdf76cbc674ff52ccebc189bb9bd7f
8a8eae68cb78d99bad8f8d79f853d039622af72e2a9183c012e069629e90d705
GET /campaign/beb516a1-60ed-00cc-73eb-a6a318cfa8e9.js?snippet_version=2 HTTP/1.1
Host: create.lidstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:53 GMT
content-type: text/javascript
x-amz-id-2: u+9i8AXqm83xfnCwTct1wPywLoGS3oF0W1GkjhOVQYyj1zPwzBiEyKIQcznj27cVdDwEDT6EbDo=
x-amz-request-id: 2XV6PZPDH97THGZV
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Nov 2021 01:06:02 GMT
etag: W/"a26a2a7efa03d037874965870726da4a"
cache-control: max-age=1800
x-amz-version-id: C0ArZgU5VyyGfHMzwlfuO_22EOgyVHi9
cf-cache-status: REVALIDATED
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ac4145cd891695-ARN
content-encoding: gzip
X-Firefox-Spdy: h2
trc.pushnami.com/api/push/track
44.198.94.52200 OK 2 B URL HTTP/2 trc.pushnami.com/api/push/track
IP 44.198.94.52:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /api/push/track HTTP/1.1
Host: trc.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
content-type: application/x-www-form-urlencoded
key: 5cc0bb93e04a8c20b5240228
Origin: https://vouchersavenue.com
Content-Length: 76
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:54 GMT
content-type: text/html; charset=utf-8
content-length: 2
access-control-allow-origin: *
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 9a7e2ecf1fe98ead4eeb4cafb67f5680
c630293be9b9028f801714d7d973c1a0ffc78e01
fd7d70bda273c88c4a5b45749280f7309b5b432c5b46cfa0409bb14a52123aac
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:54 GMT
Last-Modified: Wed, 14 Sep 2022 19:48:34 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o2wL_DRM7yG9YtlW12e-gwNePrvsG5PyKR3iV6tkrNStVT3n_xEgSQ==
Age: 6440
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0dfd060e0fb8dec42e8f52f8db247b61
d6f33b6390aa9a4b34375d58009977926bc1fff3
17e3d9698e2cd4caf0cbf66b71393b473300fb9a8a4b6f7b97f421e93d54ec44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/973571488/?random=1663191339794&cv=9&fst=1663191339794&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&auid=566673402.1663191339&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.34200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/973571488/?random=1663191339794&cv=9&fst=1663191339794&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&auid=566673402.1663191339&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.34:0
File type ASCII text, with very long lines (2324), with no line terminators
Hash 5688813feaebc88afbb0d46bfefe792e
7417c7613558172406a7d5ea0d6dca99d3772ad9
4260f62900bdc5543e461ad3f5d965ae7be1fe1d62bfaa165299f38a76c4fcbd
GET /pagead/viewthroughconversion/973571488/?random=1663191339794&cv=9&fst=1663191339794&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&ig=0&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&auid=566673402.1663191339&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 21:35:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1053
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 14-Sep-2022 21:50:54 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/SaveDom?msn=2&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654601
54.172.138.183200 OK 491 B URL HTTP/2 create.leadid.com/2.11.9/SaveDom?msn=2&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654601
IP 54.172.138.183:0
Hash c86eb5fc36b857c9a1c771940cf99c93
9d85dc4b081eb5a4fadfa5ed670ea6353ded1550
bd1dd0ecf650c3125ef043ec42efa37d629e16ab23f157ce53fe2384cf5071c1
POST /2.11.9/SaveDom?msn=2&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654601 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 494
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:54 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguserid=d15446c8-3436-4055-99c4-11e79e247a23; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
pwrkr.s3.amazonaws.com/push-worker-sdk-TAGA2958.js
54.231.161.201200 OK 222 B URL HTTP/1.1 pwrkr.s3.amazonaws.com/push-worker-sdk-TAGA2958.js
IP 54.231.161.201:0
Hash c86f20d2163476bfa9d8c8ddb4d9ab5b
c79017b2c0c8a134d646d43eab957c1a0dae504e
88535ddc6ee6525237614935cf4a2a3ac15797263a4468a65082ab4b788d94c1
GET /push-worker-sdk-TAGA2958.js HTTP/1.1
Host: pwrkr.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: hc9LLXEMT4fMteGOz3nr1lLsxbJ974RUiAROT6fBX1NabiSn4thBK2SscCjaIEL7KWhKuT758Yo=
x-amz-request-id: 1VG3B211CPYYACRP
Date: Wed, 14 Sep 2022 21:35:55 GMT
Last-Modified: Wed, 30 Mar 2022 18:54:24 GMT
ETag: "c86f20d2163476bfa9d8c8ddb4d9ab5b"
x-amz-version-id: qXUXhRDuiTMcAHML6mtY_O8jIrrAfEra
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 222
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a8b2bb270d78a6dddeb5b7fa01bd896c
eee28c4dd10c090f100c6ed383392b67d9fb9200
5c929c1a5e85ed508916eda62cccedb3ef1a5f407468596fa2726c476e2a9340
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/973571488/?random=1663191339794&cv=9&fst=1663189200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&async=1&fmt=3&is_vtc=1&random=184110432&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/973571488/?random=1663191339794&cv=9&fst=1663189200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&async=1&fmt=3&is_vtc=1&random=184110432&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/973571488/?random=1663191339794&cv=9&fst=1663189200000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9c0&sendb=1&frm=0&url=https%3A%2F%2Fvouchersavenue.com%2Fonline-payment-gift-card%2Fsignup%2F1&tiba=Vouchers%20Avenue%20%3A%20Online%20Payment%20Gift%20Card&async=1&fmt=3&is_vtc=1&random=184110432&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 14 Sep 2022 21:35:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 7ffff0f3056e3d8c10b04033d4597b9c
e6bf132931600ce807b5429e8a119a9be10ae4b9
1de746d024d7a53b403b51b778c7d54024c1d0e60899fe8d9fbf43c95feb540b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:54 GMT
Last-Modified: Wed, 14 Sep 2022 20:37:42 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: py6JA5FcESOAWbuhxW8g8vLTBW77B1xVV13VAkouNVwl6v3Mbbm8DQ==
Age: 3492
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a8b2bb270d78a6dddeb5b7fa01bd896c
eee28c4dd10c090f100c6ed383392b67d9fb9200
5c929c1a5e85ed508916eda62cccedb3ef1a5f407468596fa2726c476e2a9340
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-61353733-5&cid=1709057191.1663191340&jid=1548662189&gjid=142421305&_gid=988354582.1663191340&_u=KGBAAEACQAAAAC~&z=355935450
142.251.1.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-61353733-5&cid=1709057191.1663191340&jid=1548662189&gjid=142421305&_gid=988354582.1663191340&_u=KGBAAEACQAAAAC~&z=355935450
IP 142.251.1.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-61353733-5&cid=1709057191.1663191340&jid=1548662189&gjid=142421305&_gid=988354582.1663191340&_u=KGBAAEACQAAAAC~&z=355935450 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://vouchersavenue.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 14 Sep 2022 21:35:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20620ba615dba1de34528390492c3f53
2ca43d3a828682e10eb7638972b79b7136395e2b
12cf30cf1de58b4bab8af4a5d159b42909c554ae7b34e6f7361d9a49f1e861b7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 14 Sep 2022 21:35:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.39200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.39:0
Hash 97faaf6005407548ff0272d9e1a98648
ba158be2e35066dea0fdd56dea458234c6d03cc7
a6d63a06f0c2df3de7f31591e450be08f230c5c7f13eed0dc135f0e6296dfa46
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 14 Sep 2022 21:35:54 GMT
Last-Modified: Wed, 14 Sep 2022 21:10:32 GMT
Server: ECS (nyb/1D08)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4ZbQ_aEnwSXCSM3qolrs8LGR8GtHnNMceJC1MjdHq5XjWMhJ_V08Jg==
Age: 1522
s3.amazonaws.com/pushext.com/sdk-v3.03.js
54.231.225.224200 OK 28 kB URL HTTP/1.1 s3.amazonaws.com/pushext.com/sdk-v3.03.js
IP 54.231.225.224:0
File type ASCII text, with CRLF line terminators
Hash ddcd86ed61e2264d6ebcfd75102f02ee
e0eccfc8ea444bd5eabcf38e22240b4db80fe34a
d568a00003589ad112ddf1f8a27c4cbf7b63a80b1df39a26d1ebc2f185417e53
GET /pushext.com/sdk-v3.03.js HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: OVFWlmmtnbKTIfeBPwgN+F0jUvYmIxXvDnnwRiHmbKOIBJQgZ9+oTwMwVBeVebVMWdVAHa224E4=
x-amz-request-id: 1VG2NDRP2WGD87AY
Date: Wed, 14 Sep 2022 21:35:55 GMT
Last-Modified: Wed, 30 Mar 2022 18:55:32 GMT
ETag: "ddcd86ed61e2264d6ebcfd75102f02ee"
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 28274
api.trustedform.com/certs
52.21.229.184201 Created 475 B URL HTTP/2 api.trustedform.com/certs
IP 52.21.229.184:0
File type JSON data\012- , ASCII text, with very long lines (475), with no line terminators
Hash 03e44c912393deaf206a250efa10518f
b0c2baf362b151c522c7cda1278a77c8114ef22d
b355ae3da7b1f536fa45489374145618379334b0cefaf3e3b845563ec641988e
POST /certs HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 607
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 201 Created
date: Wed, 14 Sep 2022 21:35:55 GMT
content-type: application/json; charset=utf-8
content-length: 475
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
cdn.trustedform.com/trustedform-1.8.27.js
54.230.111.111200 OK 37 kB URL HTTP/2 cdn.trustedform.com/trustedform-1.8.27.js
IP 54.230.111.111:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 08335f1e85b835c25668df2e83c9e7fc
47ecc8b72f8c01db652609600460210ce8b19be4
bcb9d021b46d55929c2d8a48ae569bf41de1ac0eb460e9aa73933142142f186a
GET /trustedform-1.8.27.js HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 6olc5v40B1RpRJGb5GYISB93fSUp4tqK
server: AmazonS3
content-encoding: gzip
date: Wed, 14 Sep 2022 21:35:55 GMT
etag: W/"2f557edcc84fd346c897a4d565e57ac0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oiszz0wBUfwcj1_XPjkniFFEmQToDft_656BIt9L9nTqZa1nvjs1oA==
age: 4
X-Firefox-Spdy: h2
psp.pushnami.com/api/psp
54.160.25.113200 OK 69 B IP 54.160.25.113:0
File type JSON data\012- , ASCII text, with no line terminators
Hash cef934af42a2b3c3a2ef347da15d70ee
f83f1f069fcc230e3c9397653eef8ddd4d66c9a9
47e250e449472cb557a99ef04f6b6b5a407034f197d911e6301193c20c2f1cee
OPTIONS /api/psp HTTP/1.1
Host: psp.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Referer: https://vouchersavenue.com/
Origin: https://vouchersavenue.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:55 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://vouchersavenue.com
access-control-allow-credentials: true
access-control-expose-headers: content-type, content-length, etag
access-control-max-age: 600
access-control-allow-headers: key
access-control-allow-methods: POST
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
api.trustedform.com/certs/8375a6e73dfb473ac7827da224efcb94bdeffecd/events
52.21.229.184204 No Content 0 B URL HTTP/2 api.trustedform.com/certs/8375a6e73dfb473ac7827da224efcb94bdeffecd/events
IP 52.21.229.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /certs/8375a6e73dfb473ac7827da224efcb94bdeffecd/events HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1898
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 14 Sep 2022 21:35:55 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=4&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654603
54.172.138.183200 OK 20 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=4&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654603
IP 54.172.138.183:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /2.11.9/InitFormData?msn=4&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654603 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 1079
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:55 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:55 GMT; Max-Age=2592000; path=/
rguserid=3900ae08-492a-4f9c-bd7d-777bc20fcb04; expires=Fri, 14-Oct-2022 21:35:55 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:55 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:55 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/Snap?msn=5&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654604
54.172.138.183200 OK 20 B URL HTTP/2 create.leadid.com/2.11.9/Snap?msn=5&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654604
IP 54.172.138.183:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /2.11.9/Snap?msn=5&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654604 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 199261
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:57 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguserid=ac6ad90e-7a6d-4edc-aaab-3f3881275925; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/Snap?msn=7&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654606
54.172.138.183200 OK 20 B URL HTTP/2 create.leadid.com/2.11.9/Snap?msn=7&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654606
IP 54.172.138.183:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /2.11.9/Snap?msn=7&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654606 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 35928
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:57 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguserid=e2a9e28a-0422-4cb9-b162-65aa3fe600f3; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 80786e640acccfa61ef2aaa27a2a95fa
94663318844e6567f2d160d620eb9ed777fba2a3
686348c1aa038c5109c39c3491524a98bcfc5b1559568391ba7fb240a285a064
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c86775f-a6ef-49b2-85ad-4272db5b9f42.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9467
x-amzn-requestid: d14b460e-2aa5-41c8-9a8b-4da671156014
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yauv3HJJoAMFWgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6320f7fe-0643dea6458034ab51d840d5;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bpaoKS9MpDIEnACyamR-jJJD_abgkQtbgKLoWB_XsD5j59_z0xDhwg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 14 Sep 2022 20:21:01 GMT
age: 4498
etag: "94663318844e6567f2d160d620eb9ed777fba2a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/identify.js
104.84.152.241200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP 104.84.152.241:0
ASN #20940 Akamai International B.V.
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022091421355323DCFD1D9C1A3DBCED79
x-tt-trace-host: 014c3d3a48b720cad047ee4725ef00c61e38a0d78b3a2a780a7134bf39a63bb315678310a75c0bb785a6bf56a446abed755a104df35d2b8e6ffcdbcfc62f957abeaec3c418c31f7deb8da6cb2c7dd00f32109db8971d370f479e106e398e166740
content-encoding: gzip
x-origin-response-time: 10,23.218.222.21
x-akamai-request-id: 319061b2.26990f0
expires: Wed, 14 Sep 2022 21:35:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 14 Sep 2022 21:35:53 GMT
x-cache: TCP_MISS from a104-84-152-237.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-218-222-21.deploy.akamaitechnologies.com (AkamaiGHost/10.9.4-44125806) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=10, inner; dur=4
x-parent-response-time: 107,104.84.152.237
X-Firefox-Spdy: h2
deviceid.trueleadid.com/iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE
3.210.54.31200 OK 0 B URL HTTP/2 deviceid.trueleadid.com/iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE
IP 3.210.54.31:0
GET /iframe.html?token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=BEB516A1-60ED-00CC-73EB-A6A318CFA8E9&lac=A223F9AF-E7A0-7D87-DD28-D0C442307BFE HTTP/1.1
Host: deviceid.trueleadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d2m2wsoho8qq12.cloudfront.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:54 GMT
content-type: text/html
server: nginx
last-modified: Mon, 13 Jun 2022 14:52:50 GMT
etag: W/"62a74f42-1049"
expires: Thu, 15 Sep 2022 21:35:54 GMT
p3p: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2
psp.pushnami.com/api/psp
54.160.25.113200 OK 0 B IP 54.160.25.113:0
POST /api/psp HTTP/1.1
Host: psp.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
content-type: application/x-www-form-urlencoded
key: 5cc0bb93e04a8c20b5240228
Origin: https://vouchersavenue.com
Content-Length: 46
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:55 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: https://vouchersavenue.com
access-control-allow-credentials: true
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip
X-Firefox-Spdy: h2
vouchersavenue.com/online-payment-gift-card/?lastname={lastname}&firstname={firstname}&gender={gender}&email={email}&birthdate={birthdate}&phone={phone}&address={address}&postal_code={postal_code}&locality={locality}&administrative_area_level_1={state}&source=adleadpro&aff_sub=2560_&aff_sub2=86c1acd9cff42f910850dfbd89445ace&aff_sub3=&hoid=102d50487ba590bb95464cfda6f1dc
34.224.77.61302 Found 0 B URL HTTP/2 vouchersavenue.com/online-payment-gift-card/?lastname={lastname}&firstname={firstname}&gender={gender}&email={email}&birthdate={birthdate}&phone={phone}&address={address}&postal_code={postal_code}&locality={locality}&administrative_area_level_1={state}&source=adleadpro&aff_sub=2560_&aff_sub2=86c1acd9cff42f910850dfbd89445ace&aff_sub3=&hoid=102d50487ba590bb95464cfda6f1dc
IP 34.224.77.61:0
GET /online-payment-gift-card/?lastname={lastname}&firstname={firstname}&gender={gender}&email={email}&birthdate={birthdate}&phone={phone}&address={address}&postal_code={postal_code}&locality={locality}&administrative_area_level_1={state}&source=adleadpro&aff_sub=2560_&aff_sub2=86c1acd9cff42f910850dfbd89445ace&aff_sub3=&hoid=102d50487ba590bb95464cfda6f1dc HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: text/html; charset=UTF-8
location: https://vouchersavenue.com/online-payment-gift-card?source=adleadpro&aff_sub=2560_&aff_sub2=86c1acd9cff42f910850dfbd89445ace&hoid=102d50487ba590bb95464cfda6f1dc
set-cookie: AWSALB=R0BYr758Dwmxx7Kx9lYExqGv5lxms5v4ffk8gsJM3n1uucfB5QUHv6mgpRK8ERhrnz6dv/eQpUgW+Wi87v8fyrfcINhzAANXyN3WKBKXW/e89eViljhgGZvjLy5F; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/
AWSALBCORS=R0BYr758Dwmxx7Kx9lYExqGv5lxms5v4ffk8gsJM3n1uucfB5QUHv6mgpRK8ERhrnz6dv/eQpUgW+Wi87v8fyrfcINhzAANXyN3WKBKXW/e89eViljhgGZvjLy5F; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/; SameSite=None; Secure
contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t; path=/; secure; httponly; samesite=none
server: nginx/1.23.1
x-powered-by: PHP/8.1.3
cache-control: no-cache, private
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/pushnami-adv/5cc0bb93e04a8c20b5240228
54.230.111.53200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v1/pushnami-adv/5cc0bb93e04a8c20b5240228
IP 54.230.111.53:0
GET /scripts/v1/pushnami-adv/5cc0bb93e04a8c20b5240228 HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 14 Sep 2022 21:35:53 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 731ql-x4iZ0U-hpE71exzLwptpXwqyV6Q2-rvdMh0k8YABM65xPhxg==
X-Firefox-Spdy: h2
vouchersavenue.com/service-worker.js
34.224.77.61200 OK 0 B URL HTTP/2 vouchersavenue.com/service-worker.js
IP 34.224.77.61:0
Analyzer Verdict Alert fortinet Phishing
GET /service-worker.js HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: AWSALB=OijNuACXeS8umINTUjZe7swn8/5/D+9h7GJ+CmzJ+67zrMSGJjkChW3XxD0eNai5eKHfmt2/Hjc9RSEyEngt32YIqL+muuV3dX1nsYTEgLWK8e8NUNaVRgVfa79l; AWSALBCORS=OijNuACXeS8umINTUjZe7swn8/5/D+9h7GJ+CmzJ+67zrMSGJjkChW3XxD0eNai5eKHfmt2/Hjc9RSEyEngt32YIqL+muuV3dX1nsYTEgLWK8e8NUNaVRgVfa79l; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t; _gcl_au=1.1.566673402.1663191339; _tt_enable_cookie=1; _ttp=e8ae4ee9-3a7b-451c-a4eb-fc651e0ff431
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:53 GMT
content-type: application/x-javascript
set-cookie: AWSALB=/i8e/gG8AseyAn97YB7bLPVGdi+iCe+8AaM261rW++9ZfdfDH5PHIZX6KNukZmblv4fHLpwdn3wTjbD0zLMsAN7n0vh7qPWTPVo/wtiohEpct2Mvikbc+iYPlSC6; Expires=Wed, 21 Sep 2022 21:35:53 GMT; Path=/
AWSALBCORS=/i8e/gG8AseyAn97YB7bLPVGdi+iCe+8AaM261rW++9ZfdfDH5PHIZX6KNukZmblv4fHLpwdn3wTjbD0zLMsAN7n0vh7qPWTPVo/wtiohEpct2Mvikbc+iYPlSC6; Expires=Wed, 21 Sep 2022 21:35:53 GMT; Path=/; SameSite=None; Secure
contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t; path=/; secure; httponly; samesite=none
server: nginx/1.23.1
x-powered-by: PHP/8.1.3
cache-control: no-cache, private
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/GenerateToken?msn=1&pid=394f4815-acee-4183-b867-71eb7bbcaed0&_=362654600
54.172.138.183200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/GenerateToken?msn=1&pid=394f4815-acee-4183-b867-71eb7bbcaed0&_=362654600
IP 54.172.138.183:0
POST /2.11.9/GenerateToken?msn=1&pid=394f4815-acee-4183-b867-71eb7bbcaed0&_=362654600 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 203
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:54 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguserid=fafcfe79-417a-4496-b267-cd8600849697; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v1/hub
54.230.111.53200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v1/hub
IP 54.230.111.53:0
GET /scripts/v1/hub HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Wed, 14 Sep 2022 21:31:23 GMT
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: X-Requested-With
content-security-policy: default-src 'unsafe-inline' *
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XEM2Pr-M0M5agJqSa90VZ57jmjqszpGcxop3alMTQmXxknimtDmHqg==
age: 271
X-Firefox-Spdy: h2
api.pushnami.com/scripts/v2/pushnami-sw/5cc0bb93e04a8c20b5240228
54.230.111.53200 OK 0 B URL HTTP/2 api.pushnami.com/scripts/v2/pushnami-sw/5cc0bb93e04a8c20b5240228
IP 54.230.111.53:0
GET /scripts/v2/pushnami-sw/5cc0bb93e04a8c20b5240228 HTTP/1.1
Host: api.pushnami.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 14 Sep 2022 21:34:33 GMT
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v2PxGwuoH6qBXGPwBFz0oND89VOsPcg06fLUr0X1o1taZ026oRp64Q==
age: 82
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/config.js?sdkid=BRK97NBJ857475I0MEDG&hostname=vouchersavenue.com
104.84.152.241200 OK 0 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=BRK97NBJ857475I0MEDG&hostname=vouchersavenue.com
IP 104.84.152.241:0
ASN #20940 Akamai International B.V.
GET /i18n/pixel/config.js?sdkid=BRK97NBJ857475I0MEDG&hostname=vouchersavenue.com HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20220914213553DC3DABC5EECE68C744FA
x-tt-trace-host: 014c3d3a48b720cad047ee4725ef00c61ea9100f488fbe968d3522ee3004f59590ea15ff6df0f5f25efdc81d2b18545aa2917174e929872a182ca4a9ecd291fd4fc733c7ac22c8a5ca20cfc026f9fa6ffa
content-encoding: gzip
expires: Wed, 14 Sep 2022 21:35:53 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 14 Sep 2022 21:35:53 GMT
x-cache: TCP_MISS from a104-84-152-237.deploy.akamaitechnologies.com (AkamaiGHost/10.9.3-43949849) (-)
vary: Accept-Encoding
set-cookie: _ttp=2EmCQ9PPr3IEcC9cmaBtRAXEqww; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=98
x-origin-response-time: 98,104.84.152.237
x-akamai-request-id: 26990f9
X-Firefox-Spdy: h2
cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577
54.230.111.111200 OK 0 B URL HTTP/2 cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577
IP 54.230.111.111:0
GET /bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl&l=16631913387710.3407047968738577 HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vouchersavenue.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 14 Sep 2022 21:35:54 GMT
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 9tpprjSXF1V1i663qaS1L8y.yb5CQ2dA
etag: W/"97d91c9803cec4e7981c0f415c2c1923"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ayZw9836cSeifIgfhyQHYA2sFmFEd9Qlv5F_uHq3tcSALiLeJnVxVw==
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/Snap?msn=6&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654605
54.172.138.183200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/Snap?msn=6&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654605
IP 54.172.138.183:0
POST /2.11.9/Snap?msn=6&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654605 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 199261
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:57 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguserid=e1d9d401-c8cb-42ff-a0de-cb4c54d8b050; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:57 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
vouchersavenue.com/css/app.css?id=b245adff1dd0b543463a
34.224.77.61200 OK 0 B URL HTTP/2 vouchersavenue.com/css/app.css?id=b245adff1dd0b543463a
IP 34.224.77.61:0
Analyzer Verdict Alert fortinet Phishing
GET /css/app.css?id=b245adff1dd0b543463a HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/online-payment-gift-card/signup/1
Cookie: AWSALB=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; AWSALBCORS=fXdHOaPtZSRp3JZYveNEJvk6S9MoDK+ofFp+XlTFXm1kV5A+6ACrHOUFTP/QDGx+CB5G6XXBffGopIye0A8YCMKePfBLCRalZf7J+8D1k7/GFkiqBwUaszxhAGpb; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:51 GMT
content-type: text/css
content-length: 245026
set-cookie: AWSALB=GD6xtfHUTLMz72f1fImZqAdi4ftSq504+1GFBqjQMtoTzBIe0XkQzQfDXJjNyqGwvjFLa3QgJD6Q2j9dibipWrV8iaKC1300kigUHA36lyye5U5ZVJxOb8fNjMUT; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/
AWSALBCORS=GD6xtfHUTLMz72f1fImZqAdi4ftSq504+1GFBqjQMtoTzBIe0XkQzQfDXJjNyqGwvjFLa3QgJD6Q2j9dibipWrV8iaKC1300kigUHA36lyye5U5ZVJxOb8fNjMUT; Expires=Wed, 21 Sep 2022 21:35:51 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.1
last-modified: Wed, 14 Sep 2022 15:27:14 GMT
etag: "6321f2d2-3bd22"
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
X-Firefox-Spdy: h2
vouchersavenue.com/online-payment-gift-card/facebook/page-view
34.224.77.61200 OK 0 B URL HTTP/2 vouchersavenue.com/online-payment-gift-card/facebook/page-view
IP 34.224.77.61:0
Analyzer Verdict Alert fortinet Phishing
GET /online-payment-gift-card/facebook/page-view HTTP/1.1
Host: vouchersavenue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/online-payment-gift-card/signup/1
Cookie: AWSALB=pYXy8yzZmKNsHwQYsa2Lzw0fOZGGLLuvho/SLg/tSYo9GNHExjlrqj1cVQ3oqI1HHIqegxCiiJvZ7X45ydbILoLiQkrxq4c2ysyWHbhwfcH4NfpwvqUF78Q0f00K; AWSALBCORS=pYXy8yzZmKNsHwQYsa2Lzw0fOZGGLLuvho/SLg/tSYo9GNHExjlrqj1cVQ3oqI1HHIqegxCiiJvZ7X45ydbILoLiQkrxq4c2ysyWHbhwfcH4NfpwvqUF78Q0f00K; contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:52 GMT
content-type: image/gif
set-cookie: AWSALB=OijNuACXeS8umINTUjZe7swn8/5/D+9h7GJ+CmzJ+67zrMSGJjkChW3XxD0eNai5eKHfmt2/Hjc9RSEyEngt32YIqL+muuV3dX1nsYTEgLWK8e8NUNaVRgVfa79l; Expires=Wed, 21 Sep 2022 21:35:52 GMT; Path=/
AWSALBCORS=OijNuACXeS8umINTUjZe7swn8/5/D+9h7GJ+CmzJ+67zrMSGJjkChW3XxD0eNai5eKHfmt2/Hjc9RSEyEngt32YIqL+muuV3dX1nsYTEgLWK8e8NUNaVRgVfa79l; Expires=Wed, 21 Sep 2022 21:35:52 GMT; Path=/; SameSite=None; Secure
contest_session=FQhQcXpaAZbBE9mCmf3iOLmLSVB0wP5tme2LIT4t; path=/; secure; httponly; samesite=none
server: nginx/1.23.1
x-powered-by: PHP/8.1.3
cache-control: no-cache, private
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2
imgs.tagadamedia.com/media/us/20/512x512-2095.svg
138.199.37.231200 OK 0 B URL HTTP/2 imgs.tagadamedia.com/media/us/20/512x512-2095.svg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
GET /media/us/20/512x512-2095.svg HTTP/1.1
Host: imgs.tagadamedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:52 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: BunnyCDN-DE-863
cdn-pullzone: 61945
cdn-uid: 5d127034-96a6-45e8-a482-4f40615f18db
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 24 Jan 2022 11:51:37 GMT
x-amz-id-2: dq+6aIwRz6ew6jjCFE5uHDrPGM+MhI/pcoOqk4ldalXYSzsF7gbTO0tFdwOoi/iyH6cWkqCPoDM=
x-amz-request-id: 8FVCY4XX8FTC6RNV
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 08/20/2022 10:01:02
cdn-edgestorageid: 752
cdn-status: 200
cdn-requestid: 780de80f6c4508a312369d191ebbac2c
cdn-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=3&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654602
54.172.138.183200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=3&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654602
IP 54.172.138.183:0
POST /2.11.9/InitFormData?msn=3&pid=394f4815-acee-4183-b867-71eb7bbcaed0&token=61E9AB7C-0983-8E52-305D-A07B0798F1CC&_=362654602 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 1231
Origin: https://vouchersavenue.com
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:54 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguserid=07fbbfed-f02a-41fe-9975-de0e678ae936; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Fri, 14-Oct-2022 21:35:54 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
188.125.94.206200 OK 0 B IP 188.125.94.206:0
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jrcCiE6GEIANHSwjBfRU7gYzXJ0yeDWcsjjsshnhwXxmokHL7L5Kk2nJSDdBI7izq9oSJfU/pOY=
x-amz-request-id: C7H7H329JWYTRFE5
date: Wed, 14 Sep 2022 20:54:07 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 2508
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
imgs.tagadamedia.com/media/us/20/450x70-2094.svg
138.199.37.231200 OK 0 B URL HTTP/2 imgs.tagadamedia.com/media/us/20/450x70-2094.svg
IP 138.199.37.231:0
ASN #60068 Datacamp Limited
GET /media/us/20/450x70-2094.svg HTTP/1.1
Host: imgs.tagadamedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vouchersavenue.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 14 Sep 2022 21:35:52 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: BunnyCDN-DE-863
cdn-pullzone: 61945
cdn-uid: 5d127034-96a6-45e8-a482-4f40615f18db
cdn-requestcountrycode: NO
cache-control: public, max-age=2592000
last-modified: Mon, 24 Jan 2022 11:51:37 GMT
x-amz-id-2: /E7Ryl6kd+l4YU9U0SJGtdqG+6JuIZmnu/l65ADXNeNcTHnyIB3XTcw18vGteh4ZdJXP/ZurEfQ=
x-amz-request-id: DM4Z62XC492T3S0Y
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-cachedat: 08/08/2022 20:01:30
cdn-edgestorageid: 601
cdn-status: 200
cdn-requestid: ebe32c97d33911b6e042998e7a255eb8
cdn-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2