www.tdrewards.com Open in urlscan Pro
45.60.65.34 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tdrewards.com/
Effective URL:
https://www.tdrewards.com/
Submission: On December 16 via manual (December 16th 2022, 5:17:48 pm UTC) from US — Scanned from DE

Summary HTTP 155 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 25 IPs in 7 countries across 30 domains to perform 155 HTTP transactions. The main IP is 45.60.65.34, located in United States and belongs to INCAPSULA, US. The main domain is www.tdrewards.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q4 on December 13th 2022. Valid for: 6 months.

This is the only time www.tdrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.60.63.34 45.60.63.34	19551 (INCAPSULA) (INCAPSULA)
43	45.60.65.34 45.60.65.34	19551 (INCAPSULA) (INCAPSULA)
7	13.224.189.105 13.224.189.105	16509 (AMAZON-02) (AMAZON-02)
2 16	34.247.240.197 34.247.240.197	16509 (AMAZON-02) (AMAZON-02)
22	2a00:1450:400... 2a00:1450:400d:803::2008	15169 (GOOGLE) (GOOGLE)
1	52.17.115.124 52.17.115.124	16509 (AMAZON-02) (AMAZON-02)
3	104.126.37.57 104.126.37.57	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8 8	54.229.62.148 54.229.62.148	16509 (AMAZON-02) (AMAZON-02)
1	52.19.35.175 52.19.35.175	16509 (AMAZON-02) (AMAZON-02)
1 1	52.58.215.26 52.58.215.26	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	185.89.210.141 185.89.210.141	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	67.202.105.23 67.202.105.23	32748 (STEADFAST) (STEADFAST)
7 7	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
5	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
6 12	54.229.166.144 54.229.166.144	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1 1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
2 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
2 3	23.64.53.65 23.64.53.65	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	54.144.51.83 54.144.51.83	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
2 3	52.46.155.104 52.46.155.104	16509 (AMAZON-02) (AMAZON-02)
12	209.15.211.147 209.15.211.147	13768 (COGECO-PEER1) (COGECO-PEER1)
155	25

1 45.60.63.34 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

tdrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 45.60.65.34 (United States)

ASN19551 (INCAPSULA, US)

www.tdrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.224.189.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-105.fra2.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 34.247.240.197 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:400d:803::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.115.124 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-115-124.eu-west-1.compute.amazonaws.com

td.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.126.37.57 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-57.deploy.static.akamaitechnologies.com

smetrics.td.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.229.62.148 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-62-148.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.35.175 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-35-175.eu-west-1.compute.amazonaws.com

tdbankfinancialgroup.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.215.26 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-215-26.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.141 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.23 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-105.static.steadfastdns.net

dp2.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.217.18.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.70 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.229.166.144 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.234.236 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8eee:: (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.64.53.65 (Vienna, Austria) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-64-53-65.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.51.83 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-51-83.compute-1.amazonaws.com

exchange.adstanding.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.155.104 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 209.15.211.147 (Toronto, Canada)

ASN13768 (COGECO-PEER1, CA)
PTR: news.updatefrom.com

assets.tdrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	tdrewards.com 1 redirects tdrewards.com www.tdrewards.com assets.tdrewards.com	7 MB
22	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	1 MB
20	everesttech.net 14 redirects cm.everesttech.net — Cisco Umbrella Rank: 954 pixel.everesttech.net — Cisco Umbrella Rank: 4321	9 KB
17	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 208 ad.doubleclick.net — Cisco Umbrella Rank: 161 stats.g.doubleclick.net — Cisco Umbrella Rank: 77	10 KB
17	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 204 td.demdex.net — Cisco Umbrella Rank: 42477	19 KB
9	google.de www.google.de — Cisco Umbrella Rank: 6041	1 KB
9	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
7	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2881	139 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	22 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 371 c.bing.com — Cisco Umbrella Rank: 255	12 KB
3	amazon-adsystem.com 2 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 273	2 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 870	1 KB
3	td.com smetrics.td.com — Cisco Umbrella Rank: 43330	5 KB
2	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 833 ads.yahoo.com — Cisco Umbrella Rank: 2453	869 B
2	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 726 s.tribalfusion.com — Cisco Umbrella Rank: 1844	941 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	203 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 409	737 B
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	2 KB
1	adstanding.com 1 redirects exchange.adstanding.com — Cisco Umbrella Rank: 154163	169 B
1	pro-market.net 1 redirects fei.pro-market.net — Cisco Umbrella Rank: 2376	323 B
1	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 1680	341 B
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 639	489 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 221	625 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 336	9 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 564	395 B
1	33across.com dp2.33across.com — Cisco Umbrella Rank: 9169	68 B
1	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 563	214 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 434	684 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 448	478 B
1	omtrdc.net tdbankfinancialgroup.tt.omtrdc.net — Cisco Umbrella Rank: 92383	718 B
155	30

	Domain	Requested by
43	www.tdrewards.com	www.tdrewards.com nexus.ensighten.com
22	www.googletagmanager.com	nexus.ensighten.com
16	dpm.demdex.net	2 redirects www.tdrewards.com
12	assets.tdrewards.com	www.tdrewards.com
12	pixel.everesttech.net	6 redirects www.tdrewards.com
9	www.google.de	www.tdrewards.com
9	www.google.com	www.tdrewards.com
8	googleads.g.doubleclick.net	nexus.ensighten.com
8	cm.everesttech.net	8 redirects
7	cm.g.doubleclick.net	7 redirects
7	nexus.ensighten.com	www.tdrewards.com nexus.ensighten.com
5	www.google-analytics.com	nexus.ensighten.com www.tdrewards.com
3	s.amazon-adsystem.com	2 redirects
3	px.owneriq.net	2 redirects
3	bat.bing.com	nexus.ensighten.com www.tdrewards.com
3	smetrics.td.com	www.tdrewards.com nexus.ensighten.com
2	www.facebook.com
2	pixel.tapad.com	2 redirects
2	ib.adnxs.com	2 redirects
1	ads.yahoo.com
1	exchange.adstanding.com	1 redirects
1	fei.pro-market.net	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	ml314.com	1 redirects
1	s.tribalfusion.com	1 redirects
1	a.tribalfusion.com	1 redirects
1	c.bing.com	1 redirects
1	cms.quantserve.com	1 redirects
1	bam.nr-data.net	nexus.ensighten.com
1	js-agent.newrelic.com	nexus.ensighten.com
1	stats.g.doubleclick.net	www.tdrewards.com
1	ad.doubleclick.net	nexus.ensighten.com
1	analytics.twitter.com	www.tdrewards.com
1	dp2.33across.com	www.tdrewards.com
1	token.rubiconproject.com	www.tdrewards.com
1	sync.mathtag.com	1 redirects
1	aa.agkn.com	1 redirects
1	tdbankfinancialgroup.tt.omtrdc.net	www.tdrewards.com
1	td.demdex.net	nexus.ensighten.com
1	tdrewards.com	1 redirects
155	40

This site contains links to these domains. Also see Links.

Domain
www.expediafortd.com
www.amazon.ca
www.td.com
www.tdcanadatrust.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-13` - `2023-06-11`	6 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
smetrics.td.com Entrust Certification Authority - L1M	`2022-10-12` - `2023-10-12`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-30`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-24` - `2022-12-23`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
assets.tdrewards.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-24` - `2023-08-24`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.tdrewards.com/
Frame ID: 4A80609FB837FF747426080A506C75B8
Requests: 128 HTTP requests in this frame

Frame: https://td.demdex.net/dest5.html?d_nsid=0
Frame ID: EE7B9E5EF422DC12919DC5063E5FA22F
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TD RewardsTD Rewards

Page URL History Show full URLs

http://tdrewards.com/ HTTP 301
https://www.tdrewards.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

155
Requests

85 %
HTTPS

32 %
IPv6

30
Domains

40
Subdomains

25
IPs

7
Countries

8848 kB
Transfer

12054 kB
Size

46
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.expediafortd.com/lp/travellater?langid=4105&mdpcid=CA.Homepage.TD.Banner_TravelLater_E4TD_EN.Hotels
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.amazon.ca/b?language=en_CA&node=21423340011
Title: Amazon.ca Shop with Points

Search URL Search Domain Scan URL

URL: https://www.td.com/about-tdbfg/our-business/index.jsp
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.td.com/privacy-and-security/privacy-and-security/index.jsp
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://www.td.com/to-our-customers/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.tdcanadatrust.com/products-services/banking/index-banking.jsp
Title: TD Canada Trust

Search URL Search Domain Scan URL

URL: https://www.tdcanadatrust.com/customer-service/accessibility/accessibility-at-td/index.jsp
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tdrewards.com/ HTTP 301
https://www.tdrewards.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933

Request Chain 14

https://cm.everesttech.net/cm/dd?d_uuid=16042748344710139910816157968285925462 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5yoNQAAAJRuFgOV

Request Chain 39

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=16042748344710139910816157968285925462 HTTP 302
https://dpm.demdex.net/ibs:dpid=21&dpuuid=217363104367003005933

Request Chain 40

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=16042748344710139910816157968285925462&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d16042748344710139910816157968285925462 HTTP 302
https://dpm.demdex.net/ibs:dpid=269&dpuuid=2355639c-a836-4000-bc82-1ac77fd76473&ddsuuid=16042748344710139910816157968285925462

Request Chain 41

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2144386735652512233

Request Chain 51

https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=16042748344710139910816157968285925462 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=16042748344710139910816157968285925462 HTTP 302
https://dpm.demdex.net/ibs:dpid=540&dpuuid=404ca5b9-b0d4-4780-a960-f1cddd431b25

Request Chain 67

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTYwNDI3NDgzNDQ3MTAxMzk5MTA4MTYxNTc5NjgyODU5MjU0NjI= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGGgukxUlxhXI22ZuiXe8gU&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 74

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEAIq7MLkmVQUoqtwmQDOVdM&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 79

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEAIq7MLkmVQUoqtwmQDOVdM&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 84

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESELlrFsbMI1yIr7RZrSGDZ9Q&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 91

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESELlrFsbMI1yIr7RZrSGDZ9Q&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 98

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESELlrFsbMI1yIr7RZrSGDZ9Q&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 101

https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=upvRU-2Q2wehkd5TuJnFBrXN0QChmdgE758c9v_T

Request Chain 102

https://c.bing.com/c.gif?uid=16042748344710139910816157968285925462&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=22FB5A534D9E6F2F1F34482F4C4C6EEE

Request Chain 103

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESELlrFsbMI1yIr7RZrSGDZ9Q&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 105

https://a.tribalfusion.com/i.match?p=b13&u=16042748344710139910816157968285925462&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://s.tribalfusion.com/z/i.match?p=b13&u=16042748344710139910816157968285925462&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://dpm.demdex.net/ibs:dpid=22054

Request Chain 106

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632212144541401105

Request Chain 107

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=16042748344710139910816157968285925462&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-JAfSslZE2pGye4paMOWjDTJtqHg7IsiResw-~A

Request Chain 108

https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=16042748344710139910816157968285925462 HTTP 302
https://dpm.demdex.net/ibs:dpid=575&dpuuid=7670968590944256780

Request Chain 109

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7244974642127699765&uid=Q7244974642127699765&ref=%2Feucm%2Fp%2Fadpq HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 110

https://exchange.adstanding.com/partners/aam/sync.php HTTP 302
https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

Request Chain 111

https://cm.everesttech.net/cm/yh HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y5yoNQAAAJRuFgOV&sigv=1&esig=1~8e9886ab0121ec4731f2f2616dcc507a2e6bac4f

Request Chain 112

https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
https://dpm.demdex.net/ibs:dpid=139200&dpuuid=vXUGKyh0TCWyqLE6p63AzA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=16042748344710139910816157968285925462

155 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.tdrewards.com/
Redirect Chain

http://tdrewards.com/
https://www.tdrewards.com/

17 KB
17 KB

547ms
440ms

Document
text/html

45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

a65ae7ea7446175a2aadb3fdba47f5c448a979c5d9173527aba2b394a5596d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
date: Fri, 16 Dec 2022 17:17:40 GMT
etag: W/"4302-IFYFmKdb4fWO1mtNzTDGa9KTzvA"
strict-transport-security: max-age=157680000
x-cdn: Imperva
x-iinfo: 4-374045107-374045111 NNNN CT(110 208 0) RT(1671211060200 16) q(0 0 3 0) r(4 4) U5
x-powered-by: Express

Redirect headers

Connection: close
Content-Length: 0
Location: https://www.tdrewards.com/

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/tdb/public-ca/ 439 KB
95 KB 49ms
8ms Script
application/javascript 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7b57440c1ce348f67b72ab8c29db59eefe8cf632d7b412daef8aef8107413a7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 18:36:20 GMT
x-amz-version-id: 9csSnknKTRBsK09UwdtJ2GKbshT6IQeu
content-encoding: br
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 81681
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Dec 2022 18:35:50 GMT
server: AmazonS3
etag: W/"ac8be9878ced461d8fc0893881029f1d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: ZQk8222pCkCW7vbhcwu424c2DDdEG16zR2-Mn7nVVD7gYH6IyUWd5Q==

GET
H2 200 style.css
www.tdrewards.com/templates/active/static/ 255 KB
256 KB 128ms
127ms Stylesheet
text/css 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/style.css

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

c89295f4cf9f044cc628d03fcdfde1d1d4a9d9398f86d20167e1f9bd90ff571b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:40 GMT
strict-transport-security: max-age=157680000
last-modified: Fri, 16 Dec 2022 17:07:00 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fc1b-1851be7499c"
content-type: text/css; charset=UTF-8
x-iinfo: 4-374045107-374045111 PNNN RT(1671211060200 483) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 261147

GET
H2 200 vendors.js Show response
www.tdrewards.com/ 1 MB
1 MB 449ms
447ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/vendors.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

a95d35e211cde1cc8e0c02d0c7b05fcf663f032dd0379ff83e7001bc6ec5bafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"13f535-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 4-374045107-374045169 NNNN CT(108 217 0) RT(1671211060200 487) q(0 0 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1307957

GET
H2 200 bundle.js Show response
www.tdrewards.com/ 1 MB
1 MB 454ms
453ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/bundle.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

eb9dcd55b6dca690ba5f4f8f7e274e85f3e3bdb3db5890e3cd58af0cd5e455d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"15aa98-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 4-374045107-374045171 NNNN CT(108 220 0) RT(1671211060200 489) q(0 0 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1419928

GET
H2 200 templateCacheHtml.js Show response
www.tdrewards.com/templates/active/static/ 336 B
455 B 460ms
459ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/templateCacheHtml.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e54d3f4ad5c3c66a747f2a7f62e7ca28abfd2db5c57b3ba53721ee02e7e11b29

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"150-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 4-374045107-374045176 NNNN CT(106 214 0) RT(1671211060200 509) q(0 0 3 -1) r(4 4) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 336

GET
H2 200 _Incapsula_Resource Show response
www.tdrewards.com/ 143 KB
20 KB 23ms
19ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tdrewards.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1233193732
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.65.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: be0899e62d77f69c23d9965bfcc65f01322ed964580bd0a21bd2de4e109af476

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20523
content-type: application/javascript

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933

5 KB
2 KB

30ms
29ms

XHR
application/json

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

f1c9bdf1d9e98c3581f78b068e8dfbd00d6934c6f3077152a31564a94c431d75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-02fbabcd7.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 3D5rU24RT/A=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.tdrewards.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1552
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v045-0ba8f5f7e.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qYJeBcBeST8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.tdrewards.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1671211060933
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/tdb/public-ca/ 493 B
796 B 28ms
25ms Script
text/javascript 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/tdb/public-ca/code/&publishedOn=Thu%20Dec%2015%2018:35:47%20GMT%202022&ClientID=822&PageID=https%3A%2F%2Fwww.tdrewards.com%2F
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 7a86f25494f15429e4ebdd529db7a7a55623997e2a3c61acdd3d707663460f76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:40 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
content-length: 493
x-amz-cf-id: L_pOTQyaSPNDfBe8gLy-0mQYgixxIgDMndrNzL18cYchUucn4pDR0w==
expires: Fri, 16 Dec 2022 17:17:39 GMT

GET
H2 200 6b203ed47c2078ebf3e8fb47354048e0.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 1 KB
933 B 9ms
8ms Script
application/javascript 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/6b203ed47c2078ebf3e8fb47354048e0.js?conditionId0=4827675
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d85f142df5ec74b2573fd4eada3b6dd595cf714f0c59a4cf5d9156e6b25d68d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 10 Dec 2022 11:23:56 GMT
x-amz-version-id: .mM6ZxrQCo2JOw.VJ6FoQFdN8NXEZAL.
content-encoding: gzip
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 539626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Jul 2021 20:32:16 GMT
server: AmazonS3
etag: W/"93618034931e36bbf6ebc1e5a8ca2be8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: BEXE_Yvb9cLrGT1UfptlP9zRvkUWokOG3oCsXr4ALla1je3IVxInlg==

GET
H2 200 2cfe4cb270260ac3eb476ffe987ad556.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 161 KB
41 KB 8ms
8ms Script
application/javascript 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/2cfe4cb270260ac3eb476ffe987ad556.js?conditionId0=423140
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cfbef03a00a0aa1d0875b6c00191247d9d8d34ef217e4f67fd04e2c6809847e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 20:11:00 GMT
x-amz-version-id: 2QAUsc0c5UIpRbMU_NVHQD6.qF_zZIpy
content-encoding: br
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 680802
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 08 Dec 2022 20:10:30 GMT
server: AmazonS3
etag: W/"b143f0a87ec44c4ad6736eea600ce782"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: ZHda4kUvCXXMVyBWYMZrQbaTXCGf7m-GGzcYi3vPsA_qTmxCoeOCxg==

GET
H2 200 e5276288d948078f4ec1dc417fdf0e2b.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 3 KB
1 KB 9ms
9ms Script
application/javascript 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/e5276288d948078f4ec1dc417fdf0e2b.js?conditionId0=505813
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bde0dcec69fee23a4d9549a2c5a935a8a831c8f8d5019576b7047ce5d7214064

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 07:15:58 GMT
x-amz-version-id: pyKMxTyKEGvgy7OmAcU_nIJaWSBQVguQ
content-encoding: br
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 208903
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Jul 2021 20:32:17 GMT
server: AmazonS3
etag: W/"65bc8d3a30a05124edd12469e8a3a745"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: NQof7CQ6Xe0c78yLfGYmSsEUi0QrEzwgX3ZMK14ml1PhZ5pPGWpw1Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
44 KB 433ms
72ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6974241

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2cc1ef5977147adf1cc66d67806969c9054bd7c173251d6252c5dca1b410fa38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44106
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H/1.1 200
OK dest5.html Show response
td.demdex.net/ Frame EE7B 7 KB
3 KB 189ms
28ms Document
text/html 52.17.115.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://td.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.115.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-115-124.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.tdrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v045-0f45dc272.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: mJ2kJXYbSU0=
content-encoding: gzip
date: Fri, 16 Dec 2022 17:17:41 GMT
last-modified: Fri, 28 Oct 2022 11:26:52 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.td.com/ 48 B
467 B 427ms
132ms XHR
application/x-javascript 104.126.37.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&mid=15944623694377022290806354600284657252&ts=1671211061086

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.37.57 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-126-37-57.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

1aed12462e02785ef7c13f1f4b1701144326407304b304688fbbfb74306ee23f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:41 GMT
strict-transport-security: max-age=86400
x-content-type-options: nosniff
server: jag
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.tdrewards.com
p3p: CP="This is not a P3P policy"
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y5yoNQAAAJRuFgOV
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=16042748344710139910816157968285925462
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5yoNQAAAJRuFgOV

42 B
942 B

29ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5yoNQAAAJRuFgOV

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0168100b3.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: oTzPd2cMSYE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y5yoNQAAAJRuFgOV
Date: Fri, 16 Dec 2022 17:17:41 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
tdbankfinancialgroup.tt.omtrdc.net/rest/v1/ 363 B
718 B 438ms
148ms XHR
application/json 52.19.35.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tdbankfinancialgroup.tt.omtrdc.net/rest/v1/delivery?client=tdbankfinancialgroup&sessionId=49ef6ffa11a1432590c7c77d2e0fbb7b&version=2.3.1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.35.175 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-35-175.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: fbae253b79262ebff57cdf4027ff963d3c68c8d16a32e5e677359783a47c2ce6

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.tdrewards.com
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: 1c9c9ec0af75d9cb79951cf348d1747f

GET
H2 200 weblysleekuisl-webfont.woff2
www.tdrewards.com/templates/active/static/fonts/ 21 KB
21 KB 124ms
124ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/weblysleekuisl-webfont.woff2

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8adf7be5e4b8e09896eb13e9eaa409a3bcf7d35a096c858127816cd520d8b13f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"53e0-1845acd8810"
content-type: font/woff2
x-iinfo: 4-374045107-374045111 PNNN RT(1671211060200 1055) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21472

GET
H2 200 s11757174192510 Show response
smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/ 5 KB
2 KB 235ms
235ms Script
application/x-javascript 104.126.37.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/s11757174192510?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=16%2F11%2F2022%2017%3A17%3A41%205%200&d.&nsid=0&jsonv=1&.d&sdid=2A5E5ECA03E8F3B0-37B838D79E9A4085&mid=15944623694377022290806354600284657252&aamlh=6&ce=UTF-8&ns=tdbank&pageName=%2Fwww.tdrewards.com%2F&g=https%3A%2F%2Fwww.tdrewards.com%2F&server=www.tdrewards.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3DpageName&v3=1&c4=12%3A00PM&v4=1&c5=Friday&v5=1&c6=Weekday&c12=not-authenticated&c13=New&v18=D%3Dc4&v19=D%3Dc5&c20=D%3Ds_vi&v20=D%3Dc6&c21=D%3DUser-Agent&v32=D%3Dc12&v33=D%3Dc13&v39=D%3Ds_vi&v68=D%3Dc21&c70=tdtdct%2Ctdglobal&c71=15944623694377022290806354600284657252&v71=A1%20%7C%20B1%20%7C%20C1&c74=https%3A%2F%2Fwww.tdrewards.com%2F&c75=AppMeasurement%20-%202.20.0&v94=15944623694377022290806354600284657252&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&AQE=1

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.37.57 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-126-37-57.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

90cd70d00024cee69598c4bcc63bf619d50913912efef7b50ceb0517e564663b

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-aam-tid: SSp/LL6jSgc=
date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=86400
p3p: CP="This is not a P3P policy"
content-length: 1644
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v045-0bb46f593.edge-irl1.demdex.com 6 ms
pragma: no-cache
last-modified: Sat, 17 Dec 2022 17:17:41 GMT
server: jag
etag: 3588898425875464192-4619853032230339613
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 72ms
70ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868520&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf1c432d1b9d6704265e9ca42c19d7ab423ca037fd25a1d9f967a1c40c0b8f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44120
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 90ms
89ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6835781&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63344635e2cd30b9059009786d43a57bd6072ee1471d2fdcf233d99ee82af7d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44118
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 203ms
202ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868312&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75e85180c2a9643c4623623746360f6dca5c757d0f853de006802e42b501e8df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44123
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 80ms
79ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868519&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a74eb36ccfa1d78e1dc92b10d760e14019102c38d7898b8aadf4e80da1d70be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44119
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 118ms
117ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6867344&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0af858f61230109235441fb42c10f6a7f62d93d68e7ec6bb6987434190804f95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44120
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 98ms
97ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868105&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ee3580829b4ad14dbe2fde2b95d3d09b55ccf0ad889da6dbd08e834f91423f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44118
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 109ms
108ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868503&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

31b2b4e8652c068f6cc9ee41a97574bc0213f335cdc9f67866d937c57f71298d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44120
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 192ms
191ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6871112&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf9713dce30e2706c32d73c1c01ee5f247badeb362b07644238403854ca78612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44120
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 125ms
125ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868104&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b6a3f621cbe0613b7e3f8bf9fb97d7b050e474b7df5938b4b83d352ef981d36b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44118
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 234ms
233ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868106&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c2a538672423e56a2a9930fcc93346edca29b32f1feb54dcf78c78bdc28e312c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44120
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 213ms
213ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6871114&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63e2d3d8c8b331374641cd88069624bf2372081e5eedd0b9e508700884a78791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44119
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 234ms
234ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868309&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e71f5577df7460e1631ace4744da8fdbb09299575c741fa95c0a3d9aacddf501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44121
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 214ms
214ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6102339&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7511e077b8adf40a78994438b3712550c3bbc9690a0ca892394cc4b3997beb32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44117
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
43 KB 277ms
276ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5322602&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

33c49871aed72050c33aee471b4616a0a7667d922c9224e538ccfc93453f7222

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44121
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 257ms
256ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973175160&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc0116e3bfc1e7bf28307517d255ae989e6bc2c66df43bd205ba6a995ae5b8d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66918
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 267ms
266ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-986405607&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c621bc6a6bad36dfda2c997262cda54e47ce1e6c896f462ac0a019edee2b2d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66901
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
66 KB 217ms
215ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1028536181&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c34f2f3d998d9c7a232e402cbc3fe3e59faa2bbbab147225ff4191b01f78a661

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66982
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 135 KB
52 KB 291ms
289ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-980723526&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f8db6ef1be17ac93fdea87bdfc09edbf38cc50e223ecc740464a23239ece9d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53011
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
68 KB 280ms
279ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-707912219&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50d945bbc23e5f42ce8a32d42d66f09a23b1078a1e0a2dfba2b24e317d6f152e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69583
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 191 KB
68 KB 244ms
243ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1029090628&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

47c6c4dea26b27baa789f733e25f6d4a16eb4f934e29f1ee6592b79d1f055de3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69619
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 179 KB
65 KB 215ms
214ms Script
application/javascript 2a00:1450:400d:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-624489921&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4c33f1fb71018f42fd770d3807c3d7e2e91673009f09836d91f5f4f2f3b69264

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66916
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H/1.1

200
OK

ibs:dpid=21&dpuuid=217363104367003005933
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=16042748344710139910816157968285925462
https://dpm.demdex.net/ibs:dpid=21&dpuuid=217363104367003005933

42 B
942 B

30ms
30ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=21&dpuuid=217363104367003005933

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0492369ce.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: JPcvLfSPSKI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:41 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dpm.demdex.net/ibs:dpid=21&dpuuid=217363104367003005933
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H/1.1

200
OK

ibs:dpid=269&dpuuid=2355639c-a836-4000-bc82-1ac77fd76473&ddsuuid=16042748344710139910816157968285925462
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=16042748344710139910816157968285925462&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d16042748344710...
https://dpm.demdex.net/ibs:dpid=269&dpuuid=2355639c-a836-4000-bc82-1ac77fd76473&ddsuuid=16042748344710139910816157968285925462

42 B
942 B

29ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=269&dpuuid=2355639c-a836-4000-bc82-1ac77fd76473&ddsuuid=16042748344710139910816157968285925462

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-061dae83e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: CSex/x0YRrA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Fri, 16 Dec 2022 17:17:42 GMT
Server: MT3 254 34fcae8 master zrh-pixel-x31 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dpm.demdex.net/ibs:dpid=269&dpuuid=2355639c-a836-4000-bc82-1ac77fd76473&ddsuuid=16042748344710139910816157968285925462
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 16 Dec 2022 17:17:41 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=2144386735652512233
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=2144386735652512233

42 B
942 B

57ms
44ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=2144386735652512233

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-00fcfd78a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 5SLJpAz2Tz0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Fri, 16 Dec 2022 17:17:42 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.176; 185.213.155.176; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 89d0401e-d47b-4836-8b5f-76361c092f2c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=2144386735652512233
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1028536181/ 2 KB
1 KB 179ms
83ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1028536181/?random=1671211062186&cv=11&fst=1671211062186&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d14b5d5c2f30ec857a112b6172fb36a229abf4caaa9d47d8a37b9599433a9005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 865
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/624489921/ 2 KB
1 KB 117ms
55ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624489921/?random=1671211062224&cv=11&fst=1671211062224&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e5972b51c080c109a5d0b7ab62b2db5c5db4670cb267e67521e6bef5b566de57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 863
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame EE7B 0
214 B 226ms
8ms Image
text/plain 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=16042748344710139910816157968285925462&gdpr=0&gdpr_consent=
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/707912219/ 2 KB
1 KB 83ms
83ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707912219/?random=1671211062286&cv=11&fst=1671211062286&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05e7eca628e253f77d6dfe9d3826c40cfc3c7996f5f667781d3c6ac70fa28477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/449593252/ 2 KB
1 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/449593252/?random=1671211062310&cv=11&fst=1671211062310&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5095cb351730f9895a81e950e27b5c13fe807c476962a868dfedd6872bfc82d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 863
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1029090628/ 2 KB
1 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1029090628/?random=1671211062315&cv=11&fst=1671211062315&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1fb3f76818632fb3d4b915c46a8e1f2e89844583bdb6d1e0a645330272af9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/986405607/ 2 KB
1 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/986405607/?random=1671211062332&cv=11&fst=1671211062332&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bb290113881b91994ae244e3df71489624732667f677527b26c3ee5c8898421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973175160/ 2 KB
890 B 166ms
88ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973175160/?random=1671211062365&cv=11&fst=1671211062365&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55a20829735bc2ca9f7ca3e7088c8cb11ac5f389f687ad96be58668219279591

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/980723526/ 2 KB
890 B 893ms
833ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/980723526/?random=1671211062382&cv=11&fst=1671211062382&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&auid=1719451937.1671211062&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3eeece242847bc14ae3c2e1fbec56a02dbe49db5510fa129cb368f86003aecc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 864
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=540&dpuuid=404ca5b9-b0d4-4780-a960-f1cddd431b25
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=16042748344710139910816157968...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=16042748344710139910816...
https://dpm.demdex.net/ibs:dpid=540&dpuuid=404ca5b9-b0d4-4780-a960-f1cddd431b25

42 B
942 B

31ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=540&dpuuid=404ca5b9-b0d4-4780-a960-f1cddd431b25

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-06cd512cb.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: PhR9mnrnSvA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Fri, 16 Dec 2022 17:17:42 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://dpm.demdex.net/ibs:dpid=540&dpuuid=404ca5b9-b0d4-4780-a960-f1cddd431b25
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/624489921/ 42 B
108 B 208ms
89ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/624489921/?random=1671211062224&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4023863144&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/624489921/ 42 B
108 B 133ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/624489921/?random=1671211062224&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4023863144&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1028536181/ 42 B
108 B 194ms
76ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1028536181/?random=1671211062186&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4043154226&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1028536181/ 42 B
548 B 130ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1028536181/?random=1671211062186&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4043154226&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/707912219/ 42 B
108 B 133ms
77ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/707912219/?random=1671211062286&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1981860442&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/707912219/ 42 B
108 B 69ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/707912219/?random=1671211062286&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1981860442&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/449593252/ 42 B
548 B 129ms
75ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/449593252/?random=1671211062310&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2869417812&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/449593252/ 42 B
108 B 69ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/449593252/?random=1671211062310&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2869417812&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1029090628/ 42 B
108 B 130ms
77ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1029090628/?random=1671211062315&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4058919413&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1029090628/ 42 B
108 B 68ms
53ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1029090628/?random=1671211062315&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4058919413&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/986405607/ 42 B
108 B 76ms
73ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/986405607/?random=1671211062332&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4046337907&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/986405607/ 42 B
64 B 136ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/986405607/?random=1671211062332&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4046337907&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 /
dp2.33across.com/ps/ Frame EE7B 0
68 B 684ms
108ms Image
text/plain 67.202.105.23
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dp2.33across.com/ps/?pid=897&random=900188840
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-105.static.steadfastdns.net
Software: 33XP015 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-33x-status: 208
date: Fri, 16 Dec 2022 17:17:42 GMT
server: 33XP015

GET
H2 200 /
www.google.com/pagead/1p-user-list/973175160/ 42 B
108 B 74ms
74ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973175160/?random=1671211062365&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910170779&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/973175160/ 42 B
64 B 126ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973175160/?random=1671211062365&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2910170779&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEGGgukxUlxhXI22ZuiXe8gU&google_cver=1
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTYwNDI3NDgzNDQ3MTAxMzk5MTA4MTYxNTc5NjgyODU5MjU0NjI=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGGgukxUlxhXI22ZuiXe8gU&google_cver=1?gdpr=0&gdpr_consent=

42 B
943 B

46ms
46ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGGgukxUlxhXI22ZuiXe8gU&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 18 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: RPg8KZwvR3E=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGGgukxUlxhXI22ZuiXe8gU&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame EE7B 43 B
395 B 522ms
111ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=16042748344710139910816157968285925462&p_id=38594

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 105
date: Fri, 16 Dec 2022 17:17:42 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 2328c45bbe21323f
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: c51e3f2dcc8dd8756fe1f2483bc4f73a25c08ee08b862046f2fb929d577f27c3
content-length: 43

GET
H2 200 _Incapsula_Resource
www.tdrewards.com/ 1 B
35 B 17ms
11ms Image
text/plain 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tdrewards.com/_Incapsula_Resource?SWKMTFSR=1&e=0.11606566356126713
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.65.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 112ms
29ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 16 Dec 2022 15:24:37 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6786
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Fri, 16 Dec 2022 17:24:37 GMT

POST
H2 200 login Show response
www.tdrewards.com/api/userManagement/guestUser/ 489 B
1 KB 279ms
268ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/userManagement/guestUser/login

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

dd3c6c055da2864775fed3323a89bb98de800da27959766a6d284b805038152b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045171 PNNN RT(1671211060200 2646) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 55ms
34ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 16 Dec 2022 17:17:42 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C01BF48689684D89AC335FEC0B07AC62 Ref B: FRAEDGE1309 Ref C: 2022-12-16T17:17:43Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H2 200 B10862916.145035458;sz=1x2;ord=718432865072 Show response
ad.doubleclick.net/ddm/adj/N307601.197812NSO.CODESRV/ 11 B
547 B 118ms
37ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N307601.197812NSO.CODESRV/B10862916.145035458;sz=1x2;ord=718432865072?

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEAIq7MLkmVQUoqtwmQDOVdM&google_cver=1
https://pixel.everesttech.net/1x1

128 B
796 B

29ms
29ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 91ms
29ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:12:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 16 Dec 2022 18:12:02 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 91ms
30ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 16:33:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2638
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 16 Dec 2022 17:33:45 GMT

GET
H2 204 5188219.js Show response
bat.bing.com/p/action/ 0
119 B 106ms
106ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5188219.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Fri, 16 Dec 2022 17:17:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5EC68C55B7E54EA190C9B2AED94EFF2E Ref B: FRAEDGE1309 Ref C: 2022-12-16T17:17:43Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
176 B 30ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5188219&Ver=2&mid=626acc5a-995c-4a18-9289-25188c720b06&sid=8d19ce207d6511eda3e3df8f8985f7af&vid=8d1a0f307d6511edb2f6f9519dd178b5&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=TD%20Rewards&kw=TD%20Rewards,%09Points,%09Loyalty,%09Expedia,%09Redeem,%09Gift%20Cards,%09Travel,%09Apple,%09FitBit&p=https%3A%2F%2Fwww.tdrewards.com%2F&r=&lt=2932&evt=pageLoad&sv=1&rn=658398

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 16 Dec 2022 17:17:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B9C5B2AF2C71484F890D5DBD1AE9F3D6 Ref B: FRAEDGE1309 Ref C: 2022-12-16T17:17:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEA...
https://pixel.everesttech.net/1x1

128 B
691 B

30ms
29ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-7284910-1&cid=587505718.1671211063&jid=703412973&gjid=221851105&_gid=882393232.1671211063&_u=aGBAiQIxBAAAAEAAs~&z=632578562

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 16 Dec 2022 17:17:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 29ms
28ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=2121852883&t=pageview&_s=1&dl=https%3A%2F%2Fwww.tdrewards.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=TD%20Rewards&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiQIxBAAAAAAAs~&jid=703412973&gjid=221851105&cid=587505718.1671211063&tid=UA-7284910-1&_gid=882393232.1671211063&z=250682254

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 13:43:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12829
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 182ms
84ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-7284910-1&cid=587505718.1671211063&jid=703412973&_u=aGBAiQIxBAAAAEAAs~&z=1767149699

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
63ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-7284910-1&cid=587505718.1671211063&jid=703412973&_u=aGBAiQIxBAAAAEAAs~&z=1767149699

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://pixel.everesttech.net/1x1

128 B
691 B

30ms
29ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 angular-locale_en-ca.js Show response
www.tdrewards.com/templates/active/static/i18n/ 3 KB
3 KB 122ms
122ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/i18n/angular-locale_en-ca.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

67563318f781475915e443fef24576ea64e5de5a80e7ab3fd6b967de15538dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"a9a-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 4-374045107-374045169 PNNN RT(1671211060200 2921) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2714

GET
H2 200 product Show response
www.tdrewards.com/api/productManagement/ 8 KB
8 KB 278ms
278ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/product?name=$250+Education+Credit

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

e927dcebecb2c550da9428ce3ef949d06bd75ec8116b3a9df83dc7ab63c1f04c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045111 PNNN RT(1671211060200 2931) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 catalog Show response
www.tdrewards.com/api/productManagement/ 434 B
540 B 243ms
241ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog?program_id=1

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

c40b0b8b73b6b119800fdbdcb3446d2b8de94b8259ae69aba87bae0eebf1c971

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045176 PNNN RT(1671211060200 2935) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 getRoutesLastUpdatedAt Show response
www.tdrewards.com/api/utilityManagement/ 566 B
701 B 489ms
489ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/utilityManagement/getRoutesLastUpdatedAt

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

d605ff8df2a87ad3ff1a11b287455b9f60e445b238924f8631c1dccd4cd0019b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045615 NNNY CT(723 292 0) RT(1671211060200 2937) q(0 0 0 -1) r(5 5) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H3 200 /
www.google.com/pagead/1p-user-list/980723526/ 42 B
64 B 104ms
73ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/980723526/?random=1671211062382&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3074194072&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/980723526/ 42 B
64 B 51ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/980723526/?random=1671211062382&cv=11&fst=1671210000000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2F&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3074194072&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
691 B

30ms
29ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 nr-1026.min.js Show response
js-agent.newrelic.com/ 22 KB
9 KB 34ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1026.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d10816bada4d94734c1cb7e191ffb89ea7d9bb5c11b3e680f6b00c3a28d4e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 varnish
date: Fri, 16 Dec 2022 17:17:43 GMT
x-amz-request-id: E8JPR5XFTHDTPZQC
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 8844
x-amz-id-2: xfJyGSjkPEldh3xOY03kZRPe5qkWcenQ0+kzfo0ykZ/4nKZxts/xBmhTEJLcYP0UqlOg/p7uU9MngiUOFklqsA==
x-served-by: cache-hhn-etou8220083-HHN
last-modified: Wed, 28 Feb 2018 23:33:30 GMT
server: AmazonS3
x-timer: S1671211063.451442,VS0,VE0
etag: "230c916aaa9194e21891a639a9c2b8eb"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 25

GET
H2 200 icons.ttf
www.tdrewards.com/templates/active/static/images/icons/ 35 KB
35 KB 123ms
122ms Font
font/ttf 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/images/icons/icons.ttf?qta720

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

0b2a1aee7a62edd2f0edcadf59fd2e1c5635e5eb1c807b10e64c06176c9eb077

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"8a7c-1845acd8810"
content-type: font/ttf
x-iinfo: 4-374045107-374045169 PNNN RT(1671211060200 3058) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 35452

GET
H2 200 weblysleekuil-webfont.woff2
www.tdrewards.com/templates/active/static/fonts/ 18 KB
19 KB 143ms
142ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/weblysleekuil-webfont.woff2

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7f8f92a1913474ebb54f27bb9a908eb8006c76665ed14ed7ebea958b661b4b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"49e4-1845acd8810"
content-type: font/woff2
x-iinfo: 4-374045107-374045630 NNNY CT(723 291 0) RT(1671211060200 3061) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18916

GET
H2 200 tr
www.facebook.com/ Frame EE7B 0
185 B 25ms
9ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1539657062816299&ev=fy18projecteverests1tos26supp&noscript=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Dec 2022 17:17:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 204 1.gif
nexus.ensighten.com/privacy/v1/b/ 0
267 B 29ms
23ms Image
text/plain 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/privacy/v1/b/1.gif?n=0&c=822&i=4of5xn&p=public-ca-dev&d=N4IgbgpgTgzglgewHYgFwgIwDoAMuQA0IA5gIYAuEA7qQJ5ogBMW2GjAnISAMYA2cEJOQCSAEzQAORoyIAHAK4AjfjAAWABQqqGC5XG4BabqQOiIYLnCQxypJNwhiGAFgQAzAKwAPFHNLcAawhyNBwiAFsEMwYqVThKFRCibgQEAIEYNGAAXyIoCABHeQgbTNQAbVAzGysKRBR0VXJyWRhUAHp2pAgveRgsQXhiJsEsFPD28lFFdt1+Q2N2mGhIKABhBHDZZEFyLFlVWQB+JFJwktl-CABeACFU8hsoUllZaAAyGzruACkYTXIqmu3V6-UGcGGlCQY02k2msyU8yMpHaKTM7XeczgaggogA8khrgAVVTyACkjBwABEINwKTgMB56RgJKgAMweVDOADs9IA4gBZIn0ynSd5rfi7YRU65SRjvTTERwypotGBktkAQQpADFdVQDVgpvkaFBRP1xrquORaG8GDBuFA4LIkiAvlAQqgMAA2blsDAYHDenDsX1EQTiL2+-2B72BnAyN0IeRQBwMKzLD23CBuBD5Lhfch9Bi8BCkcR5CCkGDIMrlAC6RDgkZ9fsYAaDId9uSqJXItX7yAYqtaHS6PT6A2sEJG0PGcJmWIWKLREHaEA8jG53sYEgkonYzgkOG5EjczlpGFE3GcGG5blEbhwEEYiiwACsYEcUkhRPF6mIODXB4OAeBIGBstatoQPajrOq67qeq2MZBvGGDhr+aDIe2saBmwRA1imaboBm0DkNmub5gRthFmUICluWXD5NWtZoA2TYttGOGoTgDI9iA1T9qcg4NCAI5tJ0IKTuCkKjPOUyLoi+jIqiURrt6iiUmyuI8twlKnhAihuNpZ6KDyHLODgR4QHgn7fsgf4iYB1xHluvoeFBdroA6TougWtgelhXEdnGvFhCAEZBW2IV4YmhGpjBJHWGRFF5jB1EUMW6AMRWIDMTW1hsY2IDNlFKGhbx-GCQO9TDs0o6dAaVBYMQqTELwwSkMQ4R2F10AwhMxC2MQ7R2c21xUmsBjeuw3LOIwt6eYlbpwX5GWBVG0W4QyEgYZxW2oR43psgRyYJemyVZjmaX+ZldE5UxVYFXWxWlZt5V4RIVV9jVQ6NPVElwlgZjhGYXhYN05DtIJHhYE04S8EcogAPrTqI1w4AAxOJGraower401RqiCapBmhamxLembjPOct0bdhMU4BIJ0RZh73cXGwZxWdxEgC8by-mscS8LlhZZfRZa5flrEVK9+0fczbLfTUwm1f9apjkTrUIO1nXdb1SpQAN7RDV1o1fuNk3TRI3oSB4GDsO8vDXKIFCkAAMnQHzcF41zcFT3mrQhAVIcFuEeEde1lZzd7HadRHLaRV2Uelbo0RLD2VixhVyxxMcxZH3oq0JdR-WJANa4aOt68NPWnEbJtmyNY3o9bdt25uODO677te7QPt+wHRA2l5K2+SHZNhwdcaRx40cczF4G7UmicXZm5HXVR6d3SWUuPTnL354vEeRyXv2ieJVfNTXHV14b-Xzs3FtHFbU0d-bOBsj3bu2P3g-+0DuPeC9Np4fUjtyBejNcISHYKzeKfNk6b1TrdWie9GLZ2ekVY+0DDoeG5OfNW5cr6NWrm1O+XV659WNk-YaL8342ztoGZwP8+7eygO8X2gCR7QVghPUBBdT4r0iifVCcDnAJ3OklDeqVt7i3uvvTBst2IlQVrHSOX0CC9lVmXS+ldOgwHOOQJ03B+hTBNjMGAMA4RTG4OQAgUx2oIEUKQXg7RAztB+AAZQMMwSkuAlgBm5Pgu8t52CMAdjgI4moACKtxrgYHeL+IEiTZBuASZw1xvAXGBGuDAZG3BkZwF4OUDA9ZgYIHUAgGwOSAgwHeMEDJ5AEnel1AGXUopGDMl5FqO8uNbz0iZJSbuogsBJPgOjbun5kBgAycDT4f50aME1B4AAomstYmov6rIkDqNktwcAGDZNyW4LMJBUm5OwVZ7BNSWXtu8cI41GSHmcDuNkM1nDHO5AmaQ7BmZBgssGBMEhXn4IifKUgZxeBAm9Jwm4ABVIkOoDASHGdcBSdgAiYj6gAOTODcfUhpjTUDJuaAaup3jEGuDjLUupCXNWJaaMllp8afBWNAa4RNGWkopuEBpkAhAwGuOYXYiTIXhEUNcAASgAaUOFKgAXhIAIUBiCMHIB7PE3pZDEHkAADQAOqyA8AgXgARNTcHhUgOAMSACa6gAASpABQGoNcQUQPw2ReAVeoA1MTQbvhwLQd4YAMATQ1FSS4So8XnBDWyDJN4EldK1LxdQAoQ3OATR4a4OonRu2DWAbNiTuDemuAaiAEAAj5s4WwYECByAGFIPIQEux9AUFxDW+NOLqAhpZOGtkVIby9vYP2wdHhOGUlHfksAcAQ2TqpBGktE6w0LoHfCzMBhNRKiEHGxgo7uBsDjfG1dg6IJxpHSe6ds6wB233e2Th3z0WiFseQCkaxHGlhcbwB9YbnnOFeYwd5h4vk-I4P846HhXm8V3KC7k4KQ1+muJqDA9IyTcjWPSW4KHKRoYw5SNYxa5rUoBrjOlhMiUkxJeTclrLuDBKQ68AUT0UwQHOEIekBgRRYH8d3MAh4EkeBeW8j5IHpBgePBBqDwLYPwaFT6XiXg2C8U4dcBa7x3wJKwLC2ZOL3gBGuLa94igqAtOU4oFJwyHkpFVeNTUp4vnehWQtDwWH1k4FuX8qk-6ySWU1KIZxEA8SqveLE1ZCSgE+RAetMB6i2SsxEbgncIYJGrykSVS6yCboZTQdlRReUnrKPloIw6cXCG6LqprUhN9yH6yoY3Wh5tW4TXfhIP0AYWEu1-p7dhnCh4ReDgI0Rs9BNQPDkGdsu5JGIIy7ItO8j0HSwK7nFRb1EuMkE2VkSFWGrtG1jV++DdH6wmfk162Hg2TSG5qwv+PWuHDxAKPZakW1o7wZmN2ewZRsz3bM4eeqXpsyK3nNjOCiMH5cPtg1RxWPs4E2+rCulXdtkN1hQg2h2aHHboU1zUBqDCBl3OduM4FrvdYHhwu7-X+HReh4yOMX3yrSBPFNpOM2geoMznlmWy2itDdpxgOHxD9FI+qyj2rD8MeDSx5bdGOPpoLSPOwcJiTOtsLJ717hD3eFByp69mLhd45szUSFaQt5mfrxSmz7LHOwdc6PlD3nR1lZaIEj9IhejEd7dFwd6hTcpevxl7j75ly2Dtidirm7auKc8LHs9yeb2Z608TAl97gHINm+kRblBVvQeLYh3ne3a2jqMAF+7nbt8qxkuIBUxEtJ5gBAhsEWYfVyztBndQQEUBkzDB-KseAyB2g7n-bApX7QjjPF-JsFp32TecNmQGd4bgbBT4ZzPxQVK3Ab835S+Q408S6erLQewGShrhFU2WRQ8hu7yGRiZ+TV-kYWeU6oQknu9blkzDOhwvKF9QFP1fqALsNKeMBMOoXKlGTKvKFK-YLixIC6lIUqVG5o7wTaTyfoh4DscC3ILAKe7w8gpAJmIy7swqAqr6A6zcMISAbgEI7wUAbg4QzS38dBzSzglOUWuu0OJu4Uye32bIiu6e-MrwEYwsxSYsIOC2B8WC+eq2KeC0sOzu1Ubu22gM5e7+LU1eygte+g9ekMTeSoLebeVAHeXeqgPe0AfeSA7iwKhOLIGAo+4+-mp+iW7Ytss+CSiSi+zSThLIsKa+1wm+W+uqu+++MAh+3Ax+5Ap+jA5+l+uBN+pm9+j+3cz+nKyOb+5oKw+gJQA0P+f+uBABxGaopG+M9KxMpM1GLKOo7w0BpAsB9ICBEByBO+6Md4jsv2jsxy2B32uB+BGM7wXWxBuwEa5BP4VBxANBTB1wjB9BLkrBL2iEHBlIf23BDOlk4UCCy0AsQhIsohu8uWNuS2du0h0+oEJeShY4Khle6hHUfAWhDeUMUaFereAghhqgne8g3eMyZh9Q7QQe7AIejsdhdgDhy+nM0gLh3Ac+7hS+Thu4Ph6+-hbg2+QRyBIRR+iSJ+Z+pAF+9+t+QKsRiR7wyRr+HU7+GRX+2RNMuRKYgBJGtKxR5GDK4BPKNGlR1RtR8BiB9SKBzRaBbRmBnRDO3RBBfRRBIq7GZBw0FBox4x0xUxzBsxceeusYgGgY9OoJAG-BmxQs2x7OOeEhhWOCKebIgYpxGsZeNWqhVe-mNeNxgQdxuhjxBhRh7xJhnxsA3x-67AgmF2m4gJE+jhRpgYrh8+HhIJxuxp3cvhCJiJgR6Me+KJoR4RkR0ROJ8R+JSaT+L+qRJJ6RUAn+WR4wORvR1JBRrQRRIBYBZRzKmwUBcAMBRIcBOA9RPKjRqBrRGBHRThQpvR-RYppBVIwxyA0ptBspC+0xLB0eT2A21OQ2KpKWyx6p3oKW6xDAWpogwhosup4hSi3OhpPBGAzgppCO5poulpVxmhdpOhDx+hzxzpHxSAve3x+OfyfyO4EgfpwJThxp46EJbhC+0JgZ46UZCJSJcZwRiZ6JERmJ2JsRuJym1+BJRJ2ZFeH+mR3+lJxZ+RQBZGoBFGVZkBrKbJDZdRnJrZPJ7Z7RWBXZeBwpvZJBQxkpIx1BI5DBY58pk5fCbB8xs5xpwi7MThoKmpgh2pIhW5exuekhK2RuypvFR5JCpsFplx1pGhtp2hje15ogTx7erxxhph7p-e7AtslkR0J4H5k+X5F2wZUJnhRpllwF-hoF1w8ZB+aJlKUFURWJMR1+cFCRGZSRWZIuaRqF5JhZGF-+NJhRdJFZeFnJLJVRdZNRxFHJDR3JCSvJHZVFOBNFPZop9FEpXUUpzFExcpMxHF2uXFocHBbIpuhuHBry3oQlgs65Op2e254OklPOX5t4clQuFx-QVpyYKlde9pGlWlLxbx95j5Bl3IxpwS8mZlAZPB3oP5kJ-5NlS1QF8JDlsZTl4FrlGJHlMF3laZCFflhJAVLUilwVBZmwRZ4VpZ6oUVJR3K5RNZhFCV7JTZpFqVLR6BlFApoJ3ZhBtgAx4pA5jFQ5RVo5ExE5muMe057BPFc0apxukGPMa86Aa5G5OxOWks+xeeUlVVc0PVHuMVEBJsAq-msAH4mQZVwCcxlVvO80kCtVs5S5DV-2y04QzauieIigH+0AawHsYleNElBpBe72B5W4JNO2lZsV84F+v4HUNNCpg2Thy1fF0l423I24-B3NNE9QfNAt6wwtrV4l+pu5Et32GtMtgMct5N8krGsgvA7a1i-g-YkASwBt3AkwTtLtlAaw-gqgEADqERvAKtdNseatKep4XB-FMdx4etPNIkRt7KJtItWc7V4tRxDOsdtt18pR8tsIyMwg9gLwMA8gLtyMCB6xRwXiBqPwwgtqHsBqmo1waBog1VndGA3AEgEAbIpA3oEA3om+og80Hgbg3INkF2xkaKxakqbAcWlFF2qtM5ThsdKNypLMLNK56A+tvN-NadQtGdnOBxkOOdoJed8hru5WZpdtyFjapwvAtA-YpiJsvUz9r9-Qn4q9iNThcC6ErNiWbIJ46NaWSCs2J9+NHVe5DOAD+dnQLiewigVgVeCtFAEdcNU5Ou3FwDDISe8dM8IDLM-BEDluO8uNmdtu59Wtx0+DR5QCcA4QxA0dRDSsm9AKoSjVWxolZtEUUAneUAFthxtDxDTu2ipcW2d9Y45Y55ql9pogogEw5Y747QOKID24DILAs04EjAOKXieIWAaweIVIqyXiUqAAau0FhszDuH8d6CwL9l-JBmBAANwwAKoJJeCMCuN5jox+ggoXa2wgRwZHC-24PvYgOUgcPHR3h-a73paA5Z4UPW5i2W0X0hRRNyESMXxnFVaXWi6P2uIv36C8qzC8DvEZjtB4HrjjDnAJSYOPacUM1TzQ4gMjZAORNxOkOs7JPzbm07kiNtOgTsAIPC4FN6xFOf2lMmzO2VPWDVMoj8BIDpCjI-2R0I0RNsOfadNEN3jsA9NJNZYpN6mDM0PDPBhjNINYAoNIBoOwiyDtDu3fEOx7ih6NNa702KnDOngxO8XxO8wbHCXNW8MnNtXUNSGiMniaI5OKHSOdB9VqHKXXHDVXnN6aVOk6Uul6XmHtCGWgMciMDegLVhkyVSBWVrWkvjZsjkv2UBFNG7UJn7XuUpmwUnUP5nVIWBU5nXXoW-6YURVllPUMmF0O1vWskfVJVfUpUMu-V8mdlZU9HA01F9kMUFVMVjEsWTFsWlVYPNPfM8XhJ-MgPLmAurnAvY1QNpNDOGvF7X06JSPHn32Mn4UmyUBbD+0lBPN2JwCe2Fj6DtBwAsgWF2C6ou1QAGCljGAdTIyCDIgfPw04OM3AO7ia1tO3jwJmuY0WstVgsDNZ3pOiOpvZD1jZBAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:43 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: ZaakdsmTv5sX0FJkj7y2B3se27epvTpNsnkdduXP0J4rOH3MvSERNw==
expires: Fri, 16 Dec 2022 17:17:42 GMT

GET
H/1.1 200
OK c099ced574 Show response
bam.nr-data.net/1/ 49 B
625 B 438ms
342ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/c099ced574?a=9185954&sa=1&v=1026.7a27a3e&t=Unnamed%20Transaction&rst=3399&ref=https://www.tdrewards.com/&be=826&fe=3344&dc=2762&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1671211060076,%22n%22:0,%22f%22:202,%22dn%22:203,%22dne%22:281,%22c%22:281,%22s%22:294,%22ce%22:309,%22rq%22:310,%22rp%22:750,%22rpe%22:763,%22dl%22:761,%22di%22:2761,%22ds%22:2763,%22de%22:2932,%22dc%22:3344,%22l%22:3345,%22le%22:3347%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 77a912fb6c5f5c74-FRA

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

28ms
27ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 918 B
1 KB 233ms
232ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Gift+Cards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

b1915d051b57f75ca28faffb94ccc8a2ba8c4a0392ac643e6cf726c5d222eacc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045169 PNNN RT(1671211060200 3181) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 6820 Show response
www.tdrewards.com/api/productManagement/product/ 257 KB
257 KB 871ms
870ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/product/6820

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

7db04c08ee3ef7837feefa559ef7c967238798e8a64b602ff9744517fc9e134b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:44 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045653 NNNY CT(723 287 0) RT(1671211060200 3215) q(0 0 0 -1) r(8 8) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

ibs:dpid=1175&&dpuuid=upvRU-2Q2wehkd5TuJnFBrXN0QChmdgE758c9v_T
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=upvRU-2Q2wehkd5TuJnFBrXN0QChmdgE758c9v_T

42 B
942 B

29ms
28ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=upvRU-2Q2wehkd5TuJnFBrXN0QChmdgE758c9v_T

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0e6039550.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: znlOKsQBQeI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=upvRU-2Q2wehkd5TuJnFBrXN0QChmdgE758c9v_T
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=1957&dpuuid=22FB5A534D9E6F2F1F34482F4C4C6EEE
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://c.bing.com/c.gif?uid=16042748344710139910816157968285925462&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=22FB5A534D9E6F2F1F34482F4C4C6EEE

42 B
942 B

29ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=22FB5A534D9E6F2F1F34482F4C4C6EEE

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0826e4ce6.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: oadWHr7yTVs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D81A814C4904595A2DCF109451F2BCC Ref B: FRAEDGE1309 Ref C: 2022-12-16T17:17:43Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=22FB5A534D9E6F2F1F34482F4C4C6EEE
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame EE7B
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WTV5b05RQUFBSlJ1RmdPVg&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

34ms
33ms

Image
image/png

54.229.166.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 54.229.166.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-166-144.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:43 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Fri, 16 Dec 2022 17:17:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 getAppComponents Show response
www.tdrewards.com/api/utilityManagement/ 1 MB
1 MB 899ms
899ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/utilityManagement/getAppComponents

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

d0b4a4e59c1938f8032dbc12fde5016f0570af32b3985ce4012a938ad8749972

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:44 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374045630 PNNy RT(1671211060200 3426) q(0 0 0 -1) r(9 9) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

ibs:dpid=22054
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://a.tribalfusion.com/i.match?p=b13&u=16042748344710139910816157968285925462&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://s.tribalfusion.com/z/i.match?p=b13&u=16042748344710139910816157968285925462&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://dpm.demdex.net/ibs:dpid=22054

42 B
956 B

30ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22054

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: JeSOGfluSHk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 300
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:44 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 316
content-type: text/html
location: https://dpm.demdex.net/ibs:dpid=22054
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 77a912fe99119052-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=22052&dpuuid=3632212144541401105
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632212144541401105

42 B
942 B

29ms
29ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632212144541401105

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0284b356a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: x5/WtY99Ryw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632212144541401105
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185
expires: 0,Sat, 17 Dec 2022 12:17:44 GMT

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=16042748344710139910816157968285925462&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-JAfSslZE2pGye4paMOWjDTJtqHg7IsiResw-~A

42 B
942 B

38ms
37ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-JAfSslZE2pGye4paMOWjDTJtqHg7IsiResw-~A

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0f7e0a58c.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ok22lwCpSGI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Fri, 16 Dec 2022 17:17:44 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0105.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-JAfSslZE2pGye4paMOWjDTJtqHg7IsiResw-~A
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=575&dpuuid=7670968590944256780
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=16042748344710139910816157968285925462
https://dpm.demdex.net/ibs:dpid=575&dpuuid=7670968590944256780

42 B
942 B

31ms
31ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=575&dpuuid=7670968590944256780

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0327f6936.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Z0jdMPw1QIE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 16 Dec 2022 17:17:43 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-5.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
location: https://dpm.demdex.net/ibs:dpid=575&dpuuid=7670968590944256780
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame EE7B
Redirect Chain

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7244974642127699765&uid=Q7244974642127699765&ref=%2Feucm%2Fp%2Fadpq
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

20ms
20ms

Image
image/gif

23.64.53.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 23.64.53.65 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-64-53-65.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Fri, 16 Dec 2022 17:17:44 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Fri, 16 Dec 2022 17:17:44 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ibs:dpid=59982&dpuuid=
dpm.demdex.net/ Frame EE7B
Redirect Chain

https://exchange.adstanding.com/partners/aam/sync.php
https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

42 B
960 B

30ms
30ms

Image
image/gif

34.247.240.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

Protocol

HTTP/1.1

Server

34.247.240.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-240-197.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-06cd512cb.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: TpgceQIPSuU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 300,104
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Fri, 16 Dec 2022 17:17:44 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=59982&dpuuid=
cache-control: no-store
expires: 0

GET
H2

204

v1
ads.yahoo.com/cms/ Frame EE7B
Redirect Chain

https://cm.everesttech.net/cm/yh
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y5yoNQAAAJRuFgOV&sigv=1&esig=1~8e9886ab0121ec4731f2f2616dcc507a2e6bac4f

0
194 B

191ms
20ms

Image
text/plain

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y5yoNQAAAJRuFgOV&sigv=1&esig=1~8e9886ab0121ec4731f2f2616dcc507a2e6bac4f

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:44 GMT
strict-transport-security: max-age=15552000
cache-control: no-store
x-content-type-options: nosniff
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y5yoNQAAAJRuFgOV&sigv=1&esig=1~8e9886ab0121ec4731f2f2616dcc507a2e6bac4f
Date: Fri, 16 Dec 2022 17:17:44 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame EE7B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433
https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t
https://dpm.demdex.net/ibs:dpid=139200&dpuuid=vXUGKyh0TCWyqLE6p63AzA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=16042748344710139910816157968285925462

43 B
479 B

114ms
114ms

Image
image/gif

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=16042748344710139910816157968285925462

Protocol

HTTP/1.1

Server

52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Dec 2022 17:17:45 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 13A6V0C5DQY9A37P93YG
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: hKYWI9utRPM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=16042748344710139910816157968285925462
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 920 B
1 KB 280ms
280ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=eGift+Cards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

a84e80dc78008778ceb3315cb6c8e2e6901e76f6ff493d451840cfae7bbd4734

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046059 NNNY CT(723 285 0) RT(1671211060200 5479) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1 KB 278ms
278ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

d716df6275ca7dd4c440b1c45f016ad0ac20fc432c06e48e9a0102960336dae6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046061 NNNY CT(723 284 0) RT(1671211060200 5480) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1 KB 280ms
280ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=2&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

c949db8a881804095f57491f28de162edd214eee10db0b9fcb81ac9c9420d63b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046064 NNNY CT(723 284 0) RT(1671211060200 5483) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 908 B
1 KB 267ms
267ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=New+on+TD+Rewards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

19ae9366cd6aaa5e80f6f8bc994ea7892f3fcb901adad7ec5f14031448459378

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046066 NNNY CT(723 283 0) RT(1671211060200 5485) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 908 B
1 KB 266ms
265ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=2&category_id=&name=New+on+TD+Rewards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

5773a64bc9e5e914a791508e1e0425d623e33c603c873eaf9635befeb481e9f6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046068 NNNY CT(723 280 0) RT(1671211060200 5486) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 td_shield_nowhitespace.png
www.tdrewards.com/templates/active/static/images/ 1 KB
2 KB 123ms
123ms Image
image/png 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/td_shield_nowhitespace.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

a01050f120544b659a5b01dd168b7416224587780616e22d71c1d223e7a6d92b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:45 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"569-1845acd8810"
content-type: image/png
x-iinfo: 4-374045107-374046077 NNNY CT(722 275 0) RT(1671211060200 5520) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1385

GET
H2 200 td-font.ttf
www.tdrewards.com/templates/active/static/fonts/ 5 KB
5 KB 225ms
224ms Font
font/ttf 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/td-font.ttf?j0pn85

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

c39cd074b33a0348246ff987044c7650533c69afc4727bac852f8e02722d6d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"12c4-1845acd8810"
content-type: font/ttf
x-iinfo: 4-374045107-374046077 PNNy RT(1671211060200 5522) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4804

GET
H2 200 e6cf7c6ec7c2d6f670ae9d762604cb0b.woff2
www.tdrewards.com/ 70 KB
71 KB 285ms
285ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/e6cf7c6ec7c2d6f670ae9d762604cb0b.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"118d8-1845acd8810"
content-type: font/woff2
x-iinfo: 4-374045107-374046077 PNNy RT(1671211060200 5591) q(0 2 2 -1) r(3 3) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 71896

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 29ms
29ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=2121852883&t=pageview&_s=2&dl=https%3A%2F%2Fwww.tdrewards.com%2F&dp=%2Fhome-page&ul=en-us&de=UTF-8&dt=TD%20Rewards&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiQIxBAAAAEACs~&jid=&gjid=&cid=587505718.1671211063&tid=UA-7284910-1&_gid=882393232.1671211063&z=1670547370

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 16 Dec 2022 13:43:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 12831
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 expedia_logo.svg
www.tdrewards.com/templates/active/static/images/ 5 KB
5 KB 281ms
277ms Image
image/svg+xml 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/expedia_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e2f5114f1b78eea5212a2aa1a74bf3c57ed7c2e8c64b4881bf5bbb266c758f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"1335-1845acd8810"
content-type: image/svg+xml
x-iinfo: 4-374045107-374046117 NNNY CT(722 274 0) RT(1671211060200 5599) q(0 2 2 -1) r(3 3) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4917

GET
H2 200 amazon_logo.jpg
www.tdrewards.com/templates/active/static/images/ 9 KB
9 KB 610ms
606ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/amazon_logo.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

1de90302505bf3cdb1bfce7f2d1e76a850e3097030b79cd83e2c8a119e899aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"2365-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046118 NNNN CT(129 219 0) RT(1671211060200 5601) q(0 1 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 9061

GET
H2 200 gift_six.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 25 KB
26 KB 611ms
608ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_six.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"65c6-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046120 NNNN CT(120 219 0) RT(1671211060200 5602) q(0 1 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 26054

GET
H2 200 gift_seven.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 14 KB
14 KB 594ms
591ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_seven.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3790-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046121 NNNN CT(119 207 0) RT(1671211060200 5603) q(0 1 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14224

GET
H2 200 gift_eight.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 603ms
599ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_eight.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"531c-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046122 NNNN CT(118 212 0) RT(1671211060200 5605) q(0 1 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21276

GET
H2 200 gift_nine.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 16 KB
16 KB 703ms
700ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_nine.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fe9-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046121 PNNN RT(1671211060200 5606) q(0 5 5 -1) r(6 6) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 16361

GET
H2 200 gift_ten.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 718ms
715ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_ten.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"54d5-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046118 PNNN RT(1671211060200 5607) q(0 5 5 -1) r(7 7) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21717

GET
H/1.1 200
OK dreamnow_1024x342_006.png
assets.tdrewards.com/img/ 536 KB
537 KB 439ms
103ms Image
image/png 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/dreamnow_1024x342_006.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3672b1cc5644a316f8495ba58577a91203dd8028d99fed7efdec2ed2ba4f2f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 28 Nov 2022 19:51:33 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63851145-861f9"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 549369

GET
H/1.1 200
OK dreamnow_1400x467_006.png
assets.tdrewards.com/img/ 989 KB
989 KB 438ms
101ms Image
image/png 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/dreamnow_1400x467_006.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

4d98a339d404ef0fc1fc3666bb04ca11be02d78f20c3669b89e573fa00fcc89e

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 28 Nov 2022 19:51:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63851139-f7424"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1012772

GET
H/1.1 200
OK cr-1331_egift_card_banner_small_005.jpg
assets.tdrewards.com/img/ 87 KB
87 KB 440ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_small_005.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 19 Jul 2022 19:00:48 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62d6ff60-15b21"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88865

GET
H/1.1 200
OK cr-1331_egift_card_banner_large_006.jpg
assets.tdrewards.com/img/ 127 KB
128 KB 441ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_large_006.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 19 Jul 2022 19:00:44 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62d6ff5c-1fddc"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 130524

GET
H/1.1 200
OK cr-1555_25-_campaign_banner_small.jpeg
assets.tdrewards.com/img/ 36 KB
36 KB 442ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1555_25-_campaign_banner_small.jpeg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1d04c53c3331b70ec43eece628290db07f5779c09f6720d231d2553a31d61c41

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 11 Jul 2022 15:58:16 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62cc4898-8f6a"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36714

GET
H/1.1 200
OK cr-1555_25-_campaign_banner_large.jpeg
assets.tdrewards.com/img/ 57 KB
57 KB 443ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1555_25-_campaign_banner_large.jpeg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a6e9a2da6922347db1b02062e0b31cd055e53ac9b7fb422d1232a5eae86167b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 11 Jul 2022 15:58:09 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62cc4891-e454"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 58452

GET
H2 200 c5cd7f5300576ab4c88202b42f6ded62.gif
www.tdrewards.com/ 4 KB
4 KB 761ms
761ms Image
image/gif 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/c5cd7f5300576ab4c88202b42f6ded62.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"1052-1845acd8810"
content-type: image/gif
x-iinfo: 4-374045107-374046077 PNNy RT(1671211060200 5633) q(0 6 6 -1) r(7 7) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4178

GET
H2 200 s1210884559754 Show response
smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/ 5 KB
2 KB 618ms
618ms Script
application/x-javascript 104.126.37.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/s1210884559754?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=16%2F11%2F2022%2017%3A17%3A46%205%200&d.&nsid=0&jsonv=1&.d&mid=15944623694377022290806354600284657252&aamlh=6&ce=UTF-8&ns=tdbank&pageName=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&g=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&ch=ca-en&server=www.tdrewards.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3DpageName&v3=1&c4=12%3A00PM&v4=1&c5=Friday&v5=1&c6=Weekday&c12=not-authenticated&c13=New&v18=D%3Dc4&v19=D%3Dc5&c20=D%3Ds_vi&v20=D%3Dc6&c21=D%3DUser-Agent&v32=D%3Dc12&v33=D%3Dc13&v39=D%3Ds_vi&v68=D%3Dc21&c70=tdtdct%2Ctdglobal&c71=15944623694377022290806354600284657252&v71=A1%20%7C%20B1%20%7C%20C1&c74=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&c75=AppMeasurement%20-%202.20.0&v94=15944623694377022290806354600284657252&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&lrt=561&AQE=1

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.37.57 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-126-37-57.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

a43d5094859b468e5c3dd497436913ff468bc579e99a241041d75c18c9ff711f

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-aam-tid: VMoj1htwRnM=
date: Fri, 16 Dec 2022 17:17:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=86400
p3p: CP="This is not a P3P policy"
content-length: 1643
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 5 ms
pragma: no-cache
last-modified: Sat, 17 Dec 2022 17:17:46 GMT
server: jag
etag: 3588898436750213120-4619943647718809269
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
expires: Fri, 16 Dec 2022 17:17:46 GMT

GET
H2 204 1.gif
nexus.ensighten.com/privacy/v1/b/ 0
267 B 14ms
13ms Image
text/plain 13.224.189.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/privacy/v1/b/1.gif?n=1&c=822&i=4of5xn&p=public-ca-dev&d=N4IgbgpgTgzglgewHYgFwgIwDoAMuQA0IA5gIYAuEA7qQJ5ogBMW2GjAnISAMYA2cEJOQCSAEzQAORoyIAHAK4AjfjAAWABQqqGC5XG4BabqQOiIYLnCQxypJNwhiGAFgQAzAKwAPFHNLcAawhyNAwiAFsEMwYqVThKFRCibgQEAIEYNGAAXyIoCABHeQgbTNQAbVAzGysKRBR0VXJyWRhUAHp2gCsYA1JiQXIsJGp8-m4sFPD2pCgDDBxGADYscKssHq5yWlkIBhhuKDhZJJAbUigQ1AwlgHY2DAWlgGZnRjCQQXFru4en19utyIMAQ8igDgYVhg0HIACEIG4EPkuOdyPIyiBeAhSOI8hBSCDrGhygBdIhwb43e7vf5vDC5Kolci1ZnIBhNFptTqKUjhYZzUQUUjDYLtDDtbg4djsByiDy3ZwAflIAF52BgJB52B5nAAyGCqjC6sAqhbLLC3UiMS3PCC68gqgCqSCQvIgogApIwcAAVKB2A3cVlIXWwB3PZ7S0MIlUc1oddpUJNYciifI0KCiGCTBDTXWKCAqqRLXVuQsR5x60TcFXWpaMXWkNwq6BQAheVRtmxIAhQ3W7KDNj23WFexjMtZIYhj1DD0fSdwzql-HBLHA4W5LAhjpAznDb6RuGfemRj0S76Sob3PA+Mc8QY8SMJj7iP5-SGDH9jOW8OGfPKVbygAp-wWIDZBnW4PH3McoF2SCXlvUReAQ987zgY9NzQrNMMQs8H0vDhnlPaRq3-V4fzHFDLwrDxb14AjGFQCtbmHAARW9XTAOAyGDGc53Y9jdR6ZBZBVAA5AAlABRR0AFksGhcgfTSQQth2PZ0AOI4ThRWxLlCX4aVXAEt0+JBKSMx4TPVCRgVBcFNJAKEYXhRFkWBWw0QxLEcS4fICWQMpSXJSzqWsl5nE3bISWyIA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-105.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: aDzj1uCU_nE7xXxkTtMCd98A-1OiZxdPAGdugmJFf4D5_SDqNYiM0g==
expires: Fri, 16 Dec 2022 17:17:45 GMT

GET
H2 200 1 Show response
www.tdrewards.com/api/productManagement/catalog/ 71 KB
72 KB 348ms
347ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog/1?category_id=322&per_page=10

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

5b61f9a1ae1859df4439546f0e8e754cc202b77c021c1294986094a087391658

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046117 PNNy RT(1671211060200 5761) q(0 1 1 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 gift_seven.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 14 KB
14 KB 213ms
212ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_seven.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3790-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046122 PNNN RT(1671211060200 6195) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14224

GET
H3 200 tr
www.facebook.com/ Frame EE7B 0
18 B 21ms
7ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1539657062816299&ev=fy18projecteverests1tos26supp&noscript=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 16 Dec 2022 17:17:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 gift_nine.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 16 KB
16 KB 126ms
124ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_nine.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fe9-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046118 PNNN RT(1671211060200 6317) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 16361

GET
H2 200 gift_eight.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 126ms
125ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_eight.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"531c-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046120 PNNN RT(1671211060200 6319) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21276

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1016 B 233ms
233ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

d716df6275ca7dd4c440b1c45f016ad0ac20fc432c06e48e9a0102960336dae6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046121 PNNN RT(1671211060200 6321) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 gift_ten.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 124ms
124ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_ten.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"54d5-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046236 NNNY CT(108 219 0) RT(1671211060200 6329) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21717

GET
H2 200 gift_six.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 25 KB
26 KB 168ms
168ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_six.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:46 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"65c6-1845acd8810"
content-type: image/jpeg
x-iinfo: 4-374045107-374046077 PNNy RT(1671211060200 6331) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 26054

GET
H/1.1 200
OK cr-1555_25-_campaign_banner_small.jpeg
assets.tdrewards.com/img/ 36 KB
36 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1555_25-_campaign_banner_small.jpeg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1d04c53c3331b70ec43eece628290db07f5779c09f6720d231d2553a31d61c41

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 11 Jul 2022 15:58:16 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62cc4898-8f6a"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36714

GET
H/1.1 200
OK cr-1555_25-_campaign_banner_large.jpeg
assets.tdrewards.com/img/ 57 KB
57 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1555_25-_campaign_banner_large.jpeg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

a6e9a2da6922347db1b02062e0b31cd055e53ac9b7fb422d1232a5eae86167b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 11 Jul 2022 15:58:09 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62cc4891-e454"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 58452

GET
H/1.1 200
OK cr-1331_egift_card_banner_small_005.jpg
assets.tdrewards.com/img/ 87 KB
87 KB 105ms
102ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_small_005.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 19 Jul 2022 19:00:48 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62d6ff60-15b21"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88865

GET
H/1.1 200
OK cr-1331_egift_card_banner_large_006.jpg
assets.tdrewards.com/img/ 127 KB
128 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_large_006.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:46 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 19 Jul 2022 19:00:44 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62d6ff5c-1fddc"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 130524

GET
H2 200 1 Show response
www.tdrewards.com/api/productManagement/catalog/ 71 KB
71 KB 256ms
255ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog/1?category_id=322&per_page=10

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

5b61f9a1ae1859df4439546f0e8e754cc202b77c021c1294986094a087391658

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: NSeGhnVy820pceJQIlKNNXSNtVzjtCma9ab9WnFwsCTVCLwcq1nGjfQJ1bRqvlzwdKkaNQbkXhu2CuN0nmaJAyQ9Fp24EofAroYgzshyx0fYtuWvyh3NccZlEbI7o4ep
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Fri, 16 Dec 2022 17:17:47 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 4-374045107-374046236 PNNy RT(1671211060200 6570) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1 200
OK dreamnow_1024x342_006.png
assets.tdrewards.com/img/ 536 KB
537 KB 101ms
100ms Image
image/png 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/dreamnow_1024x342_006.png

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3672b1cc5644a316f8495ba58577a91203dd8028d99fed7efdec2ed2ba4f2f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:47 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 28 Nov 2022 19:51:33 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63851145-861f9"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 549369

GET
H/1.1 200
OK dreamnow_1400x467_006.png
assets.tdrewards.com/img/ 778 KB
0 102ms
101ms Image
image/png 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/dreamnow_1400x467_006.png

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Fri, 16 Dec 2022 17:17:47 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Mon, 28 Nov 2022 19:51:21 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63851139-f7424"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1012772

GET
H2 200 448c34a56d699c29117adc64c43affeb.woff2
www.tdrewards.com/ 18 KB
18 KB 122ms
121ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/448c34a56d699c29117adc64c43affeb.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 17:17:47 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"466c-1845acd8810"
content-type: font/woff2
x-iinfo: 4-374045107-374046077 PNNy RT(1671211060200 7557) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18028

Verdicts & Comments Add Verdict or Comment

111 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tdrewards.com/	1970-01-20 16:57:59	Name: visid_incap_2714874 Value: ZED/AgpQQX6trZpl0xTljzSonGMAAAAAQUIPAAAAAADJJitcYITHoJ6RcCN+CgU/
.tdrewards.com/	1969-12-31 23:59:59	Name: incap_ses_536_2714874 Value: YOoAb3OjkxN29nbL7EFwBzSonGMAAAAAX0pXHshJkDCKt71oGE6qpg==
.tdrewards.com/	1969-12-31 23:59:59	Name: at_check Value: true
.tdrewards.com/	1970-01-20 16:59:07	Name: TDB_ENSIGHTEN_PRIVACY_Personalization Value: 1
.tdrewards.com/	1970-01-20 16:59:07	Name: TDB_ENSIGHTEN_PRIVACY_ThirdParty Value: 1
.tdrewards.com/	1970-01-20 12:32:43	Name: privBan Value: 1
.demdex.net/	1970-01-20 12:32:43	Name: demdex Value: 16042748344710139910816157968285925462
.tdrewards.com/	1969-12-31 23:59:59	Name: AMCVS_A783776A5245B1E50A490D44%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 16:59:07	Name: everest_g_v2 Value: g_surferid~Y5yoNQAAAJRuFgOV
.dpm.demdex.net/	1970-01-20 12:32:43	Name: dpm Value: 16042748344710139910816157968285925462
.td.com/	1970-01-20 17:49:31	Name: s_ecid Value: MCMID%7C15944623694377022290806354600284657252
.tdrewards.com/	1970-01-20 17:49:31	Name: AMCV_A783776A5245B1E50A490D44%40AdobeOrg Value: 359503849%7CMCIDTS%7C19343%7CMCMID%7C15944623694377022290806354600284657252%7CMCAAMLH-1671815861%7C6%7CMCAAMB-1671815861%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1671218261s%7CNONE%7CMCSYNCSOP%7C411-19350%7CMCAID%7CNONE%7CvVersion%7C5.0.1
.tdrewards.com/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cc%3Dtrue%3B
.tdrewards.com/	1970-01-20 17:49:31	Name: mbox Value: session#49ef6ffa11a1432590c7c77d2e0fbb7b#1671212921\|PC#49ef6ffa11a1432590c7c77d2e0fbb7b.37_0#1734455862
.tdrewards.com/	1970-01-20 08:13:32	Name: mboxEdgeCluster Value: 37
.tdrewards.com/	1970-01-20 10:23:07	Name: _gcl_au Value: 1.1.1719451937.1671211062
.agkn.com/	1970-01-20 16:59:07	Name: ab Value: 0001%3AqG1FbbejyYkGl%2FEY4TE0PpgVzNbOAUm7
.mathtag.com/	1970-01-20 17:39:26	Name: uuid Value: 2355639c-a836-4000-bc82-1ac77fd76473
.tdrewards.com/	1970-01-20 12:32:43	Name: AAMC_td_0 Value: REGION%7C6
.tdrewards.com/	1970-01-20 08:56:43	Name: aam_uuid Value: 16042748344710139910816157968285925462
.tapad.com/	1970-01-20 09:39:55	Name: TapAd_TS Value: 1671211062498
.tapad.com/	1970-01-20 09:39:55	Name: TapAd_DID Value: 404ca5b9-b0d4-4780-a960-f1cddd431b25
.adnxs.com/	1970-01-20 10:23:07	Name: uuid2 Value: 2144386735652512233
.tapad.com/	1970-01-20 09:39:55	Name: TapAd_3WAY_SYNCS Value:
.tdrewards.com/	1970-01-20 08:13:51	Name: myNewName Value: GA1.2.587505718.1671211063
.bing.com/	1970-01-20 17:35:07	Name: MUID Value: 22FB5A534D9E6F2F1F34482F4C4C6EEE
.tdrewards.com/	1970-01-20 08:14:57	Name: myNewName_gid Value: GA1.2.882393232.1671211063
.tdrewards.com/	1970-01-20 08:14:57	Name: _uetsid Value: 8d19ce207d6511eda3e3df8f8985f7af
.tdrewards.com/	1970-01-20 17:35:07	Name: _uetvid Value: 8d1a0f307d6511edb2f6f9519dd178b5
.tdrewards.com/	1970-01-20 08:13:31	Name: _gat Value: 1
.doubleclick.net/	1970-01-20 17:35:07	Name: IDE Value: AHWqTUlFVwchFcyRqQNqaDNhTcFI0iUuo9B9amhgDW2DLWDEx97AF-0DefdksaqL
.twitter.com/	1970-01-20 17:49:31	Name: personalization_id Value: "v1_/Z5KJxl2xCuCKh8W0mCUlA=="
.everesttech.net/	1970-01-20 08:58:09	Name: ev_sync_ax Value: 20221216
.everesttech.net/	1969-12-31 23:59:59	Name: everest_session_v2 Value: Y5yoNwAAACAB@iDI
.quantserve.com/	1970-01-20 10:23:07	Name: d Value: EKQBDAHpJ7mvYA
.quantserve.com/	1970-01-20 17:43:45	Name: mc Value: 639ca837-96c41-69e90-104c7
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: a39bd1bad78ce5c9
.tribalfusion.com/	1970-01-20 10:23:07	Name: ANON_ID Value: aRnr6iPME7fQmKvCiHxhvXQOnVAMtCdZd5dybZccjc9jtAbkTZcK0iepSXpZba3PZat5AjZcfPe9HZb
.owneriq.net/	1970-01-20 17:49:31	Name: si Value: Q7244974642127699765
.owneriq.net/	1970-01-20 08:27:55	Name: p2 Value: adpq
.yahoo.com/	1970-01-20 16:59:28	Name: A3 Value: d=AQABBDionGMCEIHI8Lw8Pb5xEe_gBBy2N0s&S=AQAAAnzvMsRbZpzUwBFAm-I5c88
.everesttech.net/	1970-01-20 08:58:09	Name: ev_sync_yh Value: 20221216
.demdex.net/	1970-01-20 12:32:43	Name: dextp Value: 21-1-1671211061604\|269-1-1671211061708\|358-1-1671211061957\|481-1-1671211062244\|540-1-1671211062396\|601-1-1671211062497\|771-1-1671211062658\|1123-1-1671211062782\|1083-1-1671211063029\|1085-1-1671211063174\|1086-1-1671211063275\|1087-1-1671211063376\|1088-1-1671211063478\|1175-1-1671211063582\|1957-1-1671211063682\|19913-1-1671211063784\|22054-1-1671211063885\|22052-1-1671211063985\|30646-1-1671211064086\|575-1-1671211064187\|53196-1-1671211064288\|59982-1-1671211064392\|83349-1-1671211064494\|139200-1-1671211064594
.amazon-adsystem.com/	1970-01-20 12:57:11	Name: ad-id Value: Azwmj2tHuESPpDMXUV-k5uk
.amazon-adsystem.com/	1970-01-20 17:49:31	Name: ad-privacy Value: 0
.tdrewards.com/	1970-01-20 08:56:43	Name: s_pers Value: %20s_vnum%3D1671235200286%2526vn%253D1%7C1671235200286%3B%20s_invisit%3Dtrue%7C1671212866029%3B%20s_nr%3D1671211066030-New%7C1673803066030%3B

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	info	URL: https://www.tdrewards.com/home-page Message: Autofocus processing was blocked because a document already has a focused element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=157680000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aa.agkn.com
ad.doubleclick.net
ads.yahoo.com
analytics.twitter.com
assets.tdrewards.com
bam.nr-data.net
bat.bing.com
c.bing.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
dp2.33across.com
dpm.demdex.net
exchange.adstanding.com
fei.pro-market.net
googleads.g.doubleclick.net
ib.adnxs.com
js-agent.newrelic.com
ml314.com
nexus.ensighten.com
pixel.everesttech.net
pixel.tapad.com
px.owneriq.net
s.amazon-adsystem.com
s.tribalfusion.com
smetrics.td.com
stats.g.doubleclick.net
sync.mathtag.com
td.demdex.net
tdbankfinancialgroup.tt.omtrdc.net
tdrewards.com
token.rubiconproject.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.tdrewards.com
104.126.37.57
104.244.42.195
13.224.189.105
142.250.186.70
151.101.130.137
162.247.241.14
172.217.18.98
185.29.132.245
185.89.210.141
2001:4860:4802:32::178
209.15.211.147
212.82.100.182
23.64.53.65
2600:1901:0:8eee::
2606:4700::6812:19ad
2620:116:800d:21:b314:a0ef:ab7c:d546
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:400c:c0c::9a
2a00:1450:400d:803::2008
2a00:1450:400d:80a::2004
2a03:2880:f12d:83:face:b00c:0:25de
34.111.234.236
34.247.240.197
35.227.248.159
45.60.63.34
45.60.65.34
52.17.115.124
52.19.35.175
52.46.155.104
52.58.215.26
54.144.51.83
54.229.166.144
54.229.62.148
67.202.105.23
69.173.144.139
05e7eca628e253f77d6dfe9d3826c40cfc3c7996f5f667781d3c6ac70fa28477
0af858f61230109235441fb42c10f6a7f62d93d68e7ec6bb6987434190804f95
0b2a1aee7a62edd2f0edcadf59fd2e1c5635e5eb1c807b10e64c06176c9eb077
19ae9366cd6aaa5e80f6f8bc994ea7892f3fcb901adad7ec5f14031448459378
1aed12462e02785ef7c13f1f4b1701144326407304b304688fbbfb74306ee23f
1d04c53c3331b70ec43eece628290db07f5779c09f6720d231d2553a31d61c41
1de90302505bf3cdb1bfce7f2d1e76a850e3097030b79cd83e2c8a119e899aaa
1ee3580829b4ad14dbe2fde2b95d3d09b55ccf0ad889da6dbd08e834f91423f3
28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86
2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f
2cc1ef5977147adf1cc66d67806969c9054bd7c173251d6252c5dca1b410fa38
2d10816bada4d94734c1cb7e191ffb89ea7d9bb5c11b3e680f6b00c3a28d4e41
31b2b4e8652c068f6cc9ee41a97574bc0213f335cdc9f67866d937c57f71298d
33c49871aed72050c33aee471b4616a0a7667d922c9224e538ccfc93453f7222
3672b1cc5644a316f8495ba58577a91203dd8028d99fed7efdec2ed2ba4f2f74
3cfbef03a00a0aa1d0875b6c00191247d9d8d34ef217e4f67fd04e2c6809847e
3eeece242847bc14ae3c2e1fbec56a02dbe49db5510fa129cb368f86003aecc5
47c6c4dea26b27baa789f733e25f6d4a16eb4f934e29f1ee6592b79d1f055de3
4c33f1fb71018f42fd770d3807c3d7e2e91673009f09836d91f5f4f2f3b69264
4d98a339d404ef0fc1fc3666bb04ca11be02d78f20c3669b89e573fa00fcc89e
5095cb351730f9895a81e950e27b5c13fe807c476962a868dfedd6872bfc82d9
50d945bbc23e5f42ce8a32d42d66f09a23b1078a1e0a2dfba2b24e317d6f152e
55a20829735bc2ca9f7ca3e7088c8cb11ac5f389f687ad96be58668219279591
5773a64bc9e5e914a791508e1e0425d623e33c603c873eaf9635befeb481e9f6
5a74eb36ccfa1d78e1dc92b10d760e14019102c38d7898b8aadf4e80da1d70be
5b61f9a1ae1859df4439546f0e8e754cc202b77c021c1294986094a087391658
5d1fb3f76818632fb3d4b915c46a8e1f2e89844583bdb6d1e0a645330272af9e
63344635e2cd30b9059009786d43a57bd6072ee1471d2fdcf233d99ee82af7d1
63e2d3d8c8b331374641cd88069624bf2372081e5eedd0b9e508700884a78791
67563318f781475915e443fef24576ea64e5de5a80e7ab3fd6b967de15538dcc
7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4
7511e077b8adf40a78994438b3712550c3bbc9690a0ca892394cc4b3997beb32
75e85180c2a9643c4623623746360f6dca5c757d0f853de006802e42b501e8df
7a86f25494f15429e4ebdd529db7a7a55623997e2a3c61acdd3d707663460f76
7b57440c1ce348f67b72ab8c29db59eefe8cf632d7b412daef8aef8107413a7e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7db04c08ee3ef7837feefa559ef7c967238798e8a64b602ff9744517fc9e134b
7f8f92a1913474ebb54f27bb9a908eb8006c76665ed14ed7ebea958b661b4b7a
8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8adf7be5e4b8e09896eb13e9eaa409a3bcf7d35a096c858127816cd520d8b13f
8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
90cd70d00024cee69598c4bcc63bf619d50913912efef7b50ceb0517e564663b
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9bb290113881b91994ae244e3df71489624732667f677527b26c3ee5c8898421
9f8db6ef1be17ac93fdea87bdfc09edbf38cc50e223ecc740464a23239ece9d7
a01050f120544b659a5b01dd168b7416224587780616e22d71c1d223e7a6d92b
a43d5094859b468e5c3dd497436913ff468bc579e99a241041d75c18c9ff711f
a65ae7ea7446175a2aadb3fdba47f5c448a979c5d9173527aba2b394a5596d43
a6e9a2da6922347db1b02062e0b31cd055e53ac9b7fb422d1232a5eae86167b6
a84e80dc78008778ceb3315cb6c8e2e6901e76f6ff493d451840cfae7bbd4734
a95d35e211cde1cc8e0c02d0c7b05fcf663f032dd0379ff83e7001bc6ec5bafb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1915d051b57f75ca28faffb94ccc8a2ba8c4a0392ac643e6cf726c5d222eacc
b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b6a3f621cbe0613b7e3f8bf9fb97d7b050e474b7df5938b4b83d352ef981d36b
bc0116e3bfc1e7bf28307517d255ae989e6bc2c66df43bd205ba6a995ae5b8d7
bde0dcec69fee23a4d9549a2c5a935a8a831c8f8d5019576b7047ce5d7214064
be0899e62d77f69c23d9965bfcc65f01322ed964580bd0a21bd2de4e109af476
bf1c432d1b9d6704265e9ca42c19d7ab423ca037fd25a1d9f967a1c40c0b8f60
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2a538672423e56a2a9930fcc93346edca29b32f1feb54dcf78c78bdc28e312c
c34f2f3d998d9c7a232e402cbc3fe3e59faa2bbbab147225ff4191b01f78a661
c39cd074b33a0348246ff987044c7650533c69afc4727bac852f8e02722d6d67
c40b0b8b73b6b119800fdbdcb3446d2b8de94b8259ae69aba87bae0eebf1c971
c621bc6a6bad36dfda2c997262cda54e47ce1e6c896f462ac0a019edee2b2d13
c89295f4cf9f044cc628d03fcdfde1d1d4a9d9398f86d20167e1f9bd90ff571b
c949db8a881804095f57491f28de162edd214eee10db0b9fcb81ac9c9420d63b
cf9713dce30e2706c32d73c1c01ee5f247badeb362b07644238403854ca78612
d0b4a4e59c1938f8032dbc12fde5016f0570af32b3985ce4012a938ad8749972
d14b5d5c2f30ec857a112b6172fb36a229abf4caaa9d47d8a37b9599433a9005
d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6
d605ff8df2a87ad3ff1a11b287455b9f60e445b238924f8631c1dccd4cd0019b
d716df6275ca7dd4c440b1c45f016ad0ac20fc432c06e48e9a0102960336dae6
d85f142df5ec74b2573fd4eada3b6dd595cf714f0c59a4cf5d9156e6b25d68d9
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd3c6c055da2864775fed3323a89bb98de800da27959766a6d284b805038152b
e2f5114f1b78eea5212a2aa1a74bf3c57ed7c2e8c64b4881bf5bbb266c758f1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54d3f4ad5c3c66a747f2a7f62e7ca28abfd2db5c57b3ba53721ee02e7e11b29
e5972b51c080c109a5d0b7ab62b2db5c5db4670cb267e67521e6bef5b566de57
e71f5577df7460e1631ace4744da8fdbb09299575c741fa95c0a3d9aacddf501
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e927dcebecb2c550da9428ce3ef949d06bd75ec8116b3a9df83dc7ab63c1f04c
eb9dcd55b6dca690ba5f4f8f7e274e85f3e3bdb3db5890e3cd58af0cd5e455d4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1c9bdf1d9e98c3581f78b068e8dfbd00d6934c6f3077152a31564a94c431d75
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
fbae253b79262ebff57cdf4027ff963d3c68c8d16a32e5e677359783a47c2ce6
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

www.tdrewards.com Open in urlscan Pro 45.60.65.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

155 Requests

85 %HTTPS

32 %IPv6

30 Domains

40 Subdomains

25 IPs

7 Countries

8848 kBTransfer

12054 kBSize

46 Cookies

7 Outgoing links

Page URL History

Redirected requests

155 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tdrewards.com Open in urlscan Pro
45.60.65.34 Public Scan

Screenshot
Live screenshot

Full Image

155
Requests

85 %
HTTPS

32 %
IPv6

30
Domains

40
Subdomains

25
IPs

7
Countries

8848 kB
Transfer

12054 kB
Size

46
Cookies

155 HTTP transactions
0 data transactions