urlscan.io logo urlscan.io
SecurityTrails logo

www.tada.com Open in urlscan Pro
2600:9000:261f:4600:6:694f:d00:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://notexiststtteams.microsott.com/
Effective URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9...
Submission Tags: @phishunt_io
Submission: On September 09 via api from DE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 12 domains to perform 36 HTTP transactions. The main IP is 2600:9000:261f:4600:6:694f:d00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.tada.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on January 29th 2024. Valid for: a year.
This is the only time www.tada.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.247.81.50 206834 (TEAMINTER...)
1 2600:9000:220... 16509 (AMAZON-02)
1 34.224.229.32 14618 (AMAZON-AES)
1 1 34.201.78.126 14618 (AMAZON-AES)
4 66.165.243.160 29802 (HVC-AS)
4 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
8 2600:9000:261... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
7 2606:4700::68... 13335 (CLOUDFLAR...)
2 54.148.118.17 16509 (AMAZON-02)
2 2606:4700:440... 13335 (CLOUDFLAR...)
36 12
4    104.247.81.50 (Canada)

ASN206834 (TEAMINTERNET-CA-AS, DE)
notexiststtteams.microsott.com
1    2600:9000:2209:8000:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
1    34.224.229.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-229-32.compute-1.amazonaws.com
veles-swg.com
1    34.201.78.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-78-126.compute-1.amazonaws.com
menel-rvt.com
4    66.165.243.160 (Los Angeles, United States)

ASN29802 (HVC-AS, US)
PTR: 66-165-243-160.static.hvvc.us
r.redirekted.com
4    2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2607:f8b0:4006:80a::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    2600:9000:261f:4600:6:694f:d00:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.tada.com
1    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    54.148.118.17 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-118-17.us-west-2.compute.amazonaws.com
api.tada.com
2    2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
privacyportal.onetrust.com
Apex Domain
Subdomains		 Transfer
10 tada.com
www.tada.com
api.tada.com — Cisco Umbrella Rank: 209026
143 KB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 554
142 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
4 redirekted.com
r.redirekted.com
11 KB
4 microsott.com
notexiststtteams.microsott.com
3 KB
2 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 1019
privacyportal.onetrust.com — Cisco Umbrella Rank: 4226
492 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
3 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
93 KB
1 menel-rvt.com
menel-rvt.com
343 B
1 veles-swg.com
veles-swg.com
3 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
0 microsoft.com Failed
www.microsoft.com Failed
36 12
Domain Requested by
8 www.tada.com r.redirekted.com
www.tada.com
7 cdn.cookielaw.org www.tada.com
cdn.cookielaw.org
4 www.google-analytics.com r.redirekted.com
www.google-analytics.com
www.googletagmanager.com
4 r.redirekted.com veles-swg.com
r.redirekted.com
4 notexiststtteams.microsott.com d38psrni17bvxu.cloudfront.net
notexiststtteams.microsott.com
2 api.tada.com www.tada.com
1 privacyportal.onetrust.com cdn.cookielaw.org
1 geolocation.onetrust.com cdn.cookielaw.org
1 fonts.googleapis.com www.tada.com
1 www.googletagmanager.com www.google-analytics.com
1 menel-rvt.com 1 redirects
1 veles-swg.com notexiststtteams.microsott.com
1 d38psrni17bvxu.cloudfront.net notexiststtteams.microsott.com
0 www.microsoft.com Failed www.tada.com
36 14

This site contains no links.

Subject Issuer Validity Valid
notexiststtteams.microsott.com
R11		 2024-09-09 -
2024-12-08		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
zeropark.com
Amazon RSA 2048 M02		 2024-06-11 -
2025-07-09		 a year crt.sh
redirekted.com
E6		 2024-08-11 -
2024-11-09		 3 months crt.sh
*.google-analytics.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
tada.com
Amazon RSA 2048 M03		 2024-01-29 -
2025-02-25		 a year crt.sh
upload.video.google.com
WR2		 2024-08-12 -
2024-11-04		 3 months crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
geolocation.onetrust.com
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
onetrust.com
WE1		 2024-08-15 -
2024-11-13		 3 months crt.sh

This page contains 2 frames:

Frame: https://www.microsoft.com/en-us/
Frame ID: 6E22A011A19C1078803E80F595CCD01E
Requests: 30 HTTP requests in this frame

Frame: https://r.redirekted.com/go?e=DwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Frame ID: 0829F555CCBD414E263F9B5F1A60D6E3
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online Cash Back Shopping – Coupons & Promo Codes | Tada

Page URL History Show full URLs

  1. https://notexiststtteams.microsott.com/ Page URL
  2. http://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f... HTTP 307
    https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://menel-rvt.com/zclkredirect?visitid=eef676e1-6ef4-11ef-bcec-0affdd51026d&type=js&browserWid... HTTP 302
    https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815... Page URL
  4. https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

94 %
HTTPS

58 %
IPv6

12
Domains

14
Subdomains

12
IPs

2
Countries

420 kB
Transfer

1401 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://notexiststtteams.microsott.com/ Page URL
  2. http://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d HTTP 307
    https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d Page URL
  3. https://menel-rvt.com/zclkredirect?visitid=eef676e1-6ef4-11ef-bcec-0affdd51026d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7 Page URL
  4. https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d HTTP 307
  • https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
Request Chain 6
  • https://menel-rvt.com/zclkredirect?visitid=eef676e1-6ef4-11ef-bcec-0affdd51026d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
Request Chain 33
  • https://go.tada.com/g/shopredir?merchant=17725&drctLink=3&cmp=1200&cxid=17725&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF HTTP 302
  • https://www.microsoft.com/en-us/

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
notexiststtteams.microsott.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://notexiststtteams.microsott.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.50 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy nginx /
Resource Hash
1746b0833410bee16502fb07dedc7c991d4ab29cdb791eed13f61309d04f6c00

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 09 Sep 2024 21:46:13 GMT
host
{http.reverse_proxy.upstream.hostport}
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_bljTNzJqrmQqjkRmwacktwPH7LiJ1e44sn9457Vsw7Sc59vUSWnFM7TenVmSm7FWwW1KNazAHyZtOuyFRlDsoQ==
x-buckets
bucket011
x-domain
microsott.com
x-forwarded-host
notexiststtteams.microsott.com
x-language
english
x-redirect
zeropark_zeroclick
x-ssl-c
v1
x-ssl-proxy
v3
x-subdomain
notexiststtteams
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: notexiststtteams.microsott.com
URL: https://notexiststtteams.microsott.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:8000:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

Referer
https://notexiststtteams.microsott.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 09 Sep 2024 18:07:20 GMT
via
1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
EWR53-P1
age
13133
etag
"65fc1e7b-448"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1096
x-amz-cf-id
fl3s6u3exbX-noa_OxAlc65jaFRCwyNmvp9cFR38BaLSmnNiCiqR-g==
track.php
notexiststtteams.microsott.com/ 		0
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notexiststtteams.microsott.com/track.php?domain=microsott.com&toggle=browserjs&uid=MTcyNTkxODM3My4xNTEzOmY5MDI1ZDc2YTVkNjA5YTg0Mjc2NTZiM2QwOGU0MDA3MWFlNGNiMmVkZGYwNmY4MjMzZGEyZTk1YzVkYzc2YjI6NjZkZjZjYTUyNGYxOQ%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.50 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory
8
rtt
100
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://notexiststtteams.microsott.com/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 09 Sep 2024 21:46:15 GMT
content-encoding
gzip
x-ssl-proxy
v3
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
x-custom-track
browserjs
vary
Accept-Encoding
accept-ch-lifetime
30
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-forwarded-host
notexiststtteams.microsott.com
x-ssl-c
v1
alt-svc
h3=":8443"; ma=2592000
ls.php
notexiststtteams.microsott.com/ 		16 B
372 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notexiststtteams.microsott.com/ls.php?t=66df6ca5&token=fcb71d0cb864ff828caf98eb86deaa03c62c8659
Requested by
Host: notexiststtteams.microsott.com
URL: https://notexiststtteams.microsott.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.50 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

device-memory
8
rtt
100
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://notexiststtteams.microsott.com/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 09 Sep 2024 21:46:15 GMT
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_hXXfUd4/orRAp9/lfPTIAI3lLJV7L0U0nVnSiktTxnA04cK1+Z/6lQ6nDOZw6GJcfAZziRVtt1j7QxjObI0yxQ==
x-ssl-c
v1
alt-svc
h3=":8443"; ma=2592000
x-ssl-proxy
v3
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
access-control-max-age
86400
access-control-allow-methods
POST, OPTIONS
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
accept-ch-lifetime
30
charset
utf-8
x-forwarded-host
notexiststtteams.microsott.com
x-log-success
66df6ca79a7b8ed4fc0eff06
track.php
notexiststtteams.microsott.com/ 		0
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notexiststtteams.microsott.com/track.php?click=e0d2e35c7bd7c6e6455b4effa381c90394252062&domain=microsott.com&uid=MTcyNTkxODM3My4xNTEzOmY5MDI1ZDc2YTVkNjA5YTg0Mjc2NTZiM2QwOGU0MDA3MWFlNGNiMmVkZGYwNmY4MjMzZGEyZTk1YzVkYzc2YjI6NjZkZjZjYTUyNGYxOQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmRmNmNhNTI0ZTkyfHx8MTcyNTkxODM3My40MzMyfGQ0M2U5ZTE1MzE3OWJhMGVjZGY0YmZlNjExZTI2MGQ2ZjVhMzUyMjN8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmY2I3MWQwY2I4NjRmZjgyOGNhZjk4ZWI4NmRlYWEwM2M2MmM4NjU5fDB8fDB8MHx8fA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.50 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

device-memory
8
rtt
100
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width
1600
Referer
https://notexiststtteams.microsott.com/
dpr
1
downlink
10
ect
4g

Response headers

date
Mon, 09 Sep 2024 21:46:15 GMT
content-encoding
gzip
x-ssl-proxy
v3
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
host
{http.reverse_proxy.upstream.hostport}
server
Caddy, nginx
x-custom-track
none
vary
Accept-Encoding
accept-ch-lifetime
30
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
x-forwarded-host
notexiststtteams.microsott.com
x-ssl-c
v1
x-view-match
true
alt-svc
h3=":8443"; ma=2592000
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/
Redirect Chain
  • http://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
  • https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
Requested by
Host: notexiststtteams.microsott.com
URL: https://notexiststtteams.microsott.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.229.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-229-32.compute-1.amazonaws.com
Software
/
Resource Hash
e5a9435cc98d6983315a53fc17b9c524036acc945e3952307f28bd7f4a9a7ddc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://notexiststtteams.microsott.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Mon, 09 Sep 2024 21:46:15 GMT

Redirect headers

Location
https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
Non-Authoritative-Reason
HttpsUpgrades
redirect
r.redirekted.com/
Redirect Chain
  • https://menel-rvt.com/zclkredirect?visitid=eef676e1-6ef4-11ef-bcec-0affdd51026d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
824 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
Requested by
Host: veles-swg.com
URL: https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 / PHP/8.1.29
Resource Hash
8a60f40f3b1cd326b7cd8a7c055ecfbec6e5b5e8096b3c51980b14def3f71d61

Request headers

Referer
https://veles-swg.com/zclkvisitor/eef676e1-6ef4-11ef-bcec-0affdd51026d/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=ef1374c2-6ef4-11ef-bcec-0affdd51026d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 09 Sep 2024 21:46:16 GMT
Server
nginx/1.27.0
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.29

Redirect headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
date
Mon, 09 Sep 2024 21:46:16 GMT
location
https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
adren.css
r.redirekted.com/css/ 		243 B
479 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/css/adren.css?n=2333409301
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 /
Resource Hash
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

Request headers

Referer
https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 09 Sep 2024 21:46:16 GMT
Last-Modified
Sat, 03 Jul 2021 05:46:18 GMT
Server
nginx/1.27.0
ETag
"60dff9aa-f3"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
243
adren.min.js
r.redirekted.com/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/js/adren.min.js?n=2333409301
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 /
Resource Hash
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc

Request headers

Referer
https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 09 Sep 2024 21:46:16 GMT
Last-Modified
Fri, 05 Apr 2024 12:36:31 GMT
Server
nginx/1.27.0
ETag
"660ff04f-1d72"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7538
go
r.redirekted.com/ Frame 0829 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/go?e=DwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/js/adren.min.js?n=2333409301
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 / PHP/8.1.29
Resource Hash
c41a6cdf736866744aa881590d2be98861fa616bd80193e15c1f3cafffa7c79c

Request headers

Referer
https://r.redirekted.com/redirect?redirect_id=a8d3eb1bc97fbcbf5b1b06944885abf6&request_id=f30abe97815d5a03d68bf9af788a34e7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 09 Sep 2024 21:46:16 GMT
Server
nginx/1.27.0
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.29
analytics.js
www.google-analytics.com/ Frame 0829 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=DwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://r.redirekted.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 09 Sep 2024 20:06:04 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6013
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 09 Sep 2024 22:06:04 GMT
collect
www.google-analytics.com/j/ Frame 0829 		15 B
221 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1447534192&t=pageview&_s=1&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1533959172&gjid=663610965&cid=1863020439.1725918377&tid=UA-32454353-1&_gid=29923511.1725918377&_r=1&_slc=1&z=1201367633
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aecaaef58c084f476b6e0ecd861e2bc414484e202fdb0a0e8d92e2f0bb800c2e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://r.redirekted.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 09 Sep 2024 21:46:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://r.redirekted.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ Frame 0829 		35 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1447534192&t=pageview&_s=2&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1863020439.1725918377&tid=UA-32454353-1&_gid=29923511.1725918377&cd1=p3I8MJqyMT9lpUk8sUkmqKkyM2Ixo3WjsUk8sN%3D%3D&z=1335417626
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=DwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://r.redirekted.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Sep 2024 00:57:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
74935
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 0829 		264 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80a::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
488115ab0ff0fdfc8eb936824b166d3a2a841c676e97070b43b6081e328e761e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://r.redirekted.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 09 Sep 2024 21:46:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94909
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 09 Sep 2024 21:46:18 GMT
collect
www.google-analytics.com/g/ Frame 0829 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-TG55WX34R2&gtm=45je4940v9114755507za200&_p=1725918377332&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-us&sr=1600x1200&cid=1863020439.1725918377&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW&sid=1725918378&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1828
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://r.redirekted.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 09 Sep 2024 21:46:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://r.redirekted.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request cashback-redirect
www.tada.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=DwCaxHVbblF8MKq6fFW8VzsmEULeZ3W5j3p9kGs7xwBefGC5flB0Zzs2E3F9MaWvy3C5kGVbD3LeZKs9blB1cwXYkwLe4Gr7bvCdNzX7HaB8AaXx13pvZzsmqFBd4wXuy3CNuTslgvFefQLNImqwtRAYO0E7W2X9Zwqaf0rc0aLebRM7ZGLsqHr-ZTn8gQsYk3FvtxsyjUF8ElX7VmFtMHAbxRE55QMYImq4uJsXgFEeZ3WYImq4uzs2cFF9MaWs1UXefmXbpFB8IvXvcFWaxQsYgPCetlV80aq51wXytUL9AUs-DGL9cHAY9IF9gQpVy3C9gQA-tQn8IPrVkape8IVcZvF1tvW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
09d5423c906104c19902df8df91024ec9c03abde3cfd0296a517282ad6ba1c9a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://r.redirekted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store
content-encoding
br
content-security-policy
frame-ancestors 'self'
content-type
text/html
date
Mon, 09 Sep 2024 21:46:19 GMT
etag
W/"6a838b9d8e8dbe441020e87a2170c40a"
last-modified
Thu, 05 Sep 2024 17:18:42 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
x-amz-cf-id
wPtAQx5aWvu-k5lZ13n_ySykJCoKN5XNU4zeQTzWFNQLa7UXf9kDtw==
x-amz-cf-pop
JFK52-P3
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
x-amz-server-side-encryption
AES256
x-amz-version-id
null
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN
css
fonts.googleapis.com/ 		57 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:100,100i,300,300i,400,400i,500,500i,600,600i,700,700i&display=swap
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0ef3edd109457a00e4a88aed18706d7eb381a1c2e4e65966698c84b426217e7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 09 Sep 2024 21:46:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 09 Sep 2024 21:46:19 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/OtAutoBlock.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d79f865d7599f603c958443b1c13d1ff8e7937a2d9e8d21a65c1c9665f4e7fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
54349
content-md5
W/MP+E5swYBfMNWRmF4wRQ==
content-length
2205
x-ms-lease-status
unlocked
last-modified
Tue, 07 May 2024 22:19:33 GMT
server
cloudflare
etag
0x8DC6EE3C59DBA00
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f23b6fa5-601e-007d-71cc-a0dda1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ecdabd14399-EWR
expires
Tue, 10 Sep 2024 21:46:19 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
p+39a+/XEcZfNKybQjgXjA==
age
22227
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 05 Sep 2024 06:33:12 GMT
server
cloudflare
etag
0x8DCCD749DA8FD23
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
771b698c-901e-00ec-41c4-ff9bf3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ecdabd44399-EWR
trackjs-loader.js
www.tada.com/_r235-64857c0/js/shared/ 		421 B
1007 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/_r235-64857c0/js/shared/trackjs-loader.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e058f7e6a3a690919da9842feb68618197b2a381e2b4ae4c363620c2e7a604f4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 17:32:44 GMT
x-amz-version-id
null
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors 'self'
x-amz-cf-pop
JFK52-P3
age
360816
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
421
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:48 GMT
server
AmazonS3
etag
"860e044a46a8d2d1e13b4eeab9ed62be"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=36000000
accept-ranges
bytes
x-amz-cf-id
kT1MmwVpqSn6YaQisxLlgkXsK90eWWGNps3KKNcDzR970YEOqVQJiQ==
jquery.min.js
www.tada.com/_r235-64857c0/js/lib/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/_r235-64857c0/js/lib/jquery.min.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 17:23:14 GMT
x-amz-version-id
null
content-encoding
br
content-security-policy
frame-ancestors 'self'
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
361386
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:48 GMT
server
AmazonS3
etag
W/"eaec1712551cd2792f4607f39fab12e7"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=36000000
x-amz-cf-id
lNwIGHf3A2D5E07OZvFksZjcK0wyocEoGfL_z5p9_5br2gj6dyAKzA==
handlebars.runtime.min.js
www.tada.com/_r235-64857c0/js/lib/ 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/_r235-64857c0/js/lib/handlebars.runtime.min.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d6589f6bdff85d200fbc5f6e8d6569b65aa0e768981fed5a7451542aad3be5f5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 17:20:42 GMT
x-amz-version-id
null
content-encoding
br
content-security-policy
frame-ancestors 'self'
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
361538
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:48 GMT
server
AmazonS3
etag
W/"79bc9590d0c5e8260a56af316524f057"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=36000000
x-amz-cf-id
EQDXv4dlLcE14dXiTp2GO2DThep4SBWd_2gf2avCndH3OmMIf0k0VQ==
cashbackRedirect.js
www.tada.com/_r235-64857c0/js/ 		83 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/_r235-64857c0/js/cashbackRedirect.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f79b94082a66ff1628dea234cd7338c0feec15d3370dbe4bd137c278d5c1bd3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 17:24:47 GMT
x-amz-version-id
null
content-encoding
br
content-security-policy
frame-ancestors 'self'
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
361293
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:47 GMT
server
AmazonS3
etag
W/"063c32d71ae38643795b0d6cac526c95"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=36000000
x-amz-cf-id
EnGeka6RabpNBoNoSHrlExhbxTyirlGuDlPEEiWKDOA3KS9W3ZQsNQ==
accessibility-widget.compiled.js
www.tada.com/_r235-64857c0/js/lib/ 		240 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/_r235-64857c0/js/lib/accessibility-widget.compiled.js
Requested by
Host: www.tada.com
URL: https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2f94f8f0f9858a756db4267a516f8698c20fe11d97ae621848f6c5321f6789b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 05 Sep 2024 17:20:42 GMT
x-amz-version-id
null
content-encoding
br
content-security-policy
frame-ancestors 'self'
via
1.1 8fc65419aa2ed286fa0e10813748c49a.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
361538
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:48 GMT
server
AmazonS3
etag
W/"29ff4c511e6bf250748dee48bf82b47d"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public,max-age=36000000
x-amz-cf-id
ZUKtrpyVya2oODz5jNLycWjfgcJK5SmHM4I1WgC19U-A-t4zwicZdw==
b03dbc2e-64c4-4440-bac7-f34d399b3f14.json
cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/b03dbc2e-64c4-4440-bac7-f34d399b3f14.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c68658aaf2884a525afc64fd7ff095a7a4f4cdcc6a1aec2d05364edc8def87ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
55243
content-md5
Yv82m2kDWs6+DutX1JXgYg==
content-length
1695
x-ms-lease-status
unlocked
last-modified
Tue, 07 May 2024 22:19:32 GMT
server
cloudflare
etag
0x8DC6EE3C577E806
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
a1b2f98d-301e-008b-52cc-a0fab7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ecefac51885-EWR
expires
Tue, 10 Sep 2024 21:46:19 GMT
/
api.tada.com/ 		718 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.tada.com/?cmd=mp-gn-member-status
Requested by
Host: www.tada.com
URL: https://www.tada.com/_r235-64857c0/js/lib/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.118.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-118-17.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b440a0a7196a3994cba5f90989933ccc20d1db5de0137b637b992288afed489a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' ;
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 09 Sep 2024 21:46:19 GMT
content-security-policy
frame-ancestors 'self' ;
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, PUT, DELETE
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.tada.com
content-type
application/json
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
718
favicon.svg
www.tada.com/ 		2 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/favicon.svg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aefc511309111c82c943bbe8703c1bdf35437809a296ad3c5b82749d8d375d28
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self'
date
Thu, 05 Sep 2024 17:29:15 GMT
content-encoding
br
x-amz-version-id
null
via
1.1 92d8afc92e3597d245b2f6480cd44220.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK52-P3
age
361025
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:43 GMT
server
AmazonS3
etag
W/"cee388b61b06083914510313b2e0ba7d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public,max-age=36000000
x-amz-cf-id
KwfQlSx3_C6kqugsE2yoTHYg6UAYZaMfTHYlNXBaXPgppJDuke2Yog==
favicon.png
www.tada.com/ 		682 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.tada.com/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:261f:4600:6:694f:d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b7eb1463e598906884d86f2f91b3175a77fdb087a73d1c2dad3d48429084eac
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tada.com/cashback-redirect?merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self'
date
Thu, 05 Sep 2024 17:20:44 GMT
via
1.1 92d8afc92e3597d245b2f6480cd44220.cloudfront.net (CloudFront)
x-amz-version-id
null
x-amz-cf-pop
JFK52-P3
age
361536
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
682
x-amz-expiration
expiry-date="Tue, 05 Nov 2024 00:00:00 GMT", rule-id="prdg-prod-use1-tadasitebkt-01 expiration in 60 days"
last-modified
Thu, 05 Sep 2024 17:18:43 GMT
server
AmazonS3
etag
"fd34aeef7cf48a580374534d192a0beb"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
public,max-age=36000000
accept-ranges
bytes
x-amz-cf-id
3PrbRsOjovgwLqBAYrQdJAf5uw3Hega5dbvhBmF_ZbWKBBRR923Y7w==
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		69 B
305 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 09 Sep 2024 21:46:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8c0a5ecff87e4cb4-PHL
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202404.1.0/ 		448 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05c58c759cab8d50d5e7f9d3b2faedcc0dd45fa3fb50899a224363a1dea93605
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
OwLk2N0IZ0eq8ykUTltEhw==
age
63142
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
111077
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 21:54:14 GMT
server
cloudflare
etag
0x8DCA5E1D524AD71
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
4785b082-901e-0046-71cb-d74d1c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ed07ee24399-EWR
en.json
cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/018f4133-da96-7a69-a688-a756660d2b19/ 		48 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/b03dbc2e-64c4-4440-bac7-f34d399b3f14/018f4133-da96-7a69-a688-a756660d2b19/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db55a8ba49f17f3df3ec69ee4565e89e7e9a10c6679d594227e362acc547381f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61883
content-md5
SkU7fIgU6cGh22TJraeh4w==
content-length
14103
x-ms-lease-status
unlocked
last-modified
Tue, 07 May 2024 22:19:38 GMT
server
cloudflare
etag
0x8DC6EE3C90E920A
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5547299d-301e-0021-3acc-a02c58000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ed0ec641885-EWR
expires
Tue, 10 Sep 2024 21:46:19 GMT
otFloatingRoundedCorner.json
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/otFloatingRoundedCorner.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3260db446188242293e04a658411e44c6175108bc5d8b7e7676e8786d4f0501
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
l9ZxjQQaMDkmwPkwstOGDA==
age
61883
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2627
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 21:54:08 GMT
server
cloudflare
etag
0x8DCA5E1D1DBF2E7
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
75716fd7-101e-00b2-41ea-d768f0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8c0a5ed16cc21885-EWR
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202404.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202404.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 09 Sep 2024 21:46:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
4ErYmXXFNbMLrnc9DrDTsg==
age
60626
x-ms-lease-status
unlocked
last-modified
Tue, 16 Jul 2024 21:54:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
aab22781-301e-0100-50fe-d7d5df000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8c0a5ed19cea1885-EWR
/
api.tada.com/ 		171 B
889 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.tada.com/?cmd=mp-sh-cashback-redirect&merchant=17725&cmp=1200&cxid=17725&page=286&category=0&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
Requested by
Host: www.tada.com
URL: https://www.tada.com/_r235-64857c0/js/lib/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.148.118.17 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-118-17.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
b1d89cb0d76fb157164e3b2ab1b1509acd9f593f2805b19ee85bbcbe8dab3971
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' ;
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 09 Sep 2024 21:46:20 GMT
content-security-policy
frame-ancestors 'self' ;
server
nginx
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, PUT, DELETE
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://www.tada.com
content-type
application/json
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
content-length
171
/
www.microsoft.com/en-us/
Redirect Chain
  • https://go.tada.com/g/shopredir?merchant=17725&drctLink=3&cmp=1200&cxid=17725&aff_sid=Ns7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF
  • https://www.microsoft.com/en-us/
0
0
consentreceipts
privacyportal.onetrust.com/request/v1/ 		0
187 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://privacyportal.onetrust.com/request/v1/consentreceipts
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202404.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.tada.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 09 Sep 2024 21:46:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin
*
cf-ray
8c0a5ed478371927-EWR
content-length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.microsoft.com
URL
https://www.microsoft.com/en-us/

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| OptanonWrapper function| $ function| jQuery object| __core-js_shared__ object| Handlebars object| myPoints string| key string| url number| qs function| onMPExtensionPresent function| addOnMPExtensionPresentCallback function| wrapTmpl object| authToken number| minPasswordLength number| maxPasswordLength function| addEventListenerForSeeMoreButton function| addCollapse function| getParamsFromUrl function| removeParameterFromUrl function| getCurrentPageUrl function| getHeaderAndMainContentHeight string| supportURL string| loginURL string| paypalURL string| link function| getURLParameter function| getAmpOrQuestion function| withAmpOrQuestion function| storeToLocalStorage function| loadFromLocalStorage function| getCookie function| storeRegParams function| setCookie function| extractRegParams function| debounce function| initViewportDetection function| initViewportSizeObserver function| identifyViewportSize function| toggleUrlHash object| siteConfig string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust object| params

12 Cookies

Domain/Path Name / Value
r.redirekted.com/ Name: uuid
Value: 1382583468324530944
.redirekted.com/ Name: _ga
Value: GA1.2.1863020439.1725918377
.redirekted.com/ Name: _gid
Value: GA1.2.29923511.1725918377
.redirekted.com/ Name: _gat
Value: 1
.redirekted.com/ Name: _ga_TG55WX34R2
Value: GS1.2.1725918378.1.1.1725918378.0.0.0
.tada.com/ Name: proson
Value: 8fA9gGbfbKs
api.tada.com/ Name: AWSALB
Value: EdWiKrNJzq8sHpXSvBi7hztf87cxkgJS+A++++/hNQxgOBpH6En0BshArqMrnBy9LM8J42qauHX3+UUJPgbMoqxJ/olH+9rDWXYyUHzGMqnoGsmbjGyi+D6WYjEm
api.tada.com/ Name: AWSALBCORS
Value: EdWiKrNJzq8sHpXSvBi7hztf87cxkgJS+A++++/hNQxgOBpH6En0BshArqMrnBy9LM8J42qauHX3+UUJPgbMoqxJ/olH+9rDWXYyUHzGMqnoGsmbjGyi+D6WYjEm
.tada.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+Sep+09+2024+11%3A46%3A20+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=202404.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=74d25e46-0308-4b96-89c4-619f735cf4ea&interactionCount=1&isAnonUser=1&landingPath=https%3A%2F%2Fwww.tada.com%2Fcashback-redirect%3Fmerchant%3D17725%26cmp%3D1200%26cxid%3D17725%26page%3D286%26category%3D0%26aff_sid%3DNs7DQM9gHraAQX9fQA-t2FmV2VsgaC9q0ZctHF8IPpu5KWjETsvuxL-qKFtEQF&groups=C0001%3A1%2CC0003%3A1%2CBG114%3A1%2CC0002%3A1%2CC0004%3A1
go.tada.com/ Name: AWSALB
Value: B8SYpQl+Asno5z3lu/OUVbGso/EM/uKs2XmF30wbIWLH/Dr0Lxc/jUp3KjPv1JgStavQqBLyvgZHpkXFlNrRP3h+dPN/LaXgX/HzHQI/HKLfwlOZtSrlKBv0/0wp
go.tada.com/ Name: AWSALBCORS
Value: B8SYpQl+Asno5z3lu/OUVbGso/EM/uKs2XmF30wbIWLH/Dr0Lxc/jUp3KjPv1JgStavQqBLyvgZHpkXFlNrRP3h+dPN/LaXgX/HzHQI/HKLfwlOZtSrlKBv0/0wp
.tada.com/ Name: __urqc
Value: 2e40b782-b596-46f5-84b2-2e44b794b740

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.tada.com
cdn.cookielaw.org
d38psrni17bvxu.cloudfront.net
fonts.googleapis.com
geolocation.onetrust.com
menel-rvt.com
notexiststtteams.microsott.com
privacyportal.onetrust.com
r.redirekted.com
veles-swg.com
www.google-analytics.com
www.googletagmanager.com
www.microsoft.com
www.tada.com
www.microsoft.com
104.247.81.50
2600:9000:2209:8000:1d:4618:5c80:21
2600:9000:261f:4600:6:694f:d00:93a1
2606:4700:4400::6812:2089
2606:4700::6812:572a
2607:f8b0:4006:80a::2008
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::200e
34.201.78.126
34.224.229.32
54.148.118.17
66.165.243.160
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
05c58c759cab8d50d5e7f9d3b2faedcc0dd45fa3fb50899a224363a1dea93605
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
09d5423c906104c19902df8df91024ec9c03abde3cfd0296a517282ad6ba1c9a
0ef3edd109457a00e4a88aed18706d7eb381a1c2e4e65966698c84b426217e7e
1746b0833410bee16502fb07dedc7c991d4ab29cdb791eed13f61309d04f6c00
2d79f865d7599f603c958443b1c13d1ff8e7937a2d9e8d21a65c1c9665f4e7fd
488115ab0ff0fdfc8eb936824b166d3a2a841c676e97070b43b6081e328e761e
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
6b7eb1463e598906884d86f2f91b3175a77fdb087a73d1c2dad3d48429084eac
6f79b94082a66ff1628dea234cd7338c0feec15d3370dbe4bd137c278d5c1bd3
746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc
8a60f40f3b1cd326b7cd8a7c055ecfbec6e5b5e8096b3c51980b14def3f71d61
aecaaef58c084f476b6e0ecd861e2bc414484e202fdb0a0e8d92e2f0bb800c2e
aefc511309111c82c943bbe8703c1bdf35437809a296ad3c5b82749d8d375d28
b1d89cb0d76fb157164e3b2ab1b1509acd9f593f2805b19ee85bbcbe8dab3971
b440a0a7196a3994cba5f90989933ccc20d1db5de0137b637b992288afed489a
c2f94f8f0f9858a756db4267a516f8698c20fe11d97ae621848f6c5321f6789b
c41a6cdf736866744aa881590d2be98861fa616bd80193e15c1f3cafffa7c79c
c68658aaf2884a525afc64fd7ff095a7a4f4cdcc6a1aec2d05364edc8def87ef
d6589f6bdff85d200fbc5f6e8d6569b65aa0e768981fed5a7451542aad3be5f5
db55a8ba49f17f3df3ec69ee4565e89e7e9a10c6679d594227e362acc547381f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e058f7e6a3a690919da9842feb68618197b2a381e2b4ae4c363620c2e7a604f4
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777
e3260db446188242293e04a658411e44c6175108bc5d8b7e7676e8786d4f0501
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5a9435cc98d6983315a53fc17b9c524036acc945e3952307f28bd7f4a9a7ddc