urlscan.io logo urlscan.io
SecurityTrails logo

www.corprewardz.com Open in urlscan Pro
182.18.130.96  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://corprewardz.com/
Effective URL: https://www.corprewardz.com/
Submission: On January 26 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 4 domains to perform 46 HTTP transactions. The main IP is 182.18.130.96, located in Bengaluru, India and belongs to CTRLS-AS-IN CtrlS Datacenters Ltd., IN. The main domain is www.corprewardz.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on November 15th 2021. Valid for: a year.
This is the only time www.corprewardz.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 21 182.18.130.96 18229 (CTRLS-AS-...)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
6 182.18.141.50 18229 (CTRLS-AS-...)
2 182.18.130.101 18229 (CTRLS-AS-...)
4 182.18.130.118 18229 (CTRLS-AS-...)
2 202.65.143.119 ()
46 8
21    182.18.130.96 (Bengaluru, India)

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: static-182-18-130-96.ctrls.in
corprewardz.com
www.corprewardz.com
2    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
5    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
6    182.18.141.50 (Bengaluru, India)

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: static-182-18-141-50.ctrls.in
comb9.loylty.com
2    182.18.130.101 (Bengaluru, India)

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: static-182-18-130-101.ctrls.in
analytic.loylty.com
4    182.18.130.118 (Bengaluru, India)

ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN)
PTR: static-182-18-130-118.ctrls.in
images.loylty.com
2    202.65.143.119 (None, )

ASN- ()
recb9.loylty.com
Domain Requested by
19 www.corprewardz.com www.corprewardz.com
6 comb9.loylty.com www.corprewardz.com
5 fonts.gstatic.com fonts.googleapis.com
4 images.loylty.com
2 recb9.loylty.com www.corprewardz.com
2 analytic.loylty.com www.corprewardz.com
2 fonts.googleapis.com www.corprewardz.com
2 corprewardz.com 2 redirects
0 egvb9.loylty.com Failed www.corprewardz.com
0 merb9.loylty.com Failed www.corprewardz.com
46 10

This site contains links to these domains. Also see Links.

Domain
corpbank.com
seal.panaceainfosec.com
www.loylty.com
Subject Issuer Validity Valid
www.corprewardz.com
GeoTrust RSA CA 2018		 2021-11-15 -
2022-12-16		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
*.loylty.com
GeoTrust RSA CA 2018		 2020-07-14 -
2022-10-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.corprewardz.com/
Frame ID: 94B9684B5070DD870057CDFB1762954F
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Corp Rewardz

Page URL History Show full URLs

  1. http://corprewardz.com/ HTTP 301
    https://corprewardz.com/ HTTP 301
    https://www.corprewardz.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • piwik\.js|piwik\.php

Page Statistics

46
Requests

87 %
HTTPS

29 %
IPv6

4
Domains

10
Subdomains

8
IPs

2
Countries

2881 kB
Transfer

3094 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://corprewardz.com/ HTTP 301
    https://corprewardz.com/ HTTP 301
    https://www.corprewardz.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.corprewardz.com/
Redirect Chain
  • http://corprewardz.com/
  • https://corprewardz.com/
  • https://www.corprewardz.com/
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
3ba53cf88842b75b8f6e6d283ba02b93474620b42b4f9ce8ab8aa8d5ae1a9f11
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
public, must-revalidate, max-age=0
Content-Type
text/html
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
Accept-Ranges
bytes
ETag
"0d268e0db6d81:0"
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Date
Wed, 26 Jan 2022 18:28:01 GMT
Via
1.1 ID-471031477c813515 uproxy-05 1.1 ID-7716077300342023 uproxy-5
Content-Length
1184
Connection
Keep-alive

Redirect headers

Content-Type
text/html
Location
https://www.corprewardz.com/
Connection
Keep-Alive
Cache-Control
max-age=86400
Content-Length
180
styles.21a571fc82c01210d2c4.css
www.corprewardz.com/ 		225 KB
225 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
6b6e739342277d5a2a9aef677a591b959e60b8155584187bb71381804a2e0e9a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Fri, 21 Jan 2022 05:58:38 GMT
ETag
"74e03def8bed81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
229996
X-XSS-Protection
1; mode=block
runtime.22d4e56eb25e0a505c39.js
www.corprewardz.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/runtime.22d4e56eb25e0a505c39.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
6cb23300fb48bd7727b63357676a7f5b65483c6abb9d022e3404b5a76791812d
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
2678
X-XSS-Protection
1; mode=block
polyfills.7d808103254ad1cebd42.js
www.corprewardz.com/ 		36 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
477e7f710a2e05cb6659851f4f78d031f0e83ebc1b10ab79ecd57f52bef7904d
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-03, 1.1 ID-7716077300342023 uproxy-3
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
36852
X-XSS-Protection
1; mode=block
scripts.1b2ed32d71d72baaf122.js
www.corprewardz.com/ 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/scripts.1b2ed32d71d72baaf122.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
78b7aef966499fc2752074994d8d90f02647ca0f566d10a35188768208705f42
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
14580
X-XSS-Protection
1; mode=block
vendor.fcd16cc4bfea9e677cbd.js
www.corprewardz.com/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/vendor.fcd16cc4bfea9e677cbd.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
b314dd93ddefa333cf73b00c633e285870209dbf6867e5676188fa3773d06c08
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
1696914
X-XSS-Protection
1; mode=block
main.b585e62f83c9dcde2388.js
www.corprewardz.com/ 		464 KB
464 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/main.b585e62f83c9dcde2388.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
7c2fdeb9626e4613c6e18747e018c2c024e861198aaf0b2a61acf2af48358869
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-03, 1.1 ID-7716077300342023 uproxy-3
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:01 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
474832
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		13 KB
911 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,500i,700,900&display=swap
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
517b2b6c5136b1c751ae5057dd03e1bd210dc228551b42296f99cf2c2c210b78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:28:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 26 Jan 2022 18:28:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 Jan 2022 18:28:03 GMT
icon
fonts.googleapis.com/ 		1 KB
941 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d30288796bd91ad61181640f1b54257191440c67cee533f0c446213545221c75
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:28:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 26 Jan 2022 18:28:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 26 Jan 2022 18:28:03 GMT
icon-96x96.png
www.corprewardz.com/assets/icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/icons/icon-96x96.png
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
90d94d0d6d4286983ade61f4cfd3d1a3864cfbd84d45dc786aa1424f10495c6c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:03 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
3762
X-XSS-Protection
1; mode=block
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,500i,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 21 Jan 2022 13:39:48 GMT
x-content-type-options
nosniff
age
449295
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 21 Jan 2023 13:39:48 GMT
getBankProgram
www.corprewardz.com/portalapi/bankProgram/ 		8 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/portalapi/bankProgram/getBankProgram
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
7ba7394cdda6d71f497ee979f5d8ba01503ffbcae9abee372b0e683e1c5487aa
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.corprewardz.com/
programId
4028c2ac696ba9300169c9b835440035
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
shortName
corp

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
X-Powered-By
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Date
Wed, 26 Jan 2022 18:28:08 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Content-Length
8052
ETag
W/"1f74-IwjJWnCUP+Yj1KntoK4vzkbGpog"
GenerateToken
comb9.loylty.com/V2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/GenerateToken
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
applicationid,channel,client_id,content-type,moduleid,programid,sign_auth,skiptoken,useragent,userip
Origin
https://www.corprewardz.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
access-control-allow-origin
*
access-control-allow-methods
GET, POST, DELETE, PATCH, PUT
access-control-allow-headers
authorization,content-type,headers,lrsignauth,moduleid,userip,useragent accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
access-control-max-age
1000000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
date
Wed, 26 Jan 2022 18:28:08 GMT
content-length
0
GenerateToken
comb9.loylty.com/V2/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/GenerateToken
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
0d8722cab345c5964440c26374cb5af1b14c21e5620ada04d6013bbb8bb58a8c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sign_auth
37ca94b9-92c8-47cd-8476-dca46d970af0:yd6bK9IfqwDylbH7GNZ9TueSTPYiGT+VnFskOidCW1w=:uU3VFA/rzDo=:1643221688689
skipToken
true
ApplicationId
7aa7f694-da83-11e7-960e-00155dc90735
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
UserIp
127.0.0.1
Referer
https://www.corprewardz.com/
ModuleId
0982947e-be20-11e7-8376-00155d0a0867
ProgramId
4028c2ac696ba9300169c9b835440035
CHANNEL
WEB
UserAgent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
client_id
114

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
server
date
Wed, 26 Jan 2022 18:28:09 GMT
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
x-xss-protection
1; mode=block
ProgramConfiguration
comb9.loylty.com/V2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/ProgramConfiguration
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
applicationid,authorization,channel,client_id,content-type,moduleid,programid,sign_auth,useragent,userip
Origin
https://www.corprewardz.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
access-control-allow-origin
*
access-control-allow-methods
GET, POST, DELETE, PATCH, PUT
access-control-allow-headers
authorization,content-type,headers,lrsignauth,moduleid,userip,useragent accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
access-control-max-age
1000000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
date
Wed, 26 Jan 2022 18:28:09 GMT
content-length
0
ProgramConfiguration
comb9.loylty.com/V2/ 		11 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/ProgramConfiguration
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
ce746f4467f7d6c1d9924231d7848f8fe3824da4c7a42d76f6c57dcf36605087
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sign_auth
37ca94b9-92c8-47cd-8476-dca46d970af0:nn4dWiSUCyfFxtqUBRGtwu29016mnnRVOv/YLSRoB9U=:w01bFlhFxL4=:1643221688686
ApplicationId
7aa7f694-da83-11e7-960e-00155dc90735
Accept-Language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpZekR2VlgwZ2FDblpkTHV0SV9BU0dlbnJXUSIsImtpZCI6ImpZekR2VlgwZ2FDblpkTHV0SV9BU0dlbnJXUSJ9.eyJpc3MiOiJodHRwczovL3RrbmI5LmxveWx0eS5jb20vdjEvaWRlbnRpdHkiLCJhdWQiOiJodHRwczovL3RrbmI5LmxveWx0eS5jb20vdjEvaWRlbnRpdHkvcmVzb3VyY2VzIiwiZXhwIjoxNjQzMzA4MDg5LCJuYmYiOjE2NDMyMjE2ODksImNsaWVudF9pZCI6IjM3Y2E5NGI5LTkyYzgtNDdjZC04NDc2LWRjYTQ2ZDk3MGFmMGd1ZXN0IiwiY2xpZW50X1Byb2dyYW1JZCI6IjQwMjhjMmFjNjk2YmE5MzAwMTY5YzliODM1NDQwMDM1IiwiY2xpZW50X0d1ZXN0VXNlciI6IlRydWUiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXX0.bSS7V7L62gVG0s9GjFVDVoVhgthigAd3rE3Fv4iUzX3-ZjY9WZyWHXfws9w4N4HgpsPdzyz0wNB_Wxg1GWmpwhqkJG9qNBtIRsWo0RT2wR6Dsdzcbox-cfsSCO3Gi_HA8U-uauL6zGBt_8_KQ6-VrRXS29A_BDBMidq_TejbnC-qYhyfIu9fUGqGlPFmX3_S4gRmC6c2KSdoKyInwZ_q0v0UZGxJb3pSOTj71aOOBwU4ypDSF8hViz30quUIgg0bdD5BJ8mG8Tt_ayBnOeZM9JussnUetbfRaYCvfAnrl7cqjZeljFydpqYGKp-H8l9VQzXlk4OEcCoXOOGdooFqzg
Content-Type
application/json
Accept
application/json, text/plain, */*
UserIp
127.0.0.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
ModuleId
0982947e-be20-11e7-8376-00155d0a0867
ProgramId
4028c2ac696ba9300169c9b835440035
Referer
https://www.corprewardz.com/
CHANNEL
WEB
UserAgent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
client_id
114

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
server
date
Wed, 26 Jan 2022 18:28:09 GMT
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
x-xss-protection
1; mode=block
piwik.js
analytic.loylty.com/ 		69 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytic.loylty.com/piwik.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/vendor.fcd16cc4bfea9e677cbd.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
182.18.130.101 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-101.ctrls.in
Software
Apache /
Resource Hash
0995371a359a4a701d66f8b183de6144de9a042e5bac84b6f920968f51567742
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 18:28:11 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Sun, 26 Jul 2020 14:14:35 GMT
Server
Apache
ETag
"1131c-5ab58d3633304"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
70428
X-XSS-Protection
1; mode=block
pageType
www.corprewardz.com/portalapi/staticContent/content/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/portalapi/staticContent/content/pageType
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
51196411d4e55fd0223f10dbf7095f542b8986e570e388a8a3b3706e6a17584b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.corprewardz.com/
shortName
corp
programId
4028c2ac696ba9300169c9b835440035
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
X-Powered-By
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Content-Length
4692
ETag
W/"1254-+R7pNDCtHLhYMzQ9MvkGhm9pEyA"
icon-72x72.png
www.corprewardz.com/assets/icons/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/icons/icon-72x72.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
485ebdb799dd1ed426ac81bb9320e6ad1f9c82439e5c6973210ebf9783cc0643
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-03, 1.1 ID-7716077300342023 uproxy-3
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
3459
X-XSS-Protection
1; mode=block
fonticonsset2.woff
www.corprewardz.com/assets/customFonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/assets/customFonts/fonticonsset2.woff
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
17d4777b7db20cd9a335382ae11c164c2e9a63b2fc316881c57bbb9a542ade55
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
21256
X-XSS-Protection
1; mode=block
4.36bc7d257304d57908f2.js
www.corprewardz.com/ 		119 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/4.36bc7d257304d57908f2.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/runtime.22d4e56eb25e0a505c39.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
b037f930f680beb09f84514fff83ae7f1054caf39311a0cb39f455af92942214
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
122332
X-XSS-Protection
1; mode=block
11.b3bf83dac19bb735e391.js
www.corprewardz.com/ 		24 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/11.b3bf83dac19bb735e391.js
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/runtime.22d4e56eb25e0a505c39.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
898015ad20af197be876f9aa0a6051188dad210fd59555a79ef224333a6971d0
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-03, 1.1 ID-7716077300342023 uproxy-3
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
24223
X-XSS-Protection
1; mode=block
logo.gif
images.loylty.com/bank/corp/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.loylty.com/bank/corp/logo/logo.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.18.130.118 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-118.ctrls.in
Software
nginx /
Resource Hash
afaaf9a7476e75d7e920cf07100aa2103c9891b8776e4dac226ef45e10cfe628
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security max-age=31536000;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 18:28:08 GMT
Last-Modified
Wed, 21 Oct 2020 09:46:23 GMT
Server
nginx
ETag
"5f90036f-1211"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security
max-age=31536000;
Accept-Ranges
bytes
Content-Length
4625
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bank-logo.gif
images.loylty.com/bank/corp/logo/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.loylty.com/bank/corp/logo/bank-logo.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.18.130.118 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-118.ctrls.in
Software
nginx /
Resource Hash
4a1d8c88964a1f652cd8cd43290024e804fac2a45b05cdee4fbfd4106a22599b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security max-age=31536000;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 18:28:08 GMT
Last-Modified
Wed, 21 Oct 2020 09:46:23 GMT
Server
nginx
ETag
"5f90036f-1cc8"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security
max-age=31536000;
Accept-Ranges
bytes
Content-Length
7368
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
pci-logo-transparent.png
www.corprewardz.com/assets/footer-logo/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/footer-logo/pci-logo-transparent.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
7e056d3b5b88667a0f8b5d7a18df2235ecce1207eff96ad00862432033b23c8b
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
1597
X-XSS-Protection
1; mode=block
loylty-logo-transparent.png
www.corprewardz.com/assets/footer-logo/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/footer-logo/loylty-logo-transparent.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
e95ca4c8b2c8d101e3f5545cb55d6c32ef55b7d7b20d79bed36b2837208f599e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:10 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
1833
X-XSS-Protection
1; mode=block
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,500i,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 14:02:00 GMT
x-content-type-options
nosniff
age
102370
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 25 Jan 2023 14:02:00 GMT
piwik.php
analytic.loylty.com/ 		43 B
489 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytic.loylty.com/piwik.php?action_name=Corp%20Rewardz&idsite=7&rec=1&r=442649&h=18&m=28&s=11&url=https%3A%2F%2Fwww.corprewardz.com%2F&_id=33f9cc77640ffe31&_idts=1643221692&_idvc=1&_idn=1&_refts=0&_viewts=1643221692&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=237&pv_id=KVE1Gf
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
182.18.130.101 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-101.ctrls.in
Software
Apache /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Server
Apache
Date
Wed, 26 Jan 2022 18:28:12 GMT
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/gif
Cache-Control
no-store
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Keep-Alive
timeout=5, max=99
Content-Length
43
X-XSS-Protection
1; mode=block
G
comb9.loylty.com/V2/Wrap/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/Wrap/G
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
applicationid,authorization,channel,client_id,content-type,moduleid,programid,sign_auth,useragent,userip
Origin
https://www.corprewardz.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
access-control-allow-origin
*
access-control-allow-methods
GET, POST, DELETE, PATCH, PUT
access-control-allow-headers
authorization,content-type,headers,lrsignauth,moduleid,userip,useragent accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
access-control-max-age
1000000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
date
Wed, 26 Jan 2022 18:28:11 GMT
content-length
0
Operators
recb9.loylty.com/V2/Recharge/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://recb9.loylty.com/V2/Recharge/Operators
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.65.143.119 -, , ASN (),
Reverse DNS
Software
API /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
applicationid,authorization,channel,client_id,content-type,moduleid,programid,sign_auth,useragent,userip
Origin
https://www.corprewardz.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
API
access-control-allow-origin
https://www.corprewardz.com
access-control-allow-methods
GET, POST, DELETE, PATCH, PUT
access-control-allow-headers
authorization,content-type,lrsignauth,moduleid,userip,programid,useragent accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken
access-control-max-age
1000000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
date
Wed, 26 Jan 2022 18:28:12 GMT
content-length
0
Operators
recb9.loylty.com/V2/Recharge/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://recb9.loylty.com/V2/Recharge/Operators
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
202.65.143.119 -, , ASN (),
Reverse DNS
Software
API /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
applicationid,authorization,channel,client_id,content-type,moduleid,programid,sign_auth,useragent,userip
Origin
https://www.corprewardz.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
API
access-control-allow-origin
https://www.corprewardz.com
access-control-allow-methods
GET, POST, DELETE, PATCH, PUT
access-control-allow-headers
authorization,content-type,lrsignauth,moduleid,userip,programid,useragent accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken
access-control-max-age
1000000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
date
Wed, 26 Jan 2022 18:28:12 GMT
content-length
0
Products
merb9.loylty.com/V2/Merchandise/ 		0
0
Products
egvb9.loylty.com/V2/GiftCard/ 		0
0
G
comb9.loylty.com/V2/Wrap/ 		80 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://comb9.loylty.com/V2/Wrap/G
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.141.50 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-141-50.ctrls.in
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sign_auth
37ca94b9-92c8-47cd-8476-dca46d970af0:xa5nOfeKwjQoPxD/mnRpGFJWNMLG/yu08wzMDQo81wI=:rLOwSIybxLg=:1643221692521
ApplicationId
7aa7f694-da83-11e7-960e-00155dc90735
Accept-Language
de-DE,de;q=0.9
Authorization
Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImpZekR2VlgwZ2FDblpkTHV0SV9BU0dlbnJXUSIsImtpZCI6ImpZekR2VlgwZ2FDblpkTHV0SV9BU0dlbnJXUSJ9.eyJpc3MiOiJodHRwczovL3RrbmI5LmxveWx0eS5jb20vdjEvaWRlbnRpdHkiLCJhdWQiOiJodHRwczovL3RrbmI5LmxveWx0eS5jb20vdjEvaWRlbnRpdHkvcmVzb3VyY2VzIiwiZXhwIjoxNjQzMzA4MDg5LCJuYmYiOjE2NDMyMjE2ODksImNsaWVudF9pZCI6IjM3Y2E5NGI5LTkyYzgtNDdjZC04NDc2LWRjYTQ2ZDk3MGFmMGd1ZXN0IiwiY2xpZW50X1Byb2dyYW1JZCI6IjQwMjhjMmFjNjk2YmE5MzAwMTY5YzliODM1NDQwMDM1IiwiY2xpZW50X0d1ZXN0VXNlciI6IlRydWUiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXX0.bSS7V7L62gVG0s9GjFVDVoVhgthigAd3rE3Fv4iUzX3-ZjY9WZyWHXfws9w4N4HgpsPdzyz0wNB_Wxg1GWmpwhqkJG9qNBtIRsWo0RT2wR6Dsdzcbox-cfsSCO3Gi_HA8U-uauL6zGBt_8_KQ6-VrRXS29A_BDBMidq_TejbnC-qYhyfIu9fUGqGlPFmX3_S4gRmC6c2KSdoKyInwZ_q0v0UZGxJb3pSOTj71aOOBwU4ypDSF8hViz30quUIgg0bdD5BJ8mG8Tt_ayBnOeZM9JussnUetbfRaYCvfAnrl7cqjZeljFydpqYGKp-H8l9VQzXlk4OEcCoXOOGdooFqzg
Content-Type
application/json
Accept
application/json, text/plain, */*
UserIp
127.0.0.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
ModuleId
0982947e-be20-11e7-8376-00155d0a0867
ProgramId
4028c2ac696ba9300169c9b835440035
Referer
https://www.corprewardz.com/
CHANNEL
WEB
UserAgent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
client_id
114

Response headers

content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
x-content-type-options
nosniff
server
date
Wed, 26 Jan 2022 18:28:12 GMT
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
accept,accept-encoding,accept-language,applicationid,authorization,channel,client_id,content-type,module,moduleid,origin,programid,referer,user-agent,useragent,userip,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sign_auth,skiptoken,memberid
x-xss-protection
1; mode=block
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,500i,700,900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 17:56:19 GMT
x-content-type-options
nosniff
age
1913
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 26 Jan 2023 17:56:19 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,500i,700,900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 17:58:32 GMT
x-content-type-options
nosniff
age
1780
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 26 Jan 2023 17:58:32 GMT
pageType
www.corprewardz.com/portalapi/staticContent/content/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.corprewardz.com/portalapi/staticContent/content/pageType
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/polyfills.7d808103254ad1cebd42.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
fc3228df17e4176a310ea42cae1debda4029f24b45ccd59ef1d40d8eec25c3f7
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.corprewardz.com/
shortName
corp
programId
4028c2ac696ba9300169c9b835440035
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
X-Powered-By
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-XSS-Protection
1; mode=block
Date
Wed, 26 Jan 2022 18:28:11 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Content-Length
2204
ETag
W/"89c-Q9B13a9E3Ano/XwF7QGy6H7k2PQ"
Operators
recb9.loylty.com/V2/Recharge/ 		0
0
Operators
recb9.loylty.com/V2/Recharge/ 		0
0
recharge-bg.png
www.corprewardz.com/assets/mis/ 		72 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/mis/recharge-bg.png
Requested by
Host: www.corprewardz.com
URL: https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/styles.21a571fc82c01210d2c4.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-03, 1.1 ID-7716077300342023 uproxy-3
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:11 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
200246
X-XSS-Protection
1; mode=block
Products
merb9.loylty.com/V2/Merchandise/ 		0
0
Products
egvb9.loylty.com/V2/GiftCard/ 		0
0
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v121/ 		119 KB
119 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v121/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
16a6b6731e2fc6387561d78f5affd3b539a6c0540434924b809d490a5ebc9725
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 19:31:38 GMT
x-content-type-options
nosniff
age
82594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
121784
x-xss-protection
0
last-modified
Tue, 11 Jan 2022 19:19:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 25 Jan 2023 19:31:38 GMT
banner.png
www.corprewardz.com/assets/placeholders/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.corprewardz.com/assets/placeholders/banner.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
182.18.130.96 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-96.ctrls.in
Software
/
Resource Hash
eb133313416e431642255fbc474e09b23bb57f428792fe1e14872a69022a366e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=15552000; includeSubDomains
Via
1.1 ID-471031477c813515 uproxy-05, 1.1 ID-7716077300342023 uproxy-5
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 Jan 2022 11:10:44 GMT
ETag
"0d268e0db6d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Wed, 26 Jan 2022 18:28:11 GMT
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
Connection
Keep-alive
Accept-Ranges
bytes
Content-Length
1237
X-XSS-Protection
1; mode=block
truncated
/ 		344 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f00535f4e1ad5d695cd413ebee0f8bb62a9c696992f30cfd068cee82bfe6e0f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		345 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
977bdb80faed672bc17fb984428a89a55a53349da13e208170875d815f017a5e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f

Request headers

Referer
Origin
https://www.corprewardz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
Corporation_Reward.jpg
images.loylty.com/bank/corp/banner/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.loylty.com/bank/corp/banner/Corporation_Reward.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.18.130.118 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-118.ctrls.in
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security max-age=31536000;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 18:28:10 GMT
Last-Modified
Thu, 31 Oct 2019 06:19:49 GMT
Server
nginx
ETag
"5dba7d05-18609"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security
max-age=31536000;
Accept-Ranges
bytes
Content-Length
99849
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT
banner.png
images.loylty.com/bank/corp/banner/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.loylty.com/bank/corp/banner/banner.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
182.18.130.118 Bengaluru, India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
static-182-18-130-118.ctrls.in
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security max-age=31536000;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.corprewardz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Wed, 26 Jan 2022 18:28:10 GMT
Last-Modified
Tue, 01 Oct 2019 11:40:21 GMT
Server
nginx
ETag
"5d933b25-ee40d"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net
Strict-Transport-Security
max-age=31536000;
Accept-Ranges
bytes
Content-Length
975885
X-XSS-Protection
1; mode=block
Expires
Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
merb9.loylty.com
URL
https://merb9.loylty.com/V2/Merchandise/Products?e.isFeatured=true&e.pageIndex=1&e.pageSize=10
Domain
egvb9.loylty.com
URL
https://egvb9.loylty.com/V2/GiftCard/Products
Domain
recb9.loylty.com
URL
https://recb9.loylty.com/V2/Recharge/Operators
Domain
recb9.loylty.com
URL
https://recb9.loylty.com/V2/Recharge/Operators
Domain
merb9.loylty.com
URL
https://merb9.loylty.com/V2/Merchandise/Products?e.isFeatured=true&e.pageIndex=1&e.pageSize=10
Domain
egvb9.loylty.com
URL
https://egvb9.loylty.com/V2/GiftCard/Products

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched function| tinycolor function| a3_0x7636 function| a3_0x4293 function| a3_0x58a1fd object| __zone_symbol__ON_PROPERTYmessage object| __zone_symbol__messagefalse object| __zone_symbol__testPassiveEventSupportfalse object| __zone_symbol__ON_PROPERTYtestPassiveEventSupport object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| _paq object| __zone_symbol__scrollfalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__beforeinstallpromptfalse object| __zone_symbol__beforeprintfalse object| __zone_symbol__afterprintfalse object| __zone_symbol__focusfalse object| __zone_symbol__blurfalse function| a6_0xd9c0 function| a6_0x51f2 function| a6_0x59c43f object| JSON_PIWIK object| __zone_symbol__beforeunloadfalse object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

2 Cookies

Domain/Path Name / Value
www.corprewardz.com/ Name: _pk_id.7.40cb
Value: 33f9cc77640ffe31.1643221692.1.1643221692.1643221692.
www.corprewardz.com/ Name: _pk_ses.7.40cb
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytic.loylty.com
comb9.loylty.com
corprewardz.com
egvb9.loylty.com
fonts.googleapis.com
fonts.gstatic.com
images.loylty.com
merb9.loylty.com
recb9.loylty.com
www.corprewardz.com
egvb9.loylty.com
merb9.loylty.com
recb9.loylty.com
182.18.130.101
182.18.130.118
182.18.130.96
182.18.141.50
202.65.143.119
2a00:1450:4001:802::2003
2a00:1450:4001:82a::200a
0995371a359a4a701d66f8b183de6144de9a042e5bac84b6f920968f51567742
0d8722cab345c5964440c26374cb5af1b14c21e5620ada04d6013bbb8bb58a8c
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f00535f4e1ad5d695cd413ebee0f8bb62a9c696992f30cfd068cee82bfe6e0f
16a6b6731e2fc6387561d78f5affd3b539a6c0540434924b809d490a5ebc9725
17d4777b7db20cd9a335382ae11c164c2e9a63b2fc316881c57bbb9a542ade55
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
3ba53cf88842b75b8f6e6d283ba02b93474620b42b4f9ce8ab8aa8d5ae1a9f11
477e7f710a2e05cb6659851f4f78d031f0e83ebc1b10ab79ecd57f52bef7904d
485ebdb799dd1ed426ac81bb9320e6ad1f9c82439e5c6973210ebf9783cc0643
4a1d8c88964a1f652cd8cd43290024e804fac2a45b05cdee4fbfd4106a22599b
51196411d4e55fd0223f10dbf7095f542b8986e570e388a8a3b3706e6a17584b
517b2b6c5136b1c751ae5057dd03e1bd210dc228551b42296f99cf2c2c210b78
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
60280b8ab4c8d489c74567c55e14945b935c2f5937855f808163ee40a65f065f
6b6e739342277d5a2a9aef677a591b959e60b8155584187bb71381804a2e0e9a
6cb23300fb48bd7727b63357676a7f5b65483c6abb9d022e3404b5a76791812d
78b7aef966499fc2752074994d8d90f02647ca0f566d10a35188768208705f42
7ba7394cdda6d71f497ee979f5d8ba01503ffbcae9abee372b0e683e1c5487aa
7c2fdeb9626e4613c6e18747e018c2c024e861198aaf0b2a61acf2af48358869
7e056d3b5b88667a0f8b5d7a18df2235ecce1207eff96ad00862432033b23c8b
898015ad20af197be876f9aa0a6051188dad210fd59555a79ef224333a6971d0
90d94d0d6d4286983ade61f4cfd3d1a3864cfbd84d45dc786aa1424f10495c6c
977bdb80faed672bc17fb984428a89a55a53349da13e208170875d815f017a5e
afaaf9a7476e75d7e920cf07100aa2103c9891b8776e4dac226ef45e10cfe628
b037f930f680beb09f84514fff83ae7f1054caf39311a0cb39f455af92942214
b314dd93ddefa333cf73b00c633e285870209dbf6867e5676188fa3773d06c08
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce746f4467f7d6c1d9924231d7848f8fe3824da4c7a42d76f6c57dcf36605087
d30288796bd91ad61181640f1b54257191440c67cee533f0c446213545221c75
e95ca4c8b2c8d101e3f5545cb55d6c32ef55b7d7b20d79bed36b2837208f599e
eb133313416e431642255fbc474e09b23bb57f428792fe1e14872a69022a366e
fc3228df17e4176a310ea42cae1debda4029f24b45ccd59ef1d40d8eec25c3f7