www.rtr.myrewardsaccess.com Open in urlscan Pro
159.127.185.246 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.rtr.myrewardsaccess.com/
Submission: On March 24 via manual (March 24th 2022, 8:11:12 pm UTC) from US — Scanned from DE

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 7 countries across 19 domains to perform 33 HTTP transactions. The main IP is 159.127.185.246, located in United States and belongs to EPSILON-INTERACTIVE, US. The main domain is www.rtr.myrewardsaccess.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 5th 2020. Valid for: 2 years.

This is the only time www.rtr.myrewardsaccess.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	159.127.185.246 159.127.185.246	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
1	52.143.247.24 52.143.247.24	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS)
7	52.16.213.80 52.16.213.80	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.36.218.177 13.36.218.177	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 3	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2 2	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7 7	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	104.102.29.65 104.102.29.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1 2	18.206.111.226 18.206.111.226	14618 (AMAZON-AES) (AMAZON-AES)
33	15

10 159.127.185.246 (United States)

ASN19137 (EPSILON-INTERACTIVE, US)

www.rtr.myrewardsaccess.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.143.247.24 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

us1-htp.tokenex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.232.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.16.213.80 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
usbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.36.218.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

smetrics.usbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.88.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.33.220.150 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.66.49 (United States) 7 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.29.65 (Milan, Italy) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.45 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.206.111.226 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-206-111-226.compute-1.amazonaws.com

mid.rkdms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	myrewardsaccess.com www.rtr.myrewardsaccess.com	981 KB
8	everesttech.net 8 redirects cm.everesttech.net — Cisco Umbrella Rank: 878 sync-tm.everesttech.net — Cisco Umbrella Rank: 490	1 KB
7	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 184 usbank.demdex.net — Cisco Umbrella Rank: 16782	10 KB
3	doubleclick.net 2 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 176	1 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 515	67 KB
2	rkdms.com 1 redirects mid.rkdms.com — Cisco Umbrella Rank: 945	71 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 480	1 KB
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 293	936 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 281	802 B
2	usbank.com smetrics.usbank.com — Cisco Umbrella Rank: 27133	738 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 774	550 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 323	274 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 289	239 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 193	539 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	165 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	2 KB
1	tokenex.com us1-htp.tokenex.com — Cisco Umbrella Rank: 385885	4 KB
33	19

	Domain	Requested by
10	www.rtr.myrewardsaccess.com	www.rtr.myrewardsaccess.com
7	sync-tm.everesttech.net	7 redirects
6	dpm.demdex.net	www.rtr.myrewardsaccess.com
3	cm.g.doubleclick.net	2 redirects
3	assets.adobedtm.com	www.rtr.myrewardsaccess.com
2	mid.rkdms.com	1 redirects
2	sync.search.spotxchange.com	1 redirects
2	ib.adnxs.com	1 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	match.adsrvr.org	2 redirects
2	idsync.rlcdn.com	2 redirects
2	smetrics.usbank.com	www.rtr.myrewardsaccess.com
1	image2.pubmatic.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	c.bing.com	1 redirects
1	analytics.twitter.com
1	cm.everesttech.net	1 redirects
1	usbank.demdex.net	www.rtr.myrewardsaccess.com
1	cdnjs.cloudflare.com	www.rtr.myrewardsaccess.com
1	us1-htp.tokenex.com	www.rtr.myrewardsaccess.com
33	21

This site contains no links.

Subject Issuer	Validity	Valid
rtr.myrewardsaccess.com Entrust Certification Authority - L1K	`2020-03-05` - `2022-05-05`	2 years	crt.sh
api.tokenex.com Go Daddy Secure Certificate Authority - G2	`2022-01-12` - `2023-02-13`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
smetrics.usbank.com Entrust Certification Authority - L1K	`2021-04-20` - `2022-04-29`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.rtr.myrewardsaccess.com/
Frame ID: 115839222BBF2F92B22B540EEF340EBE
Requests: 19 HTTP requests in this frame

Frame: https://usbank.demdex.net/dest5.html?d_nsid=0
Frame ID: A77D33D5EDE43440CC8AA0626789D7EA
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RTMR Info

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

<div class="[^"]*aem-Grid
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

61 %
HTTPS

10 %
IPv6

19
Domains

21
Subdomains

15
IPs

7
Countries

1068 kB
Transfer

1207 kB
Size

27
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://cm.everesttech.net/cm/dd?d_uuid=01837062340435150632070531795305935381 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjzQXAAAAJzKqwP0

Request Chain 18

https://idsync.rlcdn.com/365868.gif?partner_uid=01837062340435150632070531795305935381 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODEQABoNCNyg85EGEgUI6AcQAEIASgA HTTP 307
https://dpm.demdex.net/ibs:dpid=477&dpuuid=e58448151ee680d4d87a7d3678d9a0ac89071a1bbdc534ee5a3842cde1a5d771b0da87c991749652

Request Chain 20

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODE= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODE=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO40m3HFfF7VDWC9_jQT6Zs&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 22

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=48016a34-a37f-4f74-bfd2-648415591612

Request Chain 23

https://c.bing.com/c.gif?uid=01837062340435150632070531795305935381&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=154D8EEF06556B7314339F9E07876A9E

Request Chain 24

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWp6UVhBQUFBSnpLcXdQMA==

Request Chain 25

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YjzQXAAAAJzKqwP0&expires=90

Request Chain 26

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0&C=1

Request Chain 27

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=YjzQXAAAAJzKqwP0 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYjzQXAAAAJzKqwP0

Request Chain 28

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YjzQXAAAAJzKqwP0

Request Chain 29

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YjzQXAAAAJzKqwP0

Request Chain 30

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1&__user_check__=1&sync_id=8bd7cf57-abae-11ec-9154-1fe3cd8f0206

Request Chain 31

https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=01837062340435150632070531795305935381&_ct=img HTTP 302
https://mid.rkdms.com/restricted

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.rtr.myrewardsaccess.com/ 17 KB
18 KB 1503ms
194ms Document
text/html 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

4b727bcc4b70203df12cddcf8a07e4f7969ec582aa0b23d47b62cfe582a16f03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 24 Mar 2022 20:11:06 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
X-XSS-Protection: 1; mode=block
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=utf-8

GET
H/1.1 200
OK jquery.min.ACSHASH772fb04d4ce536dfb06c17e789ad4dbd.js Show response
www.rtr.myrewardsaccess.com/etc.clientlibs/clientlibs/granite/ 111 KB
111 KB 131ms
131ms Script
application/javascript 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/clientlibs/granite/jquery.min.ACSHASH772fb04d4ce536dfb06c17e789ad4dbd.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

b397476bcbcf8c9eae3f82007cc4f9495661b367e02e6d3dea6e15f0610ef20a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Apr 2021 05:04:37 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
ETag: "1baa2-5c0889daed293"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 113314
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js Show response
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 31 KB
32 KB 132ms
131ms Script
application/javascript 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

d7f511e3805e04f170e96129e65913e72b237486b6bdd97996b644bd752d064d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Apr 2021 05:04:37 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
ETag: "7c38-5c0889dad7301"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 31800
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-dependencies.min.ACSHASHd41d8cd98f00b204e9800998ecf8427e.css
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 0
438 B 392ms
131ms Stylesheet
text/css 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASHd41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Apr 2021 05:04:37 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=utf-8
ETag: "0-5c0889daf343b"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-base.min.ACSHASHb3533c7b23f86126c1d14f55067c73f1.css
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 386 KB
386 KB 393ms
131ms Stylesheet
text/css 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-base.min.ACSHASHb3533c7b23f86126c1d14f55067c73f1.css

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

16f43950ba56f1f5e2323b3112f9644a1ed32de5be522a09ed1ed0d00d099676

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 14 Feb 2022 06:51:53 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=utf-8
ETag: "606c5-5d7f4da049fb0"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 394949
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-rtr-external-enrollment.min.ACSHASHea0ae23afe62a43ce207db5d35737eaf.css
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 10 KB
10 KB 394ms
132ms Stylesheet
text/css 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-rtr-external-enrollment.min.ACSHASHea0ae23afe62a43ce207db5d35737eaf.css

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

913065be4c203a3c44943d1f7bf468fe5bc0e4811db16d898ed81b7885b4b020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Apr 2021 05:32:49 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=utf-8
ETag: "268e-5c089028f7350"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9870
X-XSS-Protection: 1; mode=block

GET
H2 200 Iframe-v3.min.js Show response
us1-htp.tokenex.com/Iframe/ 15 KB
4 KB 514ms
124ms Script
application/javascript 52.143.247.24
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://us1-htp.tokenex.com/Iframe/Iframe-v3.min.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.143.247.24 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

21c848048b8d6f27df63cda1c6c0b3990d9bec2a6e2117685994755f7752b8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 22:17:01 GMT
etag: "802ceeba9535d81:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
date: Thu, 24 Mar 2022 20:11:06 GMT
accept-ranges: bytes
content-length: 4029
x-xss-protection: 1; mode=block

GET
H2 200 launch-77fc7a10e6bb.min.js Show response
assets.adobedtm.com/4152a7ef60f6/e9a9b01fb8ce/ 167 KB
53 KB 374ms
20ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4152a7ef60f6/e9a9b01fb8ce/launch-77fc7a10e6bb.min.js
Requested by: Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 10912400498b1756a7e4f0fa3946b2bb20a1758222ffbe077061616ac0058be2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 20:11:07 GMT
content-encoding: gzip
last-modified: Fri, 11 Mar 2022 00:09:45 GMT
server: AkamaiNetStorage
etag: "5db6d005f170aba13320de76372f0894:1646957385.202956"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.rtr.myrewardsaccess.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 53601
expires: Thu, 24 Mar 2022 21:11:07 GMT

GET
H/1.1 200
OK redeem_grey_156x251.png
www.rtr.myrewardsaccess.com/content/dam/usbankrewards/rtmr-external-enrollment/ 6 KB
6 KB 135ms
135ms Image
image/png 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rtr.myrewardsaccess.com/content/dam/usbankrewards/rtmr-external-enrollment/redeem_grey_156x251.png

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

3644a34a49b39f8f21243626f5b44871f0e70fcef52b4dd2b0e8db54d21fb2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Thu, 22 Apr 2021 05:32:49 GMT
Server: Apache
ETag: "169d-5c0890290de9a"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Date: Thu, 24 Mar 2022 20:11:07 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 5789
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-base.min.ACSHASH2590968f50a6ff47bde6e4425232a056.js Show response
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 413 KB
413 KB 132ms
131ms Script
application/javascript 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-base.min.ACSHASH2590968f50a6ff47bde6e4425232a056.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

9e524277729856c774949a2d57e0fea064553de4e858bdb64750e398aab0e344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Nov 2021 08:01:42 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
ETag: "673a6-5d0cf38241f63"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 422822
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-rtr-external-enrollment.min.ACSHASHdaf945ef67a304a31379f9fe10600fb0.js Show response
www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/ 3 KB
4 KB 131ms
131ms Script
application/javascript 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-rtr-external-enrollment.min.ACSHASHdaf945ef67a304a31379f9fe10600fb0.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

edf1cf600a1a6ec06ae0a30406b0ec6e2623ab1bfc2fecdf3e2d1dbfec2bbb0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Nov 2021 11:09:18 GMT
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
ETag: "da3-5d0d1d718373b"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3491
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK token.json Show response
www.rtr.myrewardsaccess.com/libs/granite/csrf/ 2 B
426 B 135ms
135ms XHR
application/json 159.127.185.246
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rtr.myrewardsaccess.com/libs/granite/csrf/token.json

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.185.246 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Apache /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Server: Apache
Date: Thu, 24 Mar 2022 20:11:07 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: application/json;charset=iso-8859-1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 2
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 3 KB
2 KB 144ms
46ms XHR
application/json 52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=675616D751E567410A490D4C%40AdobeOrg&d_nsid=0&ts=1648152668114

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d6d9a8d12c49171c598bc14a0c5bd0de7a0c9734bf2f6a49343d76b0150dbfce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.rtr.myrewardsaccess.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v030-080d1cadb.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: bYN0dODgSH4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.rtr.myrewardsaccess.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1151
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 33 KB
12 KB 19ms
19ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Requested by: Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 20:11:08 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.rtr.myrewardsaccess.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12184
expires: Thu, 24 Mar 2022 21:11:08 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 3 KB
2 KB 20ms
20ms Script
application/x-javascript 2.18.232.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 20:11:08 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
etag: "5dedcda2c8a6c3a51fd419d306427010:1597270192.857753"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.rtr.myrewardsaccess.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Thu, 24 Mar 2022 21:11:08 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 46ms
19ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 20:11:08 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 603228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1046
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dB2ymSn1iflhmNaudTWoyFE0MCZLbnYfTH4KGTnYaR4t7%2FkLMF%2FpuKsh4ewb10RE0CrMFPkYPZXb38cF9xVVrl3hhbafq6EUEm%2F4WwAAV9aoQOhzKJG%2FG1iJCv5nRVM1MIqV7cJ189u%2F4TMSc8V%2BMDhC"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f120de01e5a2373-ZRH
expires: Tue, 14 Mar 2023 20:11:08 GMT

GET
H/1.1 200
OK dest5.html Show response
usbank.demdex.net/ Frame A77D 7 KB
3 KB 401ms
31ms Document
text/html 52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://usbank.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Thu, 24 Mar 2022 20:11:08 GMT
DCS: dcs-prod-irl1-1-v030-07884c322.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Tue, 15 Mar 2022 12:08:41 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: lD1bzyZDSS4=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
smetrics.usbank.com/ 48 B
516 B 350ms
15ms XHR
application/x-javascript 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.usbank.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=675616D751E567410A490D4C%40AdobeOrg&mid=02074936883128909912076594848469251277&ts=1648152668270

Requested by

Host: www.rtr.myrewardsaccess.com
URL: https://www.rtr.myrewardsaccess.com/etc.clientlibs/usbankrewards/clientlibs/clientlib-dependencies.min.ACSHASH03188ce372c21ce305b464a85218c012.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

904dc7e85437d0f3a3d5345c82648adb3465c5b26e798ef48172ebcebe20a2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.rtr.myrewardsaccess.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 24 Mar 2022 20:11:08 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7f6b754cd4-lsk4v
vary: Origin
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.rtr.myrewardsaccess.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YjzQXAAAAJzKqwP0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=01837062340435150632070531795305935381
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjzQXAAAAJzKqwP0

42 B
945 B

32ms
32ms

Image
image/gif

52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjzQXAAAAJzKqwP0

Protocol

HTTP/1.1

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-091762659.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: MbSBTjlDQ4U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YjzQXAAAAJzKqwP0
Date: Thu, 24 Mar 2022 20:11:08 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

ibs:dpid=477&dpuuid=e58448151ee680d4d87a7d3678d9a0ac89071a1bbdc534ee5a3842cde1a5d771b0da87c991749652
dpm.demdex.net/ Frame A77D
Redirect Chain

https://idsync.rlcdn.com/365868.gif?partner_uid=01837062340435150632070531795305935381
https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODEQABoNCNyg85EGEgUI6AcQAEIASgA
https://dpm.demdex.net/ibs:dpid=477&dpuuid=e58448151ee680d4d87a7d3678d9a0ac89071a1bbdc534ee5a3842cde1a5d771b0da87c991749652

42 B
945 B

33ms
32ms

Image
image/gif

52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=477&dpuuid=e58448151ee680d4d87a7d3678d9a0ac89071a1bbdc534ee5a3842cde1a5d771b0da87c991749652

Protocol

HTTP/1.1

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-073504118.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: n8L+rhyIQWg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Thu, 24 Mar 2022 20:11:08 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dpm.demdex.net/ibs:dpid=477&dpuuid=e58448151ee680d4d87a7d3678d9a0ac89071a1bbdc534ee5a3842cde1a5d771b0da87c991749652
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H2 200 s63455897372527
smetrics.usbank.com/b/ss/usbankdev/1/JS-2.22.0-LBWB/ 43 B
222 B 16ms
15ms Image
image/gif 13.36.218.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.usbank.com/b/ss/usbankdev/1/JS-2.22.0-LBWB/s63455897372527?AQB=1&ndh=1&pf=1&t=24%2F2%2F2022%2020%3A11%3A8%204%200&mid=02074936883128909912076594848469251277&aamlh=6&ce=UTF-8&pageName=usb%3Arewards%3Ainformation%3Artmr%20info%3Artmr%20info&g=https%3A%2F%2Fwww.rtr.myrewardsaccess.com%2F&c.&vidAPICheck=VisitorAPI%20Present&et_dimensions=1600x1200&et_width=1600&et_orientation=landscape&EVENTS=event17%2Cevent15%2C&.c&cc=USD&events=event17%2Cevent15&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=information&c2=rtmr%20info&c3=D%3Dv3&v3=New&c4=3%3A00PM&c6=Thursday&c7=3%2F24%2F2022&v9=prospect&c14=D%3Dg&c18=First%20Visit&c19=1&c24=undefined&c25=D%3Dc24&c29=https%3A%2F%2Fwww.rtr.myrewardsaccess.com%2F&v35=D%3DpageName&v37=D%3DUser-Agent&c40=rewards&v40=D%3Dc2&c50=am_2.22.0%7C04.12.2021%7Cvid_5.2.0%20Launch&c67=desktop&v90=D%3Dg&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=675616D751E567410A490D4C%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-36-218-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.rtr.myrewardsaccess.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 20:11:08 GMT
x-content-type-options: nosniff
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 25 Mar 2022 20:11:08 GMT
server: jag
xserver: anedge-7f6b754cd4-l6zks
etag: 3539380904502657024-4619815711427732113
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 23 Mar 2022 20:11:08 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEO40m3HFfF7VDWC9_jQT6Zs&google_cver=1
dpm.demdex.net/ Frame A77D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODE=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MDE4MzcwNjIzNDA0MzUxNTA2MzIwNzA1MzE3OTUzMDU5MzUzODE=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO40m3HFfF7VDWC9_jQT6Zs&google_cver=1?gdpr=0&gdpr_consent=

42 B
945 B

41ms
41ms

Image
image/gif

52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO40m3HFfF7VDWC9_jQT6Zs&google_cver=1?gdpr=0&gdpr_consent=

Protocol

HTTP/1.1

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-07afd4256.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: XMY87FiEQw4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEO40m3HFfF7VDWC9_jQT6Zs&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 adsct
analytics.twitter.com/i/ Frame A77D 0
165 B 143ms
120ms Image
text/plain 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=01837062340435150632070531795305935381&p_id=38594

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 113
date: Thu, 24 Mar 2022 20:11:08 UTC
cache-control: no-cache, no-store, max-age=0
server: tsa_o
x-connection-hash: 463223ed076aaf2e3275769859801ba7ecae89d5cdf0c34640f9b1af7f806d9a
content-length: 0
strict-transport-security: max-age=631138519

GET
H/1.1

200
OK

ibs:dpid=903&dpuuid=48016a34-a37f-4f74-bfd2-648415591612
dpm.demdex.net/ Frame A77D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&ttd_tpi=1
https://dpm.demdex.net/ibs:dpid=903&dpuuid=48016a34-a37f-4f74-bfd2-648415591612

42 B
945 B

34ms
34ms

Image
image/gif

52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=903&dpuuid=48016a34-a37f-4f74-bfd2-648415591612

Protocol

HTTP/1.1

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0f4cfb59d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 3negvqzwRw4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dpm.demdex.net/ibs:dpid=903&dpuuid=48016a34-a37f-4f74-bfd2-648415591612
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 189

GET
H/1.1

200
OK

ibs:dpid=1957&dpuuid=154D8EEF06556B7314339F9E07876A9E
dpm.demdex.net/ Frame A77D
Redirect Chain

https://c.bing.com/c.gif?uid=01837062340435150632070531795305935381&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=154D8EEF06556B7314339F9E07876A9E

42 B
945 B

46ms
33ms

Image
image/gif

52.16.213.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=154D8EEF06556B7314339F9E07876A9E

Protocol

HTTP/1.1

Server

52.16.213.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-213-80.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v030-0a4647972.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Re/XBoK1ROg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ADAB7EF3CFA5435C9A124D3AC98005FD Ref B: FRAEDGE1220 Ref C: 2022-03-24T20:11:09Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=154D8EEF06556B7314339F9E07876A9E
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWp6UVhBQUFBSnpLcXdQMA==

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWp6UVhBQUFBSnpLcXdQMA==

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648152669.252036,VS0,VE0
x-served-by: cache-hhn4078-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWp6UVhBQUFBSnpLcXdQMA==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YjzQXAAAAJzKqwP0&expires=90

0
239 B

30ms
8ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YjzQXAAAAJzKqwP0&expires=90
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648152669.319818,VS0,VE0
x-served-by: cache-hhn4078-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YjzQXAAAAJzKqwP0&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0&C=1

43 B
1003 B

1260ms
1260ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0&C=1
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Mar 2022 20:11:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 24 Mar 2022 20:11:10 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 24 Mar 2022 20:11:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YjzQXAAAAJzKqwP0&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 279
Expires: Thu, 24 Mar 2022 20:11:09 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=YjzQXAAAAJzKqwP0
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYjzQXAAAAJzKqwP0

43 B
1 KB

7ms
6ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYjzQXAAAAJzKqwP0

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 24 Mar 2022 20:11:09 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 81c2413e-564e-4867-a266-a4ac2e260a3e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 24 Mar 2022 20:11:09 GMT
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: c5ed4f2d-4d53-45e1-8ae2-0d5d3edbbc90
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYjzQXAAAAJzKqwP0
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YjzQXAAAAJzKqwP0

43 B
274 B

34ms
18ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YjzQXAAAAJzKqwP0
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
via: 1.1 google
server: OXGW/17.2.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648152670.622847,VS0,VE0
x-served-by: cache-hhn4078-HHN
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YjzQXAAAAJzKqwP0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YjzQXAAAAJzKqwP0

1 B
550 B

429ms
14ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YjzQXAAAAJzKqwP0
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 14:26:26 GMT
cache-control: no-store, no-cache, private
x-lat: amspug0026:0:410
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 24 Mar 2022 20:11:09 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648152670.731473,VS0,VE0
x-served-by: cache-hhn4078-HHN
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YjzQXAAAAJzKqwP0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame A77D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1&__user_check__=1&sync_id=8bd7cf57-abae-11ec-9154-1fe3cd8f0206

43 B
548 B

16ms
16ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1&__user_check__=1&sync_id=8bd7cf57-abae-11ec-9154-1fe3cd8f0206
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 24 Mar 2022 20:11:10 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 40
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Thu, 24 Mar 2022 20:11:10 GMT
Server: nginx
Location: /partner?adv_id=6409&uid=YjzQXAAAAJzKqwP0&img=1&__user_check__=1&sync_id=8bd7cf57-abae-11ec-9154-1fe3cd8f0206
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 23
Connection: keep-alive
Content-Length: 0

GET
H2

200

restricted
mid.rkdms.com/ Frame A77D
Redirect Chain

https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=01837062340435150632070531795305935381&_ct=img
https://mid.rkdms.com/restricted

0
0

98ms
98ms

Image
text/html

18.206.111.226
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mid.rkdms.com/restricted
Protocol: H2
Server: 18.206.111.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-206-111-226.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usbank.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

location: /restricted
date: Thu, 24 Mar 2022 20:11:10 GMT
server: nginx
content-length: 0

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.rtr.myrewardsaccess.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: node01of34r2yq5z7pq1652hgnxtpu234775.node0
www.rtr.myrewardsaccess.com/	1969-12-31 23:59:59	Name: BIGipServerUSBK-rtr.myrewardsaccess.com Value: !3Ymz52JsJIOmfz4kYtZpDyMn7IpGbu5P1XuWgvENDqfPE++sfX8wSnIH6MPcNHXMA5KZnm6XH0s52MoF3vXqhgahMerjaD5jigI0+pR3
.demdex.net/	1970-01-20 06:08:24	Name: demdex Value: 01837062340435150632070531795305935381
.myrewardsaccess.com/	1969-12-31 23:59:59	Name: AMCVS_675616D751E567410A490D4C%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 10:34:48	Name: everest_g_v2 Value: g_surferid~YjzQXAAAAJzKqwP0
.dpm.demdex.net/	1970-01-20 06:08:24	Name: dpm Value: 01837062340435150632070531795305935381
.myrewardsaccess.com/	1970-01-20 19:21:51	Name: AMCV_675616D751E567410A490D4C%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19076%7CMCMID%7C02074936883128909912076594848469251277%7CMCAAMLH-1648757468%7C6%7CMCAAMB-1648757468%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1648159868s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19083%7CvVersion%7C5.2.0
.rlcdn.com/	1970-01-20 10:34:48	Name: rlas3 Value: qNAxfHgNyyrItayp7helxPJxwxQTnA6Mj4vEBqXVXl8=
.rlcdn.com/	1970-01-20 03:15:36	Name: pxrc Value: CNyg85EGEgUI6AcQABIGCPHrARAA
.myrewardsaccess.com/	1970-01-22 01:49:12	Name: s_pers Value: %20s_lv%3D1648152668793%7C1742760668793%3B%20s_lv_s%3DFirst%2520Visit%7C1648154468793%3B%20s_nr%3D1648152668795-New%7C1820952668795%3B%20s_vnum%3D1820952668796%2526vn%253D1%7C1820952668796%3B%20s_invisit%3Dtrue%7C1648154468796%3B%20sc_visit_start%3D1%7C1648154468798%3B%20s_visitStart%3D1%7C1648154468800%3B%20s_prevPage%3Dusb%253Arewards%253Ainformation%253Artmr%2520info%253Artmr%2520info%7C1648154468801%3B
.myrewardsaccess.com/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cc%3Dtrue%3B
.doubleclick.net/	1970-01-20 11:10:48	Name: IDE Value: AHWqTUnkYVVq196fvvpJzLPdIqaMI1dIdnMKvA9OLIBF3dE3kiMAuGAuh_sMGjQdz58
.adsrvr.org/	1970-01-20 10:34:48	Name: TDID Value: 48016a34-a37f-4f74-bfd2-648415591612
.adsrvr.org/	1970-01-20 10:34:48	Name: TDCPM Value: CAESEgoDYWFtEgsIyNzf_I73xjoQBRgFIAEoAjILCIjDuqml98Y6EAU4AQ..
.bing.com/	1970-01-20 11:10:48	Name: MUID Value: 154D8EEF06556B7314339F9E07876A9E
.adnxs.com/	1970-01-20 03:58:48	Name: uuid2 Value: 7207047085849920060
.adnxs.com/	1970-01-20 03:58:48	Name: anj Value: dTM7k!M4.FErk#WF']wIg2GVRn6YFg!]tbPl1MwL(!R7qUY$c@JGN+(=v6$VB>G$n(dXKu<ca9RFMZ9bmtwgM/]vGiOb0ZXpClDYw?IEBnq=!?1@Nk+TiR
.casalemedia.com/	1970-01-20 10:34:48	Name: CMID Value: YjzQXSDLSN5enZUjv4vw8gAA
.casalemedia.com/	1970-01-20 03:58:48	Name: CMPS Value: 5198
.demdex.net/	1970-01-20 06:08:24	Name: dextp Value: 60-1-1648152668690\|771-1-1648152668810\|1123-1-1648152668911\|903-1-1648152669012\|1957-1-1648152669113\|144230-1-1648152669214\|144231-1-1648152669315\|144232-1-1648152669416\|144233-1-1648152669517\|144234-1-1648152669618\|144235-1-1648152669719\|144236-1-1648152669820\|129099-1-1648152669921
.spotxchange.com/	1970-01-20 10:34:52	Name: audience Value: 8bd7cf14-abae-11ec-9154-1fe3cd8f0206
.pubmatic.com/	1970-01-20 03:58:48	Name: KRTBCOOKIE_218 Value: 4056-YjzQXAAAAJzKqwP0&KRTB&22978-YjzQXAAAAJzKqwP0&KRTB&23194-YjzQXAAAAJzKqwP0&KRTB&23209-YjzQXAAAAJzKqwP0
.pubmatic.com/	1970-01-20 02:32:24	Name: PugT Value: 1648131986
.pubmatic.com/	1970-01-20 03:58:48	Name: PUBMDCID Value: 3
.casalemedia.com/	1970-01-20 03:58:48	Name: CMPRO Value: 1186
.casalemedia.com/	1970-01-20 10:34:48	Name: CMRUM3 Value: 58623cd05e2760YjzQXAAAAJzKqwP0
.casalemedia.com/	1970-01-20 01:50:39	Name: CMST Value: YjzQXmI80F4A

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://analytics.twitter.com/i/adsct?p_user_id=01837062340435150632070531795305935381&p_id=38594 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
assets.adobedtm.com
c.bing.com
cdnjs.cloudflare.com
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
dsum-sec.casalemedia.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
match.adsrvr.org
mid.rkdms.com
pixel.rubiconproject.com
smetrics.usbank.com
sync-tm.everesttech.net
sync.search.spotxchange.com
us-u.openx.net
us1-htp.tokenex.com
usbank.demdex.net
www.rtr.myrewardsaccess.com
104.102.29.65
104.244.42.67
13.36.218.177
142.250.185.98
151.101.66.49
159.127.185.246
18.206.111.226
185.64.189.110
185.94.180.126
2.18.232.23
2606:4700::6810:135e
2620:1ec:c11::200
3.33.220.150
35.244.159.8
35.244.174.68
37.252.172.45
52.143.247.24
52.16.213.80
52.51.88.158
69.173.144.165
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10912400498b1756a7e4f0fa3946b2bb20a1758222ffbe077061616ac0058be2
16f43950ba56f1f5e2323b3112f9644a1ed32de5be522a09ed1ed0d00d099676
21c848048b8d6f27df63cda1c6c0b3990d9bec2a6e2117685994755f7752b8b5
3644a34a49b39f8f21243626f5b44871f0e70fcef52b4dd2b0e8db54d21fb2f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b727bcc4b70203df12cddcf8a07e4f7969ec582aa0b23d47b62cfe582a16f03
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
904dc7e85437d0f3a3d5345c82648adb3465c5b26e798ef48172ebcebe20a2c3
913065be4c203a3c44943d1f7bf468fe5bc0e4811db16d898ed81b7885b4b020
9e524277729856c774949a2d57e0fea064553de4e858bdb64750e398aab0e344
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b397476bcbcf8c9eae3f82007cc4f9495661b367e02e6d3dea6e15f0610ef20a
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
d6d9a8d12c49171c598bc14a0c5bd0de7a0c9734bf2f6a49343d76b0150dbfce
d7f511e3805e04f170e96129e65913e72b237486b6bdd97996b644bd752d064d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
edf1cf600a1a6ec06ae0a30406b0ec6e2623ab1bfc2fecdf3e2d1dbfec2bbb0d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.rtr.myrewardsaccess.com Open in urlscan Pro 159.127.185.246 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

33 Requests

61 %HTTPS

10 %IPv6

19 Domains

21 Subdomains

15 IPs

7 Countries

1068 kBTransfer

1207 kBSize

27 Cookies

0 Outgoing links

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

www.rtr.myrewardsaccess.com Open in urlscan Pro
159.127.185.246 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

61 %
HTTPS

10 %
IPv6

19
Domains

21
Subdomains

15
IPs

7
Countries

1068 kB
Transfer

1207 kB
Size

27
Cookies

33 HTTP transactions
0 data transactions