www.tdrewards.com Open in urlscan Pro
45.60.65.34 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dajior.com/TDRewards.com/TDRewards/Login/index.php?customersvcs=1673534835?idlogin=968f514d12cf1de5b221e7be...
Effective URL:
https://www.tdrewards.com/home-page
Submission: On January 12 via manual (January 12th 2023, 2:49:12 pm UTC) from US — Scanned from DE

Summary HTTP 174 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 29 IPs in 6 countries across 33 domains to perform 174 HTTP transactions. The main IP is 45.60.65.34, located in United States and belongs to INCAPSULA, US. The main domain is www.tdrewards.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q4 on December 13th 2022. Valid for: 6 months.

This is the only time www.tdrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	134.209.32.136 134.209.32.136	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
43	45.60.65.34 45.60.65.34	19551 (INCAPSULA) (INCAPSULA)
10	65.9.66.34 65.9.66.34	16509 (AMAZON-02) (AMAZON-02)
2 16	52.50.136.59 52.50.136.59	16509 (AMAZON-02) (AMAZON-02)
23	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	52.213.249.147 52.213.249.147	16509 (AMAZON-02) (AMAZON-02)
3	23.36.162.82 23.36.162.82	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8 8	46.137.71.247 46.137.71.247	16509 (AMAZON-02) (AMAZON-02)
1	54.154.10.83 54.154.10.83	16509 (AMAZON-02) (AMAZON-02)
1 9	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1 10	2a00:1450:400... 2a00:1450:400d:806::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1 1	54.78.245.184 54.78.245.184	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	67.202.105.21 67.202.105.21	32748 (STEADFAST) (STEADFAST)
7 7	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
6 12	52.208.6.207 52.208.6.207	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:400d:807::200e	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.251.208.134 142.251.208.134	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:402... 2a00:1450:4025:401::9d	15169 (GOOGLE) (GOOGLE)
1 1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
5 10	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2 2	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:400d:808::2002	15169 (GOOGLE) (GOOGLE)
1 1	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
2 3	23.44.78.119 23.44.78.119	16625 (AKAMAI-AS) (AKAMAI-AS)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1 1	52.5.150.215 52.5.150.215	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1288:f03... 2a00:1288:f03d:1fa::2000	10310 (YAHOO-1) (YAHOO-1)
2 3	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
8	209.15.211.147 209.15.211.147	13768 (COGECO-PEER1) (COGECO-PEER1)
174	29

1 134.209.32.136 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: dajior.com

dajior.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 45.60.65.34 (United States)

ASN19551 (INCAPSULA, US)

www.tdrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 65.9.66.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-34.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.50.136.59 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.249.147 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-249-147.eu-west-1.compute.amazonaws.com

td.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.36.162.82 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-82.deploy.static.akamaitechnologies.com

smetrics.td.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 46.137.71.247 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-46-137-71-247.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.10.83 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-10-83.eu-west-1.compute.amazonaws.com

tdbankfinancialgroup.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:400d:806::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.245.184 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.53 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.21 (United States)

ASN32748 (STEADFAST, US)
PTR: ip21.67-202-105.static.steadfastdns.net

dp2.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.162 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.208.6.207 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:807::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.208.134 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s42-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4025:401::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.102 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

6835781.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6868519.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5322602.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5967600.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10393945.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:808::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.234.236 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland) 1 redirects

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8eee:: (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.44.78.119 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-44-78-119.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.150.215 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-150-215.compute-1.amazonaws.com

exchange.adstanding.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::2000 (United Kingdom)

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.54.182.161 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 209.15.211.147 (Toronto, Canada)

ASN13768 (COGECO-PEER1, CA)
PTR: news.updatefrom.com

assets.tdrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	tdrewards.com www.tdrewards.com assets.tdrewards.com	6 MB
28	doubleclick.net 13 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 cm.g.doubleclick.net — Cisco Umbrella Rank: 215 ad.doubleclick.net — Cisco Umbrella Rank: 196 stats.g.doubleclick.net — Cisco Umbrella Rank: 75 6835781.fls.doubleclick.net 6868519.fls.doubleclick.net — Cisco Umbrella Rank: 652188 5322602.fls.doubleclick.net — Cisco Umbrella Rank: 602367 5967600.fls.doubleclick.net 10393945.fls.doubleclick.net	15 KB
23	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	1 MB
20	everesttech.net 14 redirects cm.everesttech.net — Cisco Umbrella Rank: 962 pixel.everesttech.net — Cisco Umbrella Rank: 4272	9 KB
17	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 204 td.demdex.net — Cisco Umbrella Rank: 41161	19 KB
15	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 74	2 KB
10	google.de www.google.de — Cisco Umbrella Rank: 5880	1 KB
10	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2822	142 KB
5	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	319 B
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	22 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 362 c.bing.com — Cisco Umbrella Rank: 253	12 KB
3	amazon-adsystem.com 2 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 291	2 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 867	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 150	91 KB
3	td.com smetrics.td.com — Cisco Umbrella Rank: 40639	5 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 173	18 KB
2	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 803 ads.yahoo.com — Cisco Umbrella Rank: 2352	874 B
2	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 705 s.tribalfusion.com — Cisco Umbrella Rank: 1799	937 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 426	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 211	2 KB
1	adstanding.com 1 redirects exchange.adstanding.com — Cisco Umbrella Rank: 141520	169 B
1	pro-market.net 1 redirects fei.pro-market.net — Cisco Umbrella Rank: 2236	323 B
1	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 1662	343 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 210	620 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 311	9 KB
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 627	489 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 609	396 B
1	33across.com dp2.33across.com — Cisco Umbrella Rank: 9824	69 B
1	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 572	214 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 453	683 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 458	479 B
1	omtrdc.net tdbankfinancialgroup.tt.omtrdc.net — Cisco Umbrella Rank: 83471	728 B
1	dajior.com 1 redirects dajior.com	309 B
174	33

	Domain	Requested by
43	www.tdrewards.com	www.tdrewards.com nexus.ensighten.com
23	www.googletagmanager.com	nexus.ensighten.com
16	dpm.demdex.net	2 redirects www.tdrewards.com
12	pixel.everesttech.net	6 redirects www.tdrewards.com
10	www.google.de	www.tdrewards.com 5967600.fls.doubleclick.net
10	www.google.com	1 redirects www.tdrewards.com
10	nexus.ensighten.com	www.tdrewards.com nexus.ensighten.com
9	googleads.g.doubleclick.net	1 redirects nexus.ensighten.com
8	assets.tdrewards.com	www.tdrewards.com
8	cm.everesttech.net	8 redirects
7	cm.g.doubleclick.net	7 redirects
5	adservice.google.com	5322602.fls.doubleclick.net 6868519.fls.doubleclick.net 6835781.fls.doubleclick.net 5967600.fls.doubleclick.net 10393945.fls.doubleclick.net
5	www.facebook.com	6835781.fls.doubleclick.net
5	www.google-analytics.com	nexus.ensighten.com www.tdrewards.com
3	s.amazon-adsystem.com	2 redirects
3	px.owneriq.net	2 redirects
3	connect.facebook.net	6835781.fls.doubleclick.net connect.facebook.net
3	bat.bing.com	nexus.ensighten.com www.tdrewards.com
3	smetrics.td.com	www.tdrewards.com nexus.ensighten.com
2	www.googleadservices.com	5967600.fls.doubleclick.net www.googleadservices.com
2	10393945.fls.doubleclick.net	1 redirects 6835781.fls.doubleclick.net
2	5967600.fls.doubleclick.net	1 redirects 6835781.fls.doubleclick.net
2	5322602.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	6868519.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	6835781.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	pixel.tapad.com	2 redirects
2	ib.adnxs.com	2 redirects
1	ads.yahoo.com
1	exchange.adstanding.com	1 redirects
1	fei.pro-market.net	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	ml314.com	1 redirects
1	s.tribalfusion.com	1 redirects
1	a.tribalfusion.com	1 redirects
1	c.bing.com	1 redirects
1	bam.nr-data.net	nexus.ensighten.com
1	js-agent.newrelic.com	nexus.ensighten.com
1	cms.quantserve.com	1 redirects
1	stats.g.doubleclick.net	www.tdrewards.com
1	ad.doubleclick.net	nexus.ensighten.com
1	analytics.twitter.com	www.tdrewards.com
1	dp2.33across.com	www.tdrewards.com
1	token.rubiconproject.com	www.tdrewards.com
1	sync.mathtag.com	1 redirects
1	aa.agkn.com	1 redirects
1	tdbankfinancialgroup.tt.omtrdc.net	www.tdrewards.com
1	td.demdex.net	nexus.ensighten.com
1	dajior.com	1 redirects
174	48

This site contains links to these domains. Also see Links.

Domain
www.expediafortd.com
www.amazon.ca
www.td.com
www.tdcanadatrust.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-13` - `2023-06-11`	6 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
smetrics.td.com Entrust Certification Authority - L1M	`2022-10-12` - `2023-10-12`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-30`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-10-21` - `2023-01-19`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
assets.tdrewards.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-24` - `2023-08-24`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.tdrewards.com/home-page
Frame ID: 69E61160FB502401A2710360DF0BE638
Requests: 128 HTTP requests in this frame

Frame: https://td.demdex.net/dest5.html?d_nsid=0
Frame ID: 4D18424BA0963B355170F4F7F63EF7C3
Requests: 27 HTTP requests in this frame

Frame: https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page
Frame ID: 46A95F66E05E7AAB267660521C25032D
Requests: 8 HTTP requests in this frame

Frame: https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page
Frame ID: E3C1ED90085AD8D757BB905AACFAD8FF
Requests: 2 HTTP requests in this frame

Frame: https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page
Frame ID: 002AAF8E6AF837108E4AA1BC50608748
Requests: 2 HTTP requests in this frame

Frame: https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047
Frame ID: 03559405A9D5D85B5D6A507B1CA62719
Requests: 5 HTTP requests in this frame

Frame: https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148
Frame ID: DE54D509539F4CD7CE46C11E3DFCCA24
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TD RewardsTD Rewards

Page URL History Show full URLs

https://dajior.com/TDRewards.com/TDRewards/Login/index.php?customersvcs=1673534835?idlogin=968f... HTTP 302
https://www.tdrewards.com/home-page Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

174
Requests

86 %
HTTPS

33 %
IPv6

33
Domains

48
Subdomains

29
IPs

6
Countries

7649 kB
Transfer

10504 kB
Size

47
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.expediafortd.com/lp/b/open-luxury-stays?langid=4105&MDPCID=TD_Bank-CA.RotatingBanner.LuxuryStays.Hotels
Title: Learn more

Search URL Search Domain Scan URL

URL: https://www.amazon.ca/b?language=en_CA&node=21423340011
Title: Amazon.ca Shop with Points

Search URL Search Domain Scan URL

URL: https://www.td.com/about-tdbfg/our-business/index.jsp
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.td.com/privacy-and-security/privacy-and-security/index.jsp
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://www.td.com/to-our-customers/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.tdcanadatrust.com/products-services/banking/index-banking.jsp
Title: TD Canada Trust

Search URL Search Domain Scan URL

URL: https://www.tdcanadatrust.com/customer-service/accessibility/accessibility-at-td/index.jsp
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dajior.com/TDRewards.com/TDRewards/Login/index.php?customersvcs=1673534835?idlogin=968f514d12cf1de5b221e7bef7f5e4d7 HTTP 302
https://www.tdrewards.com/home-page Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132

Request Chain 17

https://cm.everesttech.net/cm/dd?d_uuid=88484331934685110744066752816994157124 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y8Ad4AAAAKjWmgN-

Request Chain 54

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=88484331934685110744066752816994157124 HTTP 302
https://dpm.demdex.net/ibs:dpid=21&dpuuid=219393204394002309241

Request Chain 62

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=88484331934685110744066752816994157124&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d88484331934685110744066752816994157124 HTTP 302
https://dpm.demdex.net/ibs:dpid=269&dpuuid=e6e163c0-1de1-4a00-9db1-9215665a9ab6&ddsuuid=88484331934685110744066752816994157124

Request Chain 65

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
https://dpm.demdex.net/ibs:dpid=358&dpuuid=936770671825961972

Request Chain 67

https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=88484331934685110744066752816994157124 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=88484331934685110744066752816994157124 HTTP 302
https://dpm.demdex.net/ibs:dpid=540&dpuuid=66135544-f2e5-47ea-b79a-fd73ae90b1d1

Request Chain 69

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODg0ODQzMzE5MzQ2ODUxMTA3NDQwNjY3NTI4MTY5OTQxNTcxMjQ= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHWY-VMFXN6N6QLR6yEUln0&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 71

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 73

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 81

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 88

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 95

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 96

https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=ncfcnJqQ2p6Gx47KzsOSlcjA2pyGkY-UysCORLxJ

Request Chain 98

https://6835781.fls.doubleclick.net/activityi;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page HTTP 302
https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Request Chain 99

https://6868519.fls.doubleclick.net/activityi;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page HTTP 302
https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Request Chain 100

https://5322602.fls.doubleclick.net/activityi;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page HTTP 302
https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Request Chain 105

https://c.bing.com/c.gif?uid=88484331934685110744066752816994157124&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F1FF7DCEBBA608B2026E54BEAD161A4

Request Chain 107

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 109

https://a.tribalfusion.com/i.match?p=b13&u=88484331934685110744066752816994157124&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://s.tribalfusion.com/z/i.match?p=b13&u=88484331934685110744066752816994157124&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$ HTTP 302
https://dpm.demdex.net/ibs:dpid=22054

Request Chain 112

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632835956874149978

Request Chain 115

https://5967600.fls.doubleclick.net/activityi;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047 HTTP 302
https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047

Request Chain 116

https://10393945.fls.doubleclick.net/activityi;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148 HTTP 302
https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148

Request Chain 118

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=88484331934685110744066752816994157124&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-aOXo_YVE2pEAgwGjYNKHq3utqdqTWtwmkqE-~A

Request Chain 121

https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=88484331934685110744066752816994157124 HTTP 302
https://dpm.demdex.net/ibs:dpid=575&dpuuid=-1818358286842902188

Request Chain 122

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7268213461022275155&uid=Q7268213461022275155&ref=%2Feucm%2Fp%2Fadpq HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 125

https://exchange.adstanding.com/partners/aam/sync.php HTTP 302
https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

Request Chain 131

https://cm.everesttech.net/cm/yh HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y8Ad4AAAAKjWmgN-&sigv=1&esig=1~c355bc30a330cba7ddfaa3e0da2648f807d14017

Request Chain 132

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=4x3AY5K-AoPy1gay5o6oAg&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4x3AY5K-AoPy1gay5o6oAg&cid=CAQSKQDq26N9-u7aBqe82mGMwfXifpFs85Qme39rcFzb4bwN0tu_DUUsHFTIIBM&random=2992620356&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4x3AY5K-AoPy1gay5o6oAg&cid=CAQSKQDq26N9-u7aBqe82mGMwfXifpFs85Qme39rcFzb4bwN0tu_DUUsHFTIIBM&random=2992620356&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 133

https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
https://dpm.demdex.net/ibs:dpid=139200&dpuuid=LOcuDcqrQfyi6dM3CpUbDA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=88484331934685110744066752816994157124

174 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request home-page Show response
www.tdrewards.com/
Redirect Chain

https://dajior.com/TDRewards.com/TDRewards/Login/index.php?customersvcs=1673534835?idlogin=968f514d12cf1de5b221e7bef7f5e4d7
https://www.tdrewards.com/home-page

17 KB
17 KB

491ms
437ms

Document
text/html

45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

428dca060b7d5f77db070079114f87cc3ff88db75a9901db057bb32d78333d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
date: Thu, 12 Jan 2023 14:49:03 GMT
etag: W/"4302-OtiOvdAI6u5ssPG6EH56mcR5Qtg"
strict-transport-security: max-age=157680000
x-cdn: Imperva
x-iinfo: 9-384530438-384530442 NNNN CT(106 213 0) RT(1673534943563 14) q(0 0 3 0) r(5 5) U5
x-powered-by: Express

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Thu, 12 Jan 2023 14:49:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://www.tdrewards.com/home-page
pragma: no-cache
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/7.4.33 PleskLin

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/tdb/public-ca/ 439 KB
95 KB 50ms
7ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1c27852a2ca27d0165f838d043c1f38c064b77a21c24eb7d69af5664ca682fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 19:11:55 GMT
x-amz-version-id: UPUsI0a1LHzM5n4HcCvXxwPhXexVg35Q
content-encoding: br
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 157030
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 10 Jan 2023 19:11:06 GMT
server: AmazonS3
etag: W/"7f8e2476aa6efa854a3acd27bec259ec"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: D3PbO0PColyM5P1IAhLOCYgS98jRSmLYgX2Mlq8ZeojArklphRMkkw==

GET
H2 200 style.css
www.tdrewards.com/templates/active/static/ 255 KB
256 KB 120ms
118ms Stylesheet
text/css 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/style.css

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

c89295f4cf9f044cc628d03fcdfde1d1d4a9d9398f86d20167e1f9bd90ff571b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=157680000
last-modified: Thu, 12 Jan 2023 14:39:46 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fc1b-185a66c324c"
content-type: text/css; charset=UTF-8
x-iinfo: 9-384530438-384530442 PNNN RT(1673534943563 461) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 261147

GET
H2 200 vendors.js Show response
www.tdrewards.com/ 1 MB
1 MB 126ms
125ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/vendors.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

a95d35e211cde1cc8e0c02d0c7b05fcf663f032dd0379ff83e7001bc6ec5bafb

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"13f535-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 9-384530438-384530515 NNNY CT(108 220 0) RT(1673534943563 464) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1307957

GET
H2 200 bundle.js Show response
www.tdrewards.com/ 1 MB
1 MB 127ms
125ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/bundle.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

eb9dcd55b6dca690ba5f4f8f7e274e85f3e3bdb3db5890e3cd58af0cd5e455d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"15aa98-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 9-384530438-384530517 NNNY CT(109 218 0) RT(1673534943563 465) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1419928

GET
H2 200 templateCacheHtml.js Show response
www.tdrewards.com/templates/active/static/ 336 B
508 B 126ms
124ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/templateCacheHtml.js

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e54d3f4ad5c3c66a747f2a7f62e7ca28abfd2db5c57b3ba53721ee02e7e11b29

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"150-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 9-384530438-384530519 NNNY CT(105 214 0) RT(1673534943563 466) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 336

GET
H2 200 _Incapsula_Resource Show response
www.tdrewards.com/ 144 KB
20 KB 15ms
14ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.tdrewards.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=136759347
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.65.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: afe1cc21d3f67492a5f475fe98951bc9d5fd563ae8982ff1e013e890ab52be51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20897
content-type: application/javascript

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132

5 KB
2 KB

32ms
32ms

XHR
application/json

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

745e62adadc4f6e4a659ef58229ebe44290612c2c02f93ec91d111b9bbff2792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-00c503e2b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 17Vj2apFTvA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.tdrewards.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1556
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v045-0f3ed56cf.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SWBqXshvSKo=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.tdrewards.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=A783776A5245B1E50A490D44%40AdobeOrg&d_nsid=0&ts=1673534944132
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/tdb/public-ca/ 705 B
1010 B 24ms
23ms Script
text/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/tdb/public-ca/code/&publishedOn=Tue%20Jan%2010%2019:11:02%20GMT%202023&ClientID=822&PageID=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: caf3bd2d50ae4bcae441d5e55a4166e1bead3ee8f6c2536450ba06fbe860c264

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
content-length: 705
x-amz-cf-id: ZrkHtrHT9A9YuGdPpLh7YGlb6blgNxBu0XE4vGw5SX_45IMIzrKojg==
expires: Thu, 12 Jan 2023 14:49:03 GMT

GET
H2 200 6b203ed47c2078ebf3e8fb47354048e0.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 1 KB
862 B 9ms
9ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/6b203ed47c2078ebf3e8fb47354048e0.js?conditionId0=4827675
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d85f142df5ec74b2573fd4eada3b6dd595cf714f0c59a4cf5d9156e6b25d68d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Sun, 04 Sep 2022 06:00:09 GMT
x-amz-version-id: .mM6ZxrQCo2JOw.VJ6FoQFdN8NXEZAL.
content-encoding: br
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 11263735
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Jul 2021 20:32:16 GMT
server: AmazonS3
etag: W/"93618034931e36bbf6ebc1e5a8ca2be8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: LZu2QDrO2XaOMSA03ZbO3qWDs85zrtUhn4Ap3O_LspvFFTIq_WfMuA==

GET
H2 200 368d2960427a73e99cc174ba23618a10.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 162 KB
41 KB 8ms
8ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/368d2960427a73e99cc174ba23618a10.js?conditionId0=423140
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c1fc31072580014053e4a786ce276cb2a4bc196dacef0b24baa7cce6d939fd48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 18:20:44 GMT
x-amz-version-id: RkE1MprVHWvR4JDlElMKZd9J90BlJp0z
content-encoding: br
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 246500
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 09 Jan 2023 18:20:32 GMT
server: AmazonS3
etag: W/"0b711ed37388ecac1bf02deb53ae7b73"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 9Ce4813xwfZCW2XE0zMgmbQ0shawUKyI6dlL0TTHXgpzKnSE8pe2Cw==

GET
H2 200 53806121fbcecf081a714e6527577c95.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 2 KB
823 B 9ms
9ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/53806121fbcecf081a714e6527577c95.js?conditionId0=4841570
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3b30c57fee08b8710ae3ec4a4f44cab038c7c238fbef21adf60791b6af5d3190

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 12 Dec 2022 02:16:23 GMT
x-amz-version-id: nc.xF8GSNlB.1f8m0QghLrowiumo0LJk
content-encoding: br
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2723562
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 07 Dec 2022 18:16:52 GMT
server: AmazonS3
etag: W/"e9606fc127291df4b34091477c116c44"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: I-mfEoCzqEGcIOdmmnnGAM5O0Ken78Evz9W8n-htv0fzkJUgB2pSqA==

GET
H2 200 e5276288d948078f4ec1dc417fdf0e2b.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 3 KB
1 KB 9ms
9ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/e5276288d948078f4ec1dc417fdf0e2b.js?conditionId0=505813
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bde0dcec69fee23a4d9549a2c5a935a8a831c8f8d5019576b7047ce5d7214064

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 14 Dec 2022 07:15:58 GMT
x-amz-version-id: pyKMxTyKEGvgy7OmAcU_nIJaWSBQVguQ
content-encoding: br
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2532786
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Jul 2021 20:32:17 GMT
server: AmazonS3
etag: W/"65bc8d3a30a05124edd12469e8a3a745"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: j3YUUcgA0z3RmZmdlw72g2yg0Prj9l-C3j7yFwIISHnhJM7PcYPlLg==

GET
H2 200 132b94a24d0c2c50efae315c8d66deb4.js Show response
nexus.ensighten.com/tdb/public-ca/code/ 687 B
1 KB 9ms
9ms Script
application/javascript 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/tdb/public-ca/code/132b94a24d0c2c50efae315c8d66deb4.js?conditionId0=1218305
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dc4c8b4269817a4028f65fb34d0cf7410050c6e58aeb82aa9fb067e7d85b3f65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 23:24:59 GMT
x-amz-version-id: qJZnEEBmjCokGtURZx0GHfXGqM7E8Fr5
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 3079446
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 687
last-modified: Wed, 07 Dec 2022 18:16:52 GMT
server: AmazonS3
etag: "ee74c5f299abbb748fff1fa82a992117"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: FSBzoyjySVziy48SMAtgruXNo0MleubdYpqKJ4CLfivZbD-iJyS3jw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 78ms
28ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6974241

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a05c1900f93a5bd7cd548b744c3b866412335c99fa9ffa7386745a56fcbe351a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44765
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
70 KB 84ms
45ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1029090628

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f746d54ef41069fb798a11df83626a5bfd371c8b3401574171784ab83f65b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71536
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H/1.1 200
OK dest5.html Show response
td.demdex.net/ Frame 4D18 7 KB
3 KB 208ms
31ms Document
text/html 52.213.249.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://td.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.213.249.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-213-249-147.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.tdrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v045-03c381005.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: T0SST4zeSZk=
content-encoding: gzip
date: Thu, 12 Jan 2023 14:49:04 GMT
last-modified: Fri, 28 Oct 2022 11:02:57 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.td.com/ 48 B
467 B 264ms
151ms XHR
application/x-javascript 23.36.162.82
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&mid=88385600023119025444040624170926609526&ts=1673534944307

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.82 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-82.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

8f8fb169aedd25a34e59f087bfd7ee9a0893bed8a4f3824df3cd08ea1a6d47e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=86400
x-content-type-options: nosniff
server: jag
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.tdrewards.com
p3p: CP="This is not a P3P policy"
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y8Ad4AAAAKjWmgN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=88484331934685110744066752816994157124
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y8Ad4AAAAKjWmgN-

42 B
942 B

31ms
30ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y8Ad4AAAAKjWmgN-

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0c67d0b74.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 6P3Q61wUQF0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y8Ad4AAAAKjWmgN-
Date: Thu, 12 Jan 2023 14:49:04 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
tdbankfinancialgroup.tt.omtrdc.net/rest/v1/ 363 B
728 B 166ms
48ms XHR
application/json 54.154.10.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tdbankfinancialgroup.tt.omtrdc.net/rest/v1/delivery?client=tdbankfinancialgroup&sessionId=60308d97db4f408e9dff987920875805&version=2.3.1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.10.83 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-10-83.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7f8c6789e94588d2f6c1b003f78d57a3cccb431c3e3595f1149d5ff316917b7e

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.tdrewards.com
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: ee8413e31b4c0b1621e9cf0487eec6d0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 59ms
46ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868520&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

238b11d0983f093813a22ec15a9bec1f577a43cb2ce30997dfb51964cb6e73fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44750
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 63ms
50ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6835781&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72abe5bb9ca24bbd17d00aaa30f67c371f1df6932b24015d3cae5aa7834d7a69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44750
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 51ms
39ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868312&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

162f3a7e180fbc6e0a8bd9a54559554250927db8136543dee9f3653adae7427e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44751
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 39ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868519&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b8c05adcf65d3288a493a5e03fedca3e18c1f6074c3414f94cf0aa5e45ba1927

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44749
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 39ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6867344&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a6c3ad32cd79b1379ca98b1e0ce14d183831ff17b8d6a821ddf790cfa71ddda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44751
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 53ms
42ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868105&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

372ffd5ce8a4b87cdc082a2da3866a098c60cc91224c7dd40e3a48fd6dfd4994

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44751
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 46ms
34ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868503&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d5181baf1c5141e77dde7697078491f6dfb623d8571f0bbb069f26f1d37e8b26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44751
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 39ms
28ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6871112&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f420304246c9e98fc5a69fde63af5dd051990e44cc3caec83b074c680968b21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44751
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 55ms
44ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868104&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f8a22490a8bb04c61fe2d4818e96aaabdac84158523d7d020951a5e330e15289

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44752
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 63ms
51ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868106&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cfcfa7de5122ae8b722961129e0a0855a07a2eb3c04889f3f18e51f3e35e055e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44765
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 66ms
54ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6871114&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89e0fad06a74d1d850f48d12d56fbeb387a245a37c6304da1a2a6e7e8043ec0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44752
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 65ms
53ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6868309&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bff127282d1b207589f0387de3a71ac47854e28ee532c213ea97669b7299b941

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44753
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 64ms
53ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6102339&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75f3627b0f49bfc2c40aca2d5a5ffd4b8efb9f291d07ed77a0f7f894169f099a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44749
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 100ms
89ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5322602&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc8b0ebf6beadaea1c4334e9e6f8ae4553e0ab5317509d1941ff9dccc3333c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44749
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 181 KB
66 KB 73ms
62ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-973175160&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f7b83c9ad329c527d00782e1533f9aba02721b2424b836e379a1308a2065f5e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67552
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 181 KB
66 KB 69ms
59ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-986405607&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0634a4a822ad137d74e2904c2a345e8a8b1766fca5307f318fb5442b6b1d3902

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67579
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 181 KB
66 KB 72ms
59ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1028536181&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

39b867482b03ca600d2911a4e93e31caa8bf5c9fb6eb1e681da47e52a9c7122c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67643
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 137 KB
53 KB 406ms
394ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-980723526&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f52f3575f11db0331afa64738da91b69d38092e573986c02234ba5428e3bf089

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53750
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
70 KB 74ms
61ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-707912219&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3cc9d446b13d37bd14e388647dcddca03a792b5baf15397ec6e62c7cbc117cd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71552
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 198 KB
70 KB 64ms
53ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1029090628&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50eac77143568171cdb4d18883053ef4a3ac65ad4291ba3b0015c40d45616fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71537
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 181 KB
66 KB 1148ms
1138ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-624489921&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc811c200b56bffb3cccdee11ecfac357061527da011fadcecc60f1e55c74d36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67546
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 12 Jan 2023 14:49:05 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/707912219/ 2 KB
1 KB 119ms
56ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/707912219/?random=1673534944396&cv=11&fst=1673534944396&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6be41188dc361ea9217fe1204ced42e6b3bbc2d0419116a35c9e1f3814dd508

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 873
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/449593252/ 2 KB
1 KB 110ms
55ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/449593252/?random=1673534944413&cv=11&fst=1673534944413&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e2b66e4041eb8d5e8da78e5440dbdd40072567b76f329affd682a6a98a1f8e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 871
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1029090628/ 2 KB
1 KB 100ms
56ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1029090628/?random=1673534944421&cv=11&fst=1673534944421&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95e41b151dfcb2b32e813d128bfb6a2b83ce24cae893a4dfc487dc178d3dd3b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 872
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/986405607/ 2 KB
1 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/986405607/?random=1673534944631&cv=11&fst=1673534944631&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

292eefeb70ba905ac65124dab27f3c4a198658e9835ce511cb705d197bd28179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 871
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/973175160/ 2 KB
900 B 58ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973175160/?random=1673534944672&cv=11&fst=1673534944672&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

881c6d3b246e8fd21e7325f7411e28ffa6166f45582b18d38a972dc55dc96943

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1028536181/ 2 KB
901 B 59ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1028536181/?random=1673534944689&cv=11&fst=1673534944689&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90ff16f693fd99d99b9e7d29473298941ff339aada2216b3e866d949bd830cd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s6294505999380 Show response
smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/ 5 KB
2 KB 263ms
263ms Script
application/x-javascript 23.36.162.82
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/s6294505999380?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=12%2F0%2F2023%2014%3A49%3A4%204%200&d.&nsid=0&jsonv=1&.d&sdid=28E864ABD59AC439-2237DB61911A6032&mid=88385600023119025444040624170926609526&aamlh=6&ce=UTF-8&ns=tdbank&pageName=%2Fwww.tdrewards.com%2Fhome-page&g=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&server=www.tdrewards.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3DpageName&v3=1&c4=9%3A30AM&v4=1&c5=Thursday&v5=1&c6=Weekday&c12=not-authenticated&c13=New&v18=D%3Dc4&v19=D%3Dc5&c20=D%3Ds_vi&v20=D%3Dc6&c21=D%3DUser-Agent&v32=D%3Dc12&v33=D%3Dc13&v39=D%3Ds_vi&v68=D%3Dc21&c70=tdtdct%2Ctdglobal&c71=88385600023119025444040624170926609526&v71=A1%20%7C%20B1%20%7C%20C1&c74=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&c75=AppMeasurement%20-%202.20.0&v94=88385600023119025444040624170926609526&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&AQE=1

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.82 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-82.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

fa65446c5f9b87370f0a0b961ad0a017a3e902f24f3e49e206bebc85693bdcc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-aam-tid: XoXcTSLsSM0=
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=86400
p3p: CP="This is not a P3P policy"
content-length: 1649
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v045-0687cfe76.edge-irl1.demdex.com 6 ms
pragma: no-cache
last-modified: Fri, 13 Jan 2023 14:49:04 GMT
server: jag
etag: 3593888928266518528-4619665824405882883
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 weblysleekuisl-webfont.woff2
www.tdrewards.com/templates/active/static/fonts/ 21 KB
21 KB 137ms
136ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/weblysleekuisl-webfont.woff2

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8adf7be5e4b8e09896eb13e9eaa409a3bcf7d35a096c858127816cd520d8b13f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"53e0-1845acd8810"
content-type: font/woff2
x-iinfo: 9-384530438-384530442 PNNN RT(1673534943563 1126) q(0 0 0 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21472

GET
H2 200 /
www.google.com/pagead/1p-user-list/449593252/ 42 B
108 B 136ms
53ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/449593252/?random=1673534944413&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=915572127&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/449593252/ 42 B
108 B 65ms
29ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/449593252/?random=1673534944413&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=915572127&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/707912219/ 42 B
108 B 136ms
54ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/707912219/?random=1673534944396&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=719983727&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/707912219/ 42 B
108 B 67ms
31ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/707912219/?random=1673534944396&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=719983727&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1029090628/ 42 B
108 B 135ms
53ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1029090628/?random=1673534944421&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2884930195&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1029090628/ 42 B
108 B 70ms
34ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1029090628/?random=1673534944421&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2884930195&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=21&dpuuid=219393204394002309241
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=88484331934685110744066752816994157124
https://dpm.demdex.net/ibs:dpid=21&dpuuid=219393204394002309241

42 B
942 B

32ms
32ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=21&dpuuid=219393204394002309241

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-078a58cff.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: DcPigmsRRrU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dpm.demdex.net/ibs:dpid=21&dpuuid=219393204394002309241
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
expires: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/986405607/ 42 B
108 B 132ms
53ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/986405607/?random=1673534944631&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3414568623&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/986405607/ 42 B
108 B 77ms
44ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/986405607/?random=1673534944631&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3414568623&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/973175160/ 42 B
548 B 116ms
52ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973175160/?random=1673534944672&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2205303459&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/973175160/ 42 B
108 B 46ms
28ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/973175160/?random=1673534944672&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2205303459&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1028536181/ 42 B
108 B 73ms
56ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1028536181/?random=1673534944689&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=865902750&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1028536181/ 42 B
548 B 28ms
27ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1028536181/?random=1673534944689&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=865902750&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/980723526/ 2 KB
898 B 60ms
60ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/980723526/?random=1673534944798&cv=11&fst=1673534944798&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7227f0087c2a101ab5bc2a0f01f2d8ef832143768bac3dad24d6961d8f9e1fb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 874
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=269&dpuuid=e6e163c0-1de1-4a00-9db1-9215665a9ab6&ddsuuid=88484331934685110744066752816994157124
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10004&mt_exuid=88484331934685110744066752816994157124&redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D269%26dpuuid%3D[MM_UUID]%26ddsuuid%3d88484331934685...
https://dpm.demdex.net/ibs:dpid=269&dpuuid=e6e163c0-1de1-4a00-9db1-9215665a9ab6&ddsuuid=88484331934685110744066752816994157124

42 B
942 B

33ms
31ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=269&dpuuid=e6e163c0-1de1-4a00-9db1-9215665a9ab6&ddsuuid=88484331934685110744066752816994157124

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-07e4ed132.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: X9Qsts8lQtc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Thu, 12 Jan 2023 14:49:05 GMT
Server: MT3 277 3f0ad7a master zrh-pixel-x3 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://dpm.demdex.net/ibs:dpid=269&dpuuid=e6e163c0-1de1-4a00-9db1-9215665a9ab6&ddsuuid=88484331934685110744066752816994157124
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 12 Jan 2023 14:49:04 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/980723526/ 42 B
108 B 54ms
52ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/980723526/?random=1673534944798&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3164239844&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/980723526/ 42 B
108 B 26ms
25ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/980723526/?random=1673534944798&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3164239844&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=358&dpuuid=936770671825961972
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
https://dpm.demdex.net/ibs:dpid=358&dpuuid=936770671825961972

42 B
942 B

54ms
31ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=358&dpuuid=936770671825961972

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: uJ3kGr93QOU=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Date: Thu, 12 Jan 2023 14:49:05 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 178.162.209.135; 178.162.209.135; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9332d786-486a-44a6-a654-2c390d4b5d10
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dpm.demdex.net/ibs:dpid=358&dpuuid=936770671825961972
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame 4D18 0
214 B 71ms
10ms Image
text/plain 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=6404&puid=88484331934685110744066752816994157124&gdpr=0&gdpr_consent=
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ibs:dpid=540&dpuuid=66135544-f2e5-47ea-b79a-fd73ae90b1d1
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=88484331934685110744066752816...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=ADB&partner_url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D540%26dpuuid%3D%24%7BTA_DEVICE_ID%7D&partner_device_id=88484331934685110744066...
https://dpm.demdex.net/ibs:dpid=540&dpuuid=66135544-f2e5-47ea-b79a-fd73ae90b1d1

42 B
942 B

31ms
31ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=540&dpuuid=66135544-f2e5-47ea-b79a-fd73ae90b1d1

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-0a637d725.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: /8jjh8WnSBA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Thu, 12 Jan 2023 14:49:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://dpm.demdex.net/ibs:dpid=540&dpuuid=66135544-f2e5-47ea-b79a-fd73ae90b1d1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 /
dp2.33across.com/ps/ Frame 4D18 0
69 B 674ms
107ms Image
text/plain 67.202.105.21
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dp2.33across.com/ps/?pid=897&random=1693048810
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.21 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip21.67-202-105.static.steadfastdns.net
Software: 33XP007 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-33x-status: 208
date: Thu, 12 Jan 2023 14:49:05 GMT
server: 33XP007

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEHWY-VMFXN6N6QLR6yEUln0&google_cver=1
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODg0ODQzMzE5MzQ2ODUxMTA3NDQwNjY3NTI4MTY5OTQxNTcxMjQ=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHWY-VMFXN6N6QLR6yEUln0&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

41ms
41ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHWY-VMFXN6N6QLR6yEUln0&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: E1lY514/QOE=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEHWY-VMFXN6N6QLR6yEUln0&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 4D18 43 B
396 B 181ms
113ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_user_id=88484331934685110744066752816994157124&p_id=38594

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-response-time: 106
date: Thu, 12 Jan 2023 14:49:04 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 249a7a154bf2a84d
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 4f1ce3f3b74a7b05d92fb9d66d7cd557a9c84c7f4b32cb212f9c9db8a7832204
content-length: 43

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEOSlxpsDuaZRg84wZ1_-hmY&google_cver=1
https://pixel.everesttech.net/1x1

128 B
796 B

28ms
28ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:05 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b516-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/624489921/ 2 KB
896 B 61ms
61ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/624489921/?random=1673534945563&cv=11&fst=1673534945563&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&auid=1140671.1673534944&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8bc12dad2243e75b5b09ff1d6dfd89a8bc432b06457d62fe4c7a251c306f934

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 872
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEO...
https://pixel.everesttech.net/1x1

128 B
691 B

29ms
29ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:05 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b51f-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 _Incapsula_Resource
www.tdrewards.com/ 1 B
35 B 7ms
7ms Image
text/plain 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tdrewards.com/_Incapsula_Resource?SWKMTFSR=1&e=0.5247872919164105
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.65.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 106ms
27ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 12 Jan 2023 14:21:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 1631
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Thu, 12 Jan 2023 16:21:54 GMT

POST
H2 200 login Show response
www.tdrewards.com/api/userManagement/guestUser/ 489 B
1 KB 259ms
259ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/userManagement/guestUser/login

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

e531c74a86868f49de449a6f94644bae9ede63dc7f113662e0d489943a00004b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
X-Frame-Options: DENY
Content-Type: application/json;charset=UTF-8
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:05 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530517 PNNy RT(1673534943563 2151) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H3 200 /
www.google.com/pagead/1p-user-list/624489921/ 42 B
64 B 55ms
55ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/624489921/?random=1673534945563&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2915388070&rmt_tld=0&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/624489921/ 42 B
64 B 26ms
25ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/624489921/?random=1673534945563&cv=11&fst=1673532000000&bg=ffffff&guid=ON&async=1&gtm=2oa1a1&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&tiba=TD%20Rewards&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2915388070&rmt_tld=1&ipr=y

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 74ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 12 Jan 2023 14:49:05 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C7C3D1AFA0CD49FB84E841972DAF8134 Ref B: FRAEDGE1118 Ref C: 2023-01-12T14:49:05Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H2 200 B10862916.145035458;sz=1x2;ord=379418463629 Show response
ad.doubleclick.net/ddm/adj/N307601.197812NSO.CODESRV/ 11 B
547 B 146ms
51ms Script
text/javascript 142.251.208.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N307601.197812NSO.CODESRV/B10862916.145035458;sz=1x2;ord=379418463629?

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f6.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://pixel.everesttech.net/1x1

128 B
691 B

29ms
29ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:05 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
829 B 30ms
29ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:09:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2402
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 12 Jan 2023 15:09:03 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 28ms
28ms Script
text/javascript 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:18:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 12 Jan 2023 15:18:34 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 46ms
16ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-7284910-1&cid=912374627.1673534946&jid=72943965&gjid=796718368&_gid=456849056.1673534946&_u=aGBAiQIxBAAAAEAAs~&z=1832345483

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tdrewards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 12 Jan 2023 14:49:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 28ms
28ms Image
image/gif 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=990223404&t=pageview&_s=1&dl=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&dp=%2Fhome-page&ul=en-us&de=UTF-8&dt=TD%20Rewards&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiQIxBAAAAAAAs~&jid=72943965&gjid=796718368&cid=912374627.1673534946&tid=UA-7284910-1&_gid=456849056.1673534946&z=71892677

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 02:42:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 43568
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 5188219.js Show response
bat.bing.com/p/action/ 0
118 B 192ms
192ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5188219.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 12 Jan 2023 14:49:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD3B062C8E674ABD9EE50294224228CC Ref B: FRAEDGE1118 Ref C: 2023-01-12T14:49:05Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
175 B 30ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5188219&Ver=2&mid=3c23a429-8255-4684-98e9-81eac7aba687&sid=4330bb60928811edb28ebb87cc835522&vid=4330c140928811ed8e734f7bd9fadfda&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=TD%20Rewards&kw=TD%20Rewards,%09Points,%09Loyalty,%09Expedia,%09Redeem,%09Gift%20Cards,%09Travel,%09Apple,%09FitBit&p=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&r=&lt=2822&evt=pageLoad&sv=1&rn=461920

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 12 Jan 2023 14:49:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BF4EA1AB7BD48AF9112CE1B10D90C2C Ref B: FRAEDGE1118 Ref C: 2023-01-12T14:49:05Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
691 B

29ms
29ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Requested by: Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:06 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 65ms
65ms Image
image/gif 2a00:1450:400d:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-7284910-1&cid=912374627.1673534946&jid=72943965&_u=aGBAiQIxBAAAAEAAs~&z=1698606414

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 25ms
24ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-7284910-1&cid=912374627.1673534946&jid=72943965&_u=aGBAiQIxBAAAAEAAs~&z=1698606414

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 angular-locale_en-ca.js Show response
www.tdrewards.com/templates/active/static/i18n/ 3 KB
3 KB 120ms
119ms Script
application/javascript 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/i18n/angular-locale_en-ca.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

67563318f781475915e443fef24576ea64e5de5a80e7ab3fd6b967de15538dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"a9a-1845acd8810"
content-type: application/javascript; charset=UTF-8
x-iinfo: 9-384530438-384530515 PNNy RT(1673534943563 2414) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2714

GET
H2 200 product Show response
www.tdrewards.com/api/productManagement/ 8 KB
8 KB 312ms
312ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/product?name=$250+Education+Credit

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

e927dcebecb2c550da9428ce3ef949d06bd75ec8116b3a9df83dc7ab63c1f04c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530442 PNNN RT(1673534943563 2427) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 catalog Show response
www.tdrewards.com/api/productManagement/ 434 B
545 B 251ms
251ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog?program_id=1

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

c40b0b8b73b6b119800fdbdcb3446d2b8de94b8259ae69aba87bae0eebf1c971

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530519 PNNy RT(1673534943563 2429) q(0 0 0 -1) r(3 3) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 getRoutesLastUpdatedAt Show response
www.tdrewards.com/api/utilityManagement/ 532 B
654 B 499ms
499ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/utilityManagement/getRoutesLastUpdatedAt

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

f1f9b88ebad4eff68423c31aa4c5e365aed21c6f5e74ec53c5138751ae07ed10

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530761 NNNY CT(105 211 0) RT(1673534943563 2430) q(0 0 0 -1) r(5 5) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

32ms
32ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:06 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "b3b521-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:06 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

ibs:dpid=1175&&dpuuid=ncfcnJqQ2p6Gx47KzsOSlcjA2pyGkY-UysCORLxJ
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://cms.quantserve.com/pixel/p-vj4AYjBqd6VJ2.gif?idmatch=0&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=ncfcnJqQ2p6Gx47KzsOSlcjA2pyGkY-UysCORLxJ

42 B
942 B

33ms
32ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=ncfcnJqQ2p6Gx47KzsOSlcjA2pyGkY-UysCORLxJ

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-04fb65ba6.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: EMdHvSaVT5w=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dpm.demdex.net/ibs:dpid=1175&&dpuuid=ncfcnJqQ2p6Gx47KzsOSlcjA2pyGkY-UysCORLxJ
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 nr-1026.min.js Show response
js-agent.newrelic.com/ 22 KB
9 KB 37ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1026.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2d10816bada4d94734c1cb7e191ffb89ea7d9bb5c11b3e680f6b00c3a28d4e41

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
via: 1.1 varnish
date: Thu, 12 Jan 2023 14:49:06 GMT
x-amz-request-id: PCG1S6X7X023V5N7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 8844
x-amz-id-2: k8z9Lc4iuC3vaM6m5xBrx0iOXUtWxh2ElRbN6o3877ZlNDfOfE3qr1y8jWwEJydTf/+G0+vn6UE=
x-served-by: cache-hhn-etou8220061-HHN
last-modified: Wed, 28 Feb 2018 23:33:30 GMT
server: AmazonS3
x-timer: S1673534946.159864,VS0,VE0
etag: "230c916aaa9194e21891a639a9c2b8eb"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 15

GET
H3

200

activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%... Show response
6835781.fls.doubleclick.net/ Frame 46A9
Redirect Chain

https://6835781.fls.doubleclick.net/activityi;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3...
https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=883856000231190254...

4 KB
1 KB

149ms
148ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6835781&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

912b5c2a4455ab2a97ca3bcb3a7b6b9c8195aab2305abec1aaeab56fedfacb4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 1071
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Thu, 12 Jan 2023 14:49:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page Show response
6868519.fls.doubleclick.net/ Frame E3C1
Redirect Chain

https://6868519.fls.doubleclick.net/activityi;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?
https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2...

410 B
346 B

138ms
138ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6868519&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

5ea8f49a91421cf607c074e1afeeb79672a84a27a2c4d8d0800e3adfeb45fedc

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 236
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Thu, 12 Jan 2023 14:49:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3... Show response
5322602.fls.doubleclick.net/ Frame 002A
Redirect Chain

https://5322602.fls.doubleclick.net/activityi;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https...
https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=8838560002311902...

452 B
385 B

132ms
132ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-5322602&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

5244395c4adbc8a46e232f63af966e40ab1b8d2f6a7d05d83daa2df238020fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tdrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 275
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Thu, 12 Jan 2023 14:49:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 icons.ttf
www.tdrewards.com/templates/active/static/images/icons/ 35 KB
35 KB 127ms
127ms Font
font/ttf 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/images/icons/icons.ttf?qta720

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

0b2a1aee7a62edd2f0edcadf59fd2e1c5635e5eb1c807b10e64c06176c9eb077

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"8a7c-1845acd8810"
content-type: font/ttf
x-iinfo: 9-384530438-384530515 PNNy RT(1673534943563 2591) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 35452

GET
H2 200 weblysleekuil-webfont.woff2
www.tdrewards.com/templates/active/static/fonts/ 18 KB
19 KB 475ms
475ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/weblysleekuil-webfont.woff2

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7f8f92a1913474ebb54f27bb9a908eb8006c76665ed14ed7ebea958b661b4b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"49e4-1845acd8810"
content-type: font/woff2
x-iinfo: 9-384530438-384530787 NNNN CT(116 216 0) RT(1673534943563 2593) q(0 0 3 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18916

GET
H2 200 tr
www.facebook.com/ Frame 4D18 0
185 B 53ms
15ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1539657062816299&ev=fy18projecteverests1tos26supp&noscript=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 12 Jan 2023 14:49:06 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1 200
OK c099ced574 Show response
bam.nr-data.net/1/ 49 B
620 B 310ms
250ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/c099ced574?a=9185954&sa=1&v=1026.7a27a3e&t=Unnamed%20Transaction&rst=3274&ref=https://www.tdrewards.com/home-page&be=1141&fe=3206&dc=2761&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1673534942924,%22n%22:0,%22f%22:626,%22dn%22:626,%22dne%22:663,%22c%22:663,%22s%22:670,%22ce%22:680,%22rq%22:680,%22rp%22:1117,%22rpe%22:1123,%22dl%22:1124,%22di%22:2759,%22ds%22:2760,%22de%22:2822,%22dc%22:3205,%22l%22:3205,%22le%22:3258%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:06 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 7886b2661c808fca-FRA

GET
H/1.1

200
OK

ibs:dpid=1957&dpuuid=1F1FF7DCEBBA608B2026E54BEAD161A4
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://c.bing.com/c.gif?uid=88484331934685110744066752816994157124&Red3=MSAdobe_pd&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F1FF7DCEBBA608B2026E54BEAD161A4

42 B
942 B

31ms
31ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F1FF7DCEBBA608B2026E54BEAD161A4

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-078a58cff.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 9B9J2BiFSPk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 24FB3DFC7D584352A0FF4BF4750E5F4F Ref B: FRAEDGE1118 Ref C: 2023-01-12T14:49:06Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://dpm.demdex.net/ibs:dpid=1957&dpuuid=1F1FF7DCEBBA608B2026E54BEAD161A4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 918 B
1 KB 631ms
631ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Gift+Cards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

8049fbc66c70664fea2e21d74b846d01e573951ddf01d090aece12807f916737

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530800 NNNN CT(106 269 0) RT(1673534943563 2682) q(0 0 4 -1) r(6 6) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 4D18
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WThBZDRBQUFBS2pXbWdOLQ&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

31ms
31ms

Image
image/png

52.208.6.207
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Server: 52.208.6.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-6-207.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:06 GMT
Last-Modified: Mon, 19 Jul 2021 07:56:25 GMT
Server: Apache
ETag: "36b516-80-5c775461d9c40"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Type: image/png
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Thu, 12 Jan 2023 14:49:06 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 6820 Show response
www.tdrewards.com/api/productManagement/product/ 261 KB
262 KB 826ms
826ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/product/6820

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

a11efdd316430c3ed0ebb4a564fe6f82b59790a46b027df59bae26d7ca639dcc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530515 PNNy RT(1673534943563 2749) q(0 0 0 -1) r(8 8) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

ibs:dpid=22054
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://a.tribalfusion.com/i.match?p=b13&u=88484331934685110744066752816994157124&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://s.tribalfusion.com/z/i.match?p=b13&u=88484331934685110744066752816994157124&redirect=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid=22054&dpuuid=$TF_USER_ID_ENC$
https://dpm.demdex.net/ibs:dpid=22054

42 B
956 B

33ms
32ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22054

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0dc3ea27c.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 0Uw8jmARQhk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 300
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
cf-cache-status: DYNAMIC
x-function: 209
server: cloudflare
x-reuse-index: 217
content-type: text/html
location: https://dpm.demdex.net/ibs:dpid=22054
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7886b268afb55bf1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=*;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2F...
adservice.google.com/ddm/fls/z/ Frame 002A 42 B
107 B 223ms
145ms Image
image/gif 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=*;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Requested by

Host: 5322602.fls.doubleclick.net
URL: https://5322602.fls.doubleclick.net/activityi;dc_pre=CK6h-r-jwvwCFUKvnwodA-EPYQ;src=5322602;type=rewar0;cat=tdrew002;ord=1;num=6360720618573;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5322602.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getAppComponents Show response
www.tdrewards.com/api/utilityManagement/ 1 MB
1 MB 915ms
914ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/utilityManagement/getAppComponents

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

4b32ef9fb38e63d534880b7d4874bd2df77d1f766c77de781232f272a0a74ca1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:07 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530850 NNNY CT(109 221 0) RT(1673534943563 2930) q(0 0 0 -1) r(10 10) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1

200
OK

ibs:dpid=22052&dpuuid=3632835956874149978
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632835956874149978

42 B
942 B

32ms
32ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632835956874149978

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-0eab94181.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: pP4QOWe2QYQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3632835956874149978
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185
expires: 0,Fri, 13 Jan 2023 09:49:06 GMT

GET
H2 200 dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=*;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page
adservice.google.com/ddm/fls/z/ Frame E3C1 42 B
494 B 202ms
144ms Image
image/gif 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=*;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Requested by

Host: 6868519.fls.doubleclick.net
URL: https://6868519.fls.doubleclick.net/activityi;dc_pre=CLb6-r-jwvwCFdGjnwodYecFxg;src=6868519;type=credi0;cat=tdrew00-;ord=1;num=7477073270742;gtm=2od1a1;auiddc=1140671.1673534944;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6868519.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=*;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fho...
adservice.google.com/ddm/fls/z/ Frame 46A9 42 B
107 B 165ms
147ms Image
image/gif 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=*;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page

Requested by

Host: 6835781.fls.doubleclick.net
URL: https://6835781.fls.doubleclick.net/activityi;dc_pre=CMKS_L-jwvwCFbYHaAgdLq0Lxw;src=6835781;type=tdrew0;cat=tdrew0;ord=1;num=3014814868034;gtm=2od1a1;auiddc=1140671.1673534944;u1=88385600023119025444040624170926609526;~oref=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047 Show response
5967600.fls.doubleclick.net/ Frame 0355
Redirect Chain

https://5967600.fls.doubleclick.net/activityi;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047?
https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_conse...

1 KB
508 B

120ms
119ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

c396d97ae83d3fbb48e9fdfeb74a11112ce224db85caf41eeb9a56301f4c0403

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6835781.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 485
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Thu, 12 Jan 2023 14:49:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148 Show response
10393945.fls.doubleclick.net/ Frame DE54
Redirect Chain

https://10393945.fls.doubleclick.net/activityi;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148?
https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_con...

423 B
259 B

233ms
233ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

bf97db62e67a544b3cf02e29c189eab95438969937d85df7c6835b6037f7effc

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6835781.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 236
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Thu, 12 Jan 2023 14:49:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 12 Jan 2023 14:49:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 46A9 105 KB
28 KB 82ms
15ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 12 Jan 2023 14:49:06 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27613
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: dsrnCLbAYZdqnrjqdNj3gUBNxDxwsogQDwbAcb4dp6srRhMw+74fOFYESFDH3na3X5JgdgnH95oWlmBr5eh3QA==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=30646
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ADOBE&_hosted_id=88484331934685110744066752816994157124&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-aOXo_YVE2pEAgwGjYNKHq3utqdqTWtwmkqE-~A

42 B
942 B

33ms
32ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-aOXo_YVE2pEAgwGjYNKHq3utqdqTWtwmkqE-~A

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-083f91df3.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: U4zo0rECQSc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Thu, 12 Jan 2023 14:49:06 GMT
strict-transport-security: max-age=31536000
via: http/1.1 spdc0101.pbp.ir2.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
content-type: text/html;charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=30646?dpuuid=y-aOXo_YVE2pEAgwGjYNKHq3utqdqTWtwmkqE-~A
content-length: 0

GET
H2 204 1.gif
nexus.ensighten.com/privacy/v1/b/ 0
267 B 21ms
21ms Image
text/plain 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/privacy/v1/b/1.gif?n=0&c=822&i=55wgyb&p=public-ca-dev&d=N4IgbgpgTgzglgewHYgFwgIwDoAMuQA0IA5gIYAuEA7qQJ5ogBMW2GjAnISAMYA2cEJOQCSAEzQAORoyIAHAK4AjfjAAWABQqqGC5XG4BabqQOiIYLnCQxypJNwhiGAVmdVitRV1mluAawhyNBwiAFsEMwYqVThKFSCibgQEPwEYNGAAXyIoCABHeQgbdNQAbVAzGysKRBR0VXJyWRhUAHpWpAgAD3kYLEF4YgbBLCTQ1vJRRVbdfkNjVphoSCgAYQRQ2WRBcixZVVkAfiRSUKKfBwBeACFk8hsoUllZaAAyGxruACkYTXJVS6dHp9AZwIaUJCjDYTKYzJRzIykVpJMytV6zOBqCCiADySEuABVCgBSRg4L52Uk4DA4KkYdioDAYVA4RhUgDiAFkCVSyYwAMyvVb8HbCAAilykjFemmIjglDSaMGJ-IAgqSAGKaqg6rCTXI0KCiPpjTWqDYQAw+OVcci0F4MGDcKBwWQJEAfKBBRkANgA7PznPyACzsYPBjA+n1EQTiX0BoOh8P0v1EGAIeRQBwMKxLL3XCAAMwQuS4H3IvQYvAQpHEOQgpHT1jQpQAukQ4HHIwmQ2GI1HshUiuRqiPkAxFc02h1ur1+tYwcNIWMYdMMfMkSiIK0fYoyfzscG-dwyX6JBBFIWDxJC4oj4Hgzhg+e8AArGCHJJIUSxWpiHCXM+jB+v6zi2vaECOs6rrup63rdoGvbJuwzgxt+aAIYmfZkhIaYZlmkHoLm0DkAWxalmmtgViUIDVrWXC5I2yAlG2HZdv6iFJhGKGDiAlQjicY51CAk4tO0QJzqC4IjCukxrvC+iIsiETbhAzjAT6jASBIohhhIOBnoWwYQNwGCiNwEZ+oWoiFjgECMIoWDvp+yA-kJ-6XM4ODOBIGD8uBDroE6LpumWthehhHFYch0YgLGkU9lxZLsHhmbZkR1gkWRJaQZRFCVugdF1iAjFNix7YgJ2CWcX29I+rx-GjrUE6NFO4mziCC7Scu0JyXCegbspqJ+Q5YakIwwaiDgJ7cF5RakBA-IYM43A6VGZh3k5H5fm5f5TZcbAYBI-LeQFhEetBoV5RF8Y1chqZxeht3RcGyWpQROaZfmRY5WF+U0UVDENmVLYVVVz1IdxfoNcOTXjvUrVia0OpUFgxDJMQvCBKQxChHYOPQFC4zELYxCtM5naXGKqwGD67B+q9EZnVBIWweF8FRZDjBHWh7GJX2-I+vy73pZVX2kT9FEelRBW0TWxWlcxoNsdVL3cxIMNVIJzUI0q04o2jGNY6TeMnHKUBE60JM4+TH6U6qADqBg0hwODsDgmkSMzQWXWzpA3ZhXNabzquQ8G-LCx6+Gi8R33kbl0v-VW8tA0xzZlGDfN3a9WmawJNTwyJiP67q6MIJj2O4-j5uW9bZMU6IVM0z6EgceGry8JcogUKQAAydBvNwXSXNw3sXazf0B5zXGBg98UQ1xwbOA96ZpedscS-Hf3Ucn9H1mn5UqwvAvL3ncPCaJJeo2XFcm9XhMrnXtuHJT1O063vkex3Xc9-3tCD8PUeRA7SBXHjBSeHN+bhkDClR6WcXqhlQlHNen08yb1+nlHehUU77xBhnI+gcZ7OHYGfbWhdL7tANjfY2ONTYEwto-Umz9X7Nw-l5QUndu62D-gAkeY9grgOupA7OgZcJwNDlxIMSDV4fQymg7KUtyyy0BrgpW+DKrwMhqI0hBcL7F0oaXI2lc6E10YTbBuTd36z18t-LhfcB5QFeEPPhwCIIs0EYnKeUDw7OFivPQhfZfEYBFuvcWCiE5KIBjgkqwM1GsQ0RIk+9UCBDi1rolqesDHXyMXfM2D9oRPwsW-H0LsI7sFsb-BxTjAH8N9hAxJ0CfQhHEcfcMPlI4yJjmEyWESZZRL3jEg+ysEmtPDk0nRQkMltWRoY8uNCq55IYQUphFjHbO1ZBIIMJSbGcMqf-RxzigEgBAedARV1PHCJeoLYJLSAnhh9BGEJqCso9O3so6Jit07xPBncsZGAJk6yLpkmZ2S5nGPvks4mKy7aNzWZpcMEh2DsG5hU7hVTDm1InkIhpYyZC3Onn2B5wYnlyJeVvTB7yBmfMPiM35gtGAAvIfomEWAzChDMF0LAnRyCtH4s4LADRQi8EOKIAA+guRuOAADEokVTqkYFqBVBt9TUH9saImY84CFkeGcepoyTqR38QS8MfpuYkpAE8F435VgxF4MVSJu8FaxK+ZnHFBrGV6OBdQhs6riCsozMoEycw-BcsCDMAmtZWhgAEFQf4UAMxDC-CseAyBWjhhQuwfkjB1KtEOI8b8GwDrGuTIKbgYADoYFeIWGwRbvERkFIoYglxCwttba8Yg8hKY4gAHKvEbLQewB123kFCJcRgNYMCkErfIUVVAi04BwK8GdAI2ALteKofEVCjG1jzNGhwJoNhVqgKOxdmZO6yrVJqbUuoVWGnVaaBV5ozhWgJq8EcihSCEjFFSAASqqo0MA+2dsbkyR8-pWDFqXaQOdi67GXHMDsFUYo65QiQIWMErwoCFlCOQS4gpsO4eDJijxcEcWvWaUa7xpqOnR3Opa2MNq4B2ref0p1Qz1E-OLeRj1Uykbep3Wjf18Ig36BDdy8NcpI3RuoHGhNqgk3QBTUgVofoDLsDYNzdgub82iELXS9gPonHlqZFWmt+nDONuba2lt7bgOXB7X2mAA7uBDpJqO8dU6p1LtnfO09oqV1kkXRuy4W6wU7uWPoIoRMj0nqXVAc9iM5VXqVTe0QBo1UHtCGaC0L65RvrgB+r9v7-3GiA5TUDHs-QQe8VBmDrw4MIaEEhlDX50PEEwwRvDVacOAWI+c0joyIx4so9naj5r6PWttfavpjrU54O+ZoxebAeO62mfx31QnA18FE6Gnl1ofVRpjbJ+QibkDJtqK0F27t3ae203YXTo7fmvUrWWitpncNPZRZZ6zNmO1dt7f2wdla3NjonV5mdc7IxruXQdQL67N2zIruFqAe6otjBi5cU98XLgXvlYqjUyq0slcy9l59+38uFYJN+skf672AdIHZir4GWCQfkNBzH9We7wcgE1-kyHSaobax1nr+GetEdcaAs5fsvHZ3DjckbL1TXEuQbIi1zwGNTZY7N1RLqCFcaWitoFa3t0bd08J7b-hdsSYO9J2Nqh40nfk2dxTF32Ct0fL4gyd2C2PeLULF7xnK3Vo+37parxvs-ds-9xzznXMjtB556dPmod+YC2u4LoWkfGgi-u6L2rYtnpx4ly9Crr2o1vRlompPLTk-fZ+qnxW6dlZAxgMDVWWc1bZ3VhrPPyDNYF61jDWGRfdcI316XlzIYPIo09X5pqV60YYBN0QjHmMUtY3NuJrrRnT8NxQq2Ju+h+rN1t4NVv9tSaO-buTCnYCu4DBgP0zgofe4e7W7O-ppSvZM8H9-L1P-h5No-aFhR6NwOaA4ubA7x4eaTpJ6Q5NKp6w7p4I6gpZ67qRaZYY5Y4JZKhJal4pbl5E505V6Po5a14Fb17U44C04ZbN4Vpt7VbZy1Yc496IZ84tbIBC7D64ai5j4S6nJ1LYo76+QhyjIMx4qdJ0bq6TZMbTZJzYJUrOo0qcbeItz-IpJ8SwxkKerG5ham4BpYwW5iZhoX6iCHYybX6O635KaXYbJbJHQYCv56Z+6IpGZva-6-ItzlIR7WagH2YA5OZA7DruZg5wG+beZp5BYoGGx6HoG57o754c6F647JYE6pbpYAYkEahPo16vp15FY07E50FM7t6-LMGwZc6NZ97sED6cFD6da8G9b8HuL9bsw4p0x+Kz7FpP5iKSFL7SEr6a7r7a6DLzbb6eEGZ77MrrZH6baGFn7iamHmF24O6nZIDnappu4GQCjqQ+hOG+5UZu5uE-5mbdFHE+Ftp-ZgEBGx5QEhGJ7ebwHQ7+ZIFREhaI5YzI6o6YGJHYFF64El746E4ZH3obDV65YQAU6UGN60EM7lat6VaMEvTlGc62Dc5sH844yC71Ej6dbi7HJuI+xYoXI4q+Ty5dHeISAMzjYDGr5yFYJyyKHsYLaklMhTHAowBnDkAujcB9CTCWzTAwAwAwiTDcDkAECTCYwIAfq8C2GtBfAADKBgzAZIuAiwmkYYXkxCSK-I+khwqoAAitcEOt+CuuiIWEOsYLwLwB+v4JcDAKKtwKKkxqUBgK2P6uoAgDYLaX4IBoEEOh9myAqrSAqnyPyHSMGHKqGFGVSJGXDqIFgK8BKhzu+GdkOqyu8D+I3FpAAKLu6qjXBijEKqirDhzsDKkCh+hijXAlLqYYCqhNJZqvChCUzaS6me4LoChMjuzZrhiPhgYTSP5uyMBRhuy7F9qnC8AAiGZXAACqBIGoBgEgSZMAlwckdgfg6IBM3apwEAlwZeeoRBleD62RZBr6TaKR+BaRhBIJJOpBZOr6u60A7xN5xO0WVRq5VRlapApwiglwP6AA0gcD+gAF4SB+BQDECMDkC9w4g+iyAdoAAaDssgzgCAvAfgqo3As5SAcABpAAmuoAABKkCcgOwOzECiBfD8hdAgXqAOwGnsqvg4C0CvBgAYBUxIb7Y7lnBsX8iWnBiXDsByonSqichsWCUvbOCEiqCZgwDdysVgDSUvY+iXAOwQAQB+AKVOJsCAgIDkAGAM7-A7D6AUDYg6X8XdrUBsVHScV84WQ2XsB2ViizROJkjOUOnRpsXuXfr2UznczOWzl5gGCqhyhCB8WMDOWmTShgARxRV+R8VOW+ViieVwBsUtxRUorcCqZrmiCil96MCrCSnVgylOJVaSjHSbIIGshLT0isjOB9lPgeyDmqbIqjkoQjlsXlWqgYBUjEh+irBUjXC9Vkj9WDVkirAvYMz-HNB4FAnpFvknk5EQllXSWqjPCcjAyZgQBnBNZkgGC8hYCqmLpgBhgVXtnVVdl1W9nhhNXwpDltVNIdWGarkp5dCrqLouYTSvCvgHRYCGblq9p+CXD4Xh5PGLqKCRHNlJCQX2xnj8h+ggSqjqRLzDU5leSqihg4BijhjEiPiqi6aKAQA4iQWvCGk5kHTj56pz5MiiG-L0y9GL6kpxwYKJwMkqKjFb565UZskaGNTaG8ZXyHm3mWw866awBbRU1CFz4TR03GquCPIq6iyhDyBUS1A4iKBPlrC9xa4KFsZjHc2jYTTsnTLAmLXQiKDyDfhYyS3NFEkkZtGtIK1IIK5IS+JHjmoq1q3IAa1a2rA63DF62b6660ry0NXOAm1Ixm3EGyQ7WyC8BmXCm+AjiQCLBq3cATBx0J2UCrC+CqAQBEUjq8C20EmS6CEklO0+jqRy1QK+LV1K3nRe26K+3LDQD+262Mn61c2h211V0Mp81aHpKrZR0LUx3QiirCD2BPAwDyAJ2ip-qSGHAKkOxfDCD4W9wOyqiXBVbsCiAhh70YCrSLSkA+gQA+itqiCvTOCFh+gQA4BZpXgrmWl-l+SgSZpHhS0V13J12GoUl3S+LHSe2q3N2a2t3a0d0c3UrDIqH-1V38iR3TgzGCYn7zE7aLERpmG27HZrEbHKbwrPhIrcz7F-5u2+KlqB7vYkNJiuBCyAFWa+FXH+Ex5BEg4wHg7J4IERGvHw4vkxFoE55o6Hq-FxY4GzWAkHkV6ZFLVnl5b5EN6FFN5wkt4MEd5MFd4sGVG9795YmD7tbcFdZ4mf0Dbf3Lwu1-3RTLwe0N39FWqDGyEQMfJKHQOLaammMINZJ8NYyGUnC8C0Aji8mWz4y+P+N9DvhGOO3f1Va-0uNLwSCvTmobzhIONMkG093-1RPuMgqeOWhBN+P6CZYzC8Ana5itBs6tD8BICpAJlhN21gKtH+yT7UPHTK6u1NNRgJPdLkps2Upd0h0wMWPNOZOZ5eO5MhOWzx3FPWClNIgmQbBnAEQl0nItET4NLtLROrNUk0YoLM3oKKIzZB067KExNrOZMfq7CKBWB+orhnOLOEl1MrNO36TknHNtkdPyKvKB2d3B1HMbPUiG6aqhDEDU3y2vP4q13qbSJM1q62N0kd3QDxpQDfPOMbPHSZO1hzEiaW7iaiCiDjC1ivitDdonQgTUgsAM1sDdoKk4hYCrA4hig5kKk-oABqrQw1OArcHAkYLAS8994dEgAA3DACBQdF0IwPyyWI3AjWGEdMGELBqYcOEw078y0+Y27ShDcn0Ts0k585A04xxi80+KcxQFgBc0gFc9CLIK0MnRds-tpJprc2XcScYyC-pDXXdE0tSdY+gMvrCzq448yeMS6zgEM6Pceb1FnYnVa2KXAKneWPoK0HAEdMpnYB2gnVAAYNWFaRAKKoIIiA6wIU6xE8aggZ0TEyUsHF69CxrvY36yk93f00hCW-87U1qjqr0kq60iUgjW69FCUs+G82SqzQ6gc5zX02W35NDAPWkpMugJqtqrucC1AiUr4j24292AOyzXs-IV84c8i528tMkqkvnDOyAHO224u+64-us-u665W4kx890xvru-qw0iUgGJk++IZWFbsJ0FQLkHMJbEgOmy7D6FgC2ZCDU6XQWw7R23cuW7Aq02GLWYzds2LO8108Ozu6Oz8-uxwEa6EFyum3Ylbo4dwG7OwA4KIJY4cJ+uppsihMGO8J+pWsZqyKB36ONBxweG+pcDhScGcKIFSASPmjANa8gJhjWlmgzJhkWDNSPa+WPeMMteTkTfQUHnuVml-OZGOiBN+RafCwQF0PbgQDYEgAQLmOiNABaf1dcKSNBXAOB8QHZ6gDZ3ZwgIWM53chwLLXZ0gM5yEHZx59IKgJpNGHZ6IH58F6FwQOF50M51GMLHZ9wPF0LDF9IMqFF6pml4wA4PF663Z1AHkHlwF9IFALIJ50yKmAVy8BVwKNl6ILwLV8SuF3AM58BMQvVxl4wKgBpCV4wGYG11KPV8l8F5p6hHZ416N2SON9IFjM51mj5P1WKNlycNGmQEJM5651WUtz9U2LIJcN2j+jmbOZyFgEsOQASCkIIIqzLr2-SGIoh7K8-gvqh-exh-s1h1Ay+-u27pkK2JkEAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:06 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: M3wh3MIZ2d5LnemKEYdw-_eJeQeP6MKhD2Ssjlv73vyYWa8sfi7EcQ==
expires: Thu, 12 Jan 2023 14:49:05 GMT

GET
H2 200 2368582946583330 Show response
connect.facebook.net/signals/config/ Frame 46A9 149 KB
41 KB 266ms
266ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2368582946583330?v=2.9.91&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d32e95ef1162bfe6ff49fdb0e173fc93f90ae6ad1717b0af25eb5553246b59b9

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 12 Jan 2023 14:49:06 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 1uCvyJMVaRYZplACjHr9Fdjp3YZIjARdoDYroOmjX3FKZw3TfWRp4o13zzC6qjQ8cuxdb+q4gQhr0f8OX0dRfw==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=575&dpuuid=-1818358286842902188
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://fei.pro-market.net/engine?site=141472;size=1x1;mimetype=img;du=67;csync=88484331934685110744066752816994157124
https://dpm.demdex.net/ibs:dpid=575&dpuuid=-1818358286842902188

42 B
942 B

33ms
33ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=575&dpuuid=-1818358286842902188

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-01a6f2a00.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ACnVDkXmRjk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:05 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-5.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
location: https://dpm.demdex.net/ibs:dpid=575&dpuuid=-1818358286842902188
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 4D18
Redirect Chain

https://px.owneriq.net/eucm/p/adpq?redir=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D53196%26dpuuid%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdpm.demdex.net%2fibs%3adpid%3d53196%26dpuuid%3dQ7268213461022275155&uid=Q7268213461022275155&ref=%2Feucm%2Fp%2Fadpq
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

7ms
7ms

Image
image/gif

23.44.78.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Protocol: HTTP/1.1
Server: 23.44.78.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-44-78-119.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 12 Jan 2023 14:49:06 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Thu, 12 Jan 2023 14:49:06 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame 0355 45 KB
17 KB 125ms
54ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: 5967600.fls.doubleclick.net
URL: https://5967600.fls.doubleclick.net/activityi;dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

fbe88ff72a8d0b650df41e2dd7933a7347be290e8ed544e308606f891c5500c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5967600.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16885
x-xss-protection: 0
server: cafe
etag: 14756253677079985008
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 12 Jan 2023 14:49:06 GMT

GET
H2 200 dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047
adservice.google.com/ddm/fls/z/ Frame 0355 42 B
107 B 147ms
147ms Image
image/gif 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMuxkcCjwvwCFeYDaAgdNJkO1Q;src=5967600;type=invmedia;cat=tdrew000;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=646188698548.047

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5967600.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=59982&dpuuid=
dpm.demdex.net/ Frame 4D18
Redirect Chain

https://exchange.adstanding.com/partners/aam/sync.php
https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

42 B
960 B

32ms
31ms

Image
image/gif

52.50.136.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=59982&dpuuid=

Protocol

HTTP/1.1

Server

52.50.136.59 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-136-59.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: ip7jACaeQ5I=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
X-Error: 300,104
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date: Thu, 12 Jan 2023 14:49:07 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=59982&dpuuid=
cache-control: no-store
expires: 0

GET
H3 200 inferredevents.js Show response
connect.facebook.net/signals/plugins/ Frame 46A9 72 KB
21 KB 15ms
14ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredevents.js?v=2.9.91

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 12 Jan 2023 14:49:06 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 21972
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 3SoUPAUHUPBz4+fexu79Ml5TvbCFtdC9gdXS2ulQLeaKkzam+x4u8ib8KZwvu68hcBNQUecJ/x5gPsRiZqlEhw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ Frame 46A9 0
54 B 16ms
14ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2368582946583330&ev=Purchase&dl=https%3A%2F%2F6835781.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMKS_L-jwvwCFbYHaAgdLq0Lxw%3Bsrc%3D6835781%3Btype%3Dtdrew0%3Bcat%3Dtdrew0%3Bord%3D1%3Bnum%3D3014814868034%3Bgtm%3D2od1a1%3Bauiddc%3D1140671.1673534944%3Bu1%3D88385600023119025444040624170926609526%3B~oref%3Dhttps%253A%252F%252Fwww.tdrewards.com%252Fhome-page%3F&rl=https%3A%2F%2Fwww.tdrewards.com%2F&if=true&ts=1673534947012&cd[value]=3.39&cd[currency]=CAD&cd[content_ids]=Cards_LTV_LP_TDR&sw=1600&sh=1200&v=2.9.91&r=stable&ec=0&o=28&it=1673534946687&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 12 Jan 2023 14:49:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 46A9 0
31 B 16ms
15ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2368582946583330&ev=RewardsLandingPageENFR&dl=https%3A%2F%2F6835781.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMKS_L-jwvwCFbYHaAgdLq0Lxw%3Bsrc%3D6835781%3Btype%3Dtdrew0%3Bcat%3Dtdrew0%3Bord%3D1%3Bnum%3D3014814868034%3Bgtm%3D2od1a1%3Bauiddc%3D1140671.1673534944%3Bu1%3D88385600023119025444040624170926609526%3B~oref%3Dhttps%253A%252F%252Fwww.tdrewards.com%252Fhome-page%3F&rl=https%3A%2F%2Fwww.tdrewards.com%2F&if=true&ts=1673534947015&sw=1600&sh=1200&v=2.9.91&r=stable&ec=1&o=28&it=1673534946687&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 12 Jan 2023 14:49:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 46A9 0
31 B 16ms
15ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2368582946583330&ev=PageView&dl=https%3A%2F%2F6835781.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMKS_L-jwvwCFbYHaAgdLq0Lxw%3Bsrc%3D6835781%3Btype%3Dtdrew0%3Bcat%3Dtdrew0%3Bord%3D1%3Bnum%3D3014814868034%3Bgtm%3D2od1a1%3Bauiddc%3D1140671.1673534944%3Bu1%3D88385600023119025444040624170926609526%3B~oref%3Dhttps%253A%252F%252Fwww.tdrewards.com%252Fhome-page%3F&rl=https%3A%2F%2Fwww.tdrewards.com%2F&if=true&ts=1673534947016&sw=1600&sh=1200&v=2.9.91&r=stable&ec=2&o=28&it=1673534946687&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6835781.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 12 Jan 2023 14:49:07 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/875695358/ Frame 0355 2 KB
1 KB 27ms
26ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/875695358/?random=1673534947024&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f2.1e100.net

Software

cafe /

Resource Hash

f12a372af87ca16e8ff12cae656f92287a5237317f53550a299f6cf39b63e1b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5967600.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1171
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 4D18
Redirect Chain

https://cm.everesttech.net/cm/yh
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y8Ad4AAAAKjWmgN-&sigv=1&esig=1~c355bc30a330cba7ddfaa3e0da2648f807d14017

0
194 B

295ms
30ms

Image
text/plain

2a00:1288:f03d:1fa::2000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y8Ad4AAAAKjWmgN-&sigv=1&esig=1~c355bc30a330cba7ddfaa3e0da2648f807d14017

Protocol

Server

2a00:1288:f03d:1fa::2000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:07 GMT
strict-transport-security: max-age=15552000
cache-control: no-store
x-content-type-options: nosniff
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=Y8Ad4AAAAKjWmgN-&sigv=1&esig=1~c355bc30a330cba7ddfaa3e0da2648f807d14017
Date: Thu, 12 Jan 2023 14:49:07 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3

200

/
www.google.de/pagead/1p-conversion/875695358/ Frame 0355
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=37560326...
https://www.google.com/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u...
https://www.google.de/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_...

42 B
64 B

28ms
28ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4x3AY5K-AoPy1gay5o6oAg&cid=CAQSKQDq26N9-u7aBqe82mGMwfXifpFs85Qme39rcFzb4bwN0tu_DUUsHFTIIBM&random=2992620356&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5967600.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/875695358/?random=548497898&cv=9&fst=1673534947024&num=1&npa=1&label=Yk5PCMaLxYYYEP6ZyKED&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5967600.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCMuxkcCjwvwCFeYDaAgdNJkO1Q%3Bsrc%3D5967600%3Btype%3Dinvmedia%3Bcat%3Dtdrew000%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bnpa%3D%3Bgdpr%3D%3Bgdpr_consent%3D%3Bord%3D646188698548.047%3F&ref=https%3A%2F%2F6835781.fls.doubleclick.net%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=4x3AY5K-AoPy1gay5o6oAg&cid=CAQSKQDq26N9-u7aBqe82mGMwfXifpFs85Qme39rcFzb4bwN0tu_DUUsHFTIIBM&random=2992620356&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 4D18
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433
https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t
https://dpm.demdex.net/ibs:dpid=139200&dpuuid=LOcuDcqrQfyi6dM3CpUbDA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=88484331934685110744066752816994157124

43 B
479 B

101ms
101ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=88484331934685110744066752816994157124

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 12 Jan 2023 14:49:07 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: VHVWEPJX37V765M94NJ8
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-irl1-1-v045-06cd512cb.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 7XcVy/g1R7Q=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=88484331934685110744066752816994157124
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148
adservice.google.com/ddm/fls/z/ Frame DE54 42 B
63 B 147ms
146ms Image
image/gif 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148

Requested by

Host: 10393945.fls.doubleclick.net
URL: https://10393945.fls.doubleclick.net/activityi;dc_pre=CJDKl8CjwvwCFQIBaAgdfIYFPw;src=10393945;type=invmedia;cat=tdban02l;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7149010490499.148?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10393945.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 12 Jan 2023 14:49:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 920 B
1 KB 233ms
232ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=eGift+Cards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

0cf06772574802d62c3278a734d77b43435307215294edd290cfaa8d5b4cb076

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384530787 PNNN RT(1673534943563 4983) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1 KB 245ms
244ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

e0b6885f4b03c4c735b3a211068e3d9459d48f2b27353665420dac6948a96efb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531023 NNNY CT(109 218 0) RT(1673534943563 4985) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1 KB 233ms
232ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=2&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

17adff9a9baa33154c51146b5f1b4431e2118e46d1857cc82992420c95c49b09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531025 NNNY CT(105 217 0) RT(1673534943563 4987) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 908 B
1 KB 234ms
233ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=New+on+TD+Rewards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

fb4d0b70ca229eef39a5557e196bbd02718da51ef8a9e23da2b91c30e95d1549

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531027 NNNY CT(105 214 0) RT(1673534943563 4988) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 908 B
1 KB 239ms
239ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=2&category_id=&name=New+on+TD+Rewards

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

faf7f5d27e086a338c8621310d9195f9e6d2f383bf48f1a76453a1fb574857b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531029 NNNY CT(102 208 0) RT(1673534943563 4989) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 td_shield_nowhitespace.png
www.tdrewards.com/templates/active/static/images/ 1 KB
2 KB 116ms
116ms Image
image/png 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/td_shield_nowhitespace.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

a01050f120544b659a5b01dd168b7416224587780616e22d71c1d223e7a6d92b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"569-1845acd8810"
content-type: image/png
x-iinfo: 9-384530438-384531032 NNNY CT(106 214 0) RT(1673534943563 5012) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1385

GET
H2 200 td-font.ttf
www.tdrewards.com/templates/active/static/fonts/ 5 KB
5 KB 221ms
221ms Font
font/ttf 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/templates/active/static/fonts/td-font.ttf?j0pn85

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/templates/active/static/style.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

c39cd074b33a0348246ff987044c7650533c69afc4727bac852f8e02722d6d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/templates/active/static/style.css
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"12c4-1845acd8810"
content-type: font/ttf
x-iinfo: 9-384530438-384531032 PNNy RT(1673534943563 5015) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4804

GET
H2 200 e6cf7c6ec7c2d6f670ae9d762604cb0b.woff2
www.tdrewards.com/ 70 KB
71 KB 259ms
258ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/e6cf7c6ec7c2d6f670ae9d762604cb0b.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/home-page
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"118d8-1845acd8810"
content-type: font/woff2
x-iinfo: 9-384530438-384531059 NNNY CT(103 208 0) RT(1673534943563 5062) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 71896

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 29ms
28ms Image
image/gif 2a00:1450:400d:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=990223404&t=pageview&_s=2&dl=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&dp=%2Fhome-page&ul=en-us&de=UTF-8&dt=TD%20Rewards&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiQIxBAAAAEACs~&jid=&gjid=&cid=912374627.1673534946&tid=UA-7284910-1&_gid=456849056.1673534946&z=916241989

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 74498
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 expedia_logo.svg
www.tdrewards.com/templates/active/static/images/ 5 KB
5 KB 257ms
253ms Image
image/svg+xml 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/expedia_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e2f5114f1b78eea5212a2aa1a74bf3c57ed7c2e8c64b4881bf5bbb266c758f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"1335-1845acd8810"
content-type: image/svg+xml
x-iinfo: 9-384530438-384531060 NNNY CT(103 207 0) RT(1673534943563 5069) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4917

GET
H2 200 amazon_logo.jpg
www.tdrewards.com/templates/active/static/images/ 9 KB
9 KB 578ms
575ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/amazon_logo.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

1de90302505bf3cdb1bfce7f2d1e76a850e3097030b79cd83e2c8a119e899aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"2365-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531061 NNNN CT(105 212 0) RT(1673534943563 5069) q(0 1 4 -1) r(6 6) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 9061

GET
H2 200 gift_six.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 25 KB
26 KB 593ms
589ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_six.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"65c6-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531063 NNNN CT(107 219 0) RT(1673534943563 5070) q(0 1 5 -1) r(6 6) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 26054

GET
H2 200 gift_seven.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 14 KB
14 KB 582ms
579ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_seven.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3790-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531064 NNNN CT(103 212 0) RT(1673534943563 5071) q(0 1 5 -1) r(6 6) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14224

GET
H2 200 gift_eight.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 281ms
278ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_eight.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"531c-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531032 PNNy RT(1673534943563 5072) q(0 1 1 -1) r(3 3) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21276

GET
H2 200 gift_nine.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 16 KB
16 KB 390ms
387ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_nine.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:08 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fe9-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531032 PNNy RT(1673534943563 5073) q(0 3 3 -1) r(4 4) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 16361

GET
H2 200 gift_ten.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 501ms
499ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_ten.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"54d5-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531032 PNNy RT(1673534943563 5075) q(0 4 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21717

GET
H/1.1 200
OK cr-1707_expedia_luxury_listings_small_opt1.jpg
assets.tdrewards.com/img/ 203 KB
203 KB 460ms
103ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1707_expedia_luxury_listings_small_opt1.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

08f8b040ee30061c83265a81c2c00cf096d4e8669de3e4cbaa669cdd4cce763f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 20 Dec 2022 16:50:40 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63a1e7e0-32c17"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 207895

GET
H/1.1 200
OK cr-1707_expedia_luxury_listings_large.jpg
assets.tdrewards.com/img/ 228 KB
228 KB 460ms
102ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1707_expedia_luxury_listings_large.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

47aae9ce4b8ad9b2911f635e273b753e51fdf4f8a6aad5fe1bcd44d49d1ab00f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 20 Dec 2022 16:50:30 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63a1e7d6-38f67"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 233319

GET
H/1.1 200
OK cr-1331_egift_card_banner_small_003.jpg
assets.tdrewards.com/img/ 87 KB
87 KB 462ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_small_003.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Fri, 11 Mar 2022 16:32:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "622b7998-15b21"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88865

GET
H/1.1 200
OK cr-1331_egift_card_banner_large_004.jpg
assets.tdrewards.com/img/ 127 KB
128 KB 462ms
104ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_large_004.jpg

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Fri, 11 Mar 2022 16:32:12 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "622b798c-1fddc"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 130524

GET
H2 200 c5cd7f5300576ab4c88202b42f6ded62.gif
www.tdrewards.com/ 4 KB
4 KB 540ms
540ms Image
image/gif 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/c5cd7f5300576ab4c88202b42f6ded62.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"1052-1845acd8810"
content-type: image/gif
x-iinfo: 9-384530438-384531059 PNNy RT(1673534943563 5090) q(0 4 4 -1) r(5 5) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 4178

GET
H2 200 s65416303827757 Show response
smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/ 5 KB
2 KB 522ms
522ms Script
application/x-javascript 23.36.162.82
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.td.com/b/ss/tdtdct,tdglobal/10/JS-2.20.0/s65416303827757?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=12%2F0%2F2023%2014%3A49%3A8%204%200&d.&nsid=0&jsonv=1&.d&mid=88385600023119025444040624170926609526&aamlh=6&ce=UTF-8&ns=tdbank&pageName=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&g=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&ch=ca-en&server=www.tdrewards.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=D%3DpageName&v3=1&c4=9%3A30AM&v4=1&c5=Thursday&v5=1&c6=Weekday&c12=not-authenticated&c13=New&v18=D%3Dc4&v19=D%3Dc5&c20=D%3Ds_vi&v20=D%3Dc6&c21=D%3DUser-Agent&v32=D%3Dc12&v33=D%3Dc13&v39=D%3Ds_vi&v68=D%3Dc21&c70=tdtdct%2Ctdglobal&c71=88385600023119025444040624170926609526&v71=A1%20%7C%20B1%20%7C%20C1&c74=https%3A%2F%2Fwww.tdrewards.com%2Fhome-page&c75=AppMeasurement%20-%202.20.0&v94=88385600023119025444040624170926609526&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=A783776A5245B1E50A490D44%40AdobeOrg&lrt=267&AQE=1

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/tdb/public-ca/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.82 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-82.deploy.static.akamaitechnologies.com

Software

jag /

Resource Hash

f09f477f4a4abe0b9bbdfa8a507b10b77511011cb0776d12aebf6977e5f2833a

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-aam-tid: bOPC1ljlT1o=
date: Thu, 12 Jan 2023 14:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=86400
p3p: CP="This is not a P3P policy"
content-length: 1648
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v045-0ed41892e.edge-irl1.demdex.com 5 ms
pragma: no-cache
last-modified: Fri, 13 Jan 2023 14:49:09 GMT
server: jag
etag: 3593888937572630528-4619385336189321969
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
expires: Thu, 12 Jan 2023 14:49:09 GMT

GET
H2 200 1 Show response
www.tdrewards.com/api/productManagement/catalog/ 68 KB
69 KB 348ms
348ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog/1?category_id=322&per_page=10

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

ca65b2d42518f2dd0c371fe5034335401b0a33e2e96faa5841f5aa32ca4318f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531060 PNNy RT(1673534943563 5230) q(0 1 1 -1) r(4 4) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 gift_eight.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 325ms
325ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_eight.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"531c-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531032 PNNy RT(1673534943563 5350) q(0 2 2 -1) r(3 3) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21276

GET
H2 200 gift_nine.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 16 KB
16 KB 277ms
276ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_nine.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3fe9-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531059 PNNy RT(1673534943563 5458) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 16361

GET
H2 200 gift_ten.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 21 KB
21 KB 183ms
182ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_ten.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"54d5-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531061 PNNN RT(1673534943563 5569) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 21717

GET
H2 204 1.gif
nexus.ensighten.com/privacy/v1/b/ 0
268 B 12ms
11ms Image
text/plain 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/privacy/v1/b/1.gif?n=1&c=822&i=55wgyb&p=public-ca-dev&d=N4IgbgpgTgzglgewHYgFwgIwDoAMuQA0IA5gIYAuEA7qQJ5ogBMW2GjAnISAMYA2cEJOQCSAEzQAORoyIAHAK4AjfjAAWABQqqGC5XG4BabqQOiIYLnCQxypJNwhiGAVmdVitRV1mluAawhyNAwiAFsEMwYqVThKFSCibgQEPwEYNGAAXyIoCABHeQgbdNQAbVAzGysKRBR0VXJyWRhUAHpWqk6sclFcmihRGCwk0NbKUNleCiLW33I4SFabGu5WuFDSYhnSDYAvZAB9XgRiBCwAK1liLnJaWQgGdeuiZagg1AwANgB2AGZnX4AFnYgIkn2cnyIgnEHx+-yBIIk7EYOBeCHkUAcDFC8ls82QAHlFDBoJAoABhAAyXGW5HkJRAx1I4hyEFIMGQJVKAF0iHAYV8-gDgaDwZ9shUivMkDVkAwbncHugYNwoHBZAkQK93oL4SKwc5vlCkAK4cKQewcM4Qlr0ZilSAcXjakSSVAyVSaXj6QwmSyQLl2Zy0Dy+aahQjRYbMtzMkA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: Dv3VpkHLd5ggEB__NK1ojA0q2FPFWO8M-dpVXL78llUQIKJGw3ii0A==
expires: Thu, 12 Jan 2023 14:49:08 GMT

GET
H3 200 tr
www.facebook.com/ Frame 4D18 0
18 B 14ms
14ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1539657062816299&ev=fy18projecteverests1tos26supp&noscript=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://td.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 12 Jan 2023 14:49:09 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 gift_seven.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 14 KB
14 KB 115ms
115ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_seven.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"3790-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531064 PNNN RT(1673534943563 5650) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 14224

GET
H2 200 gift_six.jpg
www.tdrewards.com/templates/active/static/images/gift/home_one/ 25 KB
26 KB 114ms
114ms Image
image/jpeg 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tdrewards.com/templates/active/static/images/gift/home_one/gift_six.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/home-page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"65c6-1845acd8810"
content-type: image/jpeg
x-iinfo: 9-384530438-384531064 PNNN RT(1673534943563 5770) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 26054

GET
H/1.1 200
OK cr-1331_egift_card_banner_small_003.jpg
assets.tdrewards.com/img/ 87 KB
87 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_small_003.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Fri, 11 Mar 2022 16:32:24 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "622b7998-15b21"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88865

GET
H/1.1 200
OK cr-1331_egift_card_banner_large_004.jpg
assets.tdrewards.com/img/ 127 KB
128 KB 102ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1331_egift_card_banner_large_004.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Fri, 11 Mar 2022 16:32:12 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "622b798c-1fddc"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 130524

GET
H2 200 category Show response
www.tdrewards.com/api/productManagement/ 910 B
1021 B 218ms
218ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/category?catalog_id=1&category_id=&name=Weekly+Specials

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

e0b6885f4b03c4c735b3a211068e3d9459d48f2b27353665420dac6948a96efb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531064 PNNN RT(1673534943563 5888) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H/1.1 200
OK cr-1707_expedia_luxury_listings_large.jpg
assets.tdrewards.com/img/ 228 KB
228 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1707_expedia_luxury_listings_large.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

47aae9ce4b8ad9b2911f635e273b753e51fdf4f8a6aad5fe1bcd44d49d1ab00f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 20 Dec 2022 16:50:30 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63a1e7d6-38f67"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 233319

GET
H/1.1 200
OK cr-1707_expedia_luxury_listings_small_opt1.jpg
assets.tdrewards.com/img/ 203 KB
203 KB 101ms
101ms Image
image/jpeg 209.15.211.147
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.tdrewards.com/img/cr-1707_expedia_luxury_listings_small_opt1.jpg

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/vendors.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

209.15.211.147 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),

Reverse DNS

news.updatefrom.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

08f8b040ee30061c83265a81c2c00cf096d4e8669de3e4cbaa669cdd4cce763f

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Thu, 12 Jan 2023 14:49:09 GMT
Strict-Transport-Security: max-age=157680000
Last-Modified: Tue, 20 Dec 2022 16:50:40 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63a1e7e0-32c17"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 207895

GET
H2 200 1 Show response
www.tdrewards.com/api/productManagement/catalog/ 68 KB
68 KB 229ms
229ms XHR
application/json 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/api/productManagement/catalog/1?category_id=322&per_page=10

Requested by

Host: www.tdrewards.com
URL: https://www.tdrewards.com/home-page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) / Express

Resource Hash

ca65b2d42518f2dd0c371fe5034335401b0a33e2e96faa5841f5aa32ca4318f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
X-Content-Security-Policy	default-src 'self'
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Accept-Language: de-DE,de;q=0.9
Authorization: ajbUNgwjzNvwbIK9w587j24O3rGZDI5HMT5LF4TzqX2XZ44vPEIQKnDvfwC5atA6UImYl9OggEbHuVBO4Kwf4Hg4On5o9i2qaZ8wJy0hlzt0qMaYzb850Lcl6UWuXach
X-Frame-Options: DENY
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Accept: application/json, text/plain, */*
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Referer: https://www.tdrewards.com/home-page
X-XSS-Protection: 1

Response headers

expires: -1
date: Thu, 12 Jan 2023 14:49:09 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload, max-age=31536000, max-age=157680000, max-age=157680000
x-content-type-options: nosniff, nosniff
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-powered-by: Express
x-iinfo: 9-384530438-384531063 PNNN RT(1673534943563 6109) q(0 0 0 -1) r(2 2) U5
x-xss-protection: 1; mode=block, 1; mode=block
pragma: no-cache
server: nginx/1.18.0 (Ubuntu)
x-download-options: noopen
x-frame-options: SAMEORIGIN, SAMEORIGIN, DENY
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE, PATCH
content-type: application/json
access-control-allow-origin: https://www.tdrewards.com
cache-control: no-cache, private, max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, Authentication, Authorization, X-Requested-With, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Origin, Auth
x-content-security-policy: default-src 'self'

GET
H2 200 448c34a56d699c29117adc64c43affeb.woff2
www.tdrewards.com/ 18 KB
18 KB 116ms
116ms Font
font/woff2 45.60.65.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tdrewards.com/448c34a56d699c29117adc64c43affeb.woff2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.65.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

/ Express

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: https://www.tdrewards.com/home-page
Origin: https://www.tdrewards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:10 GMT
strict-transport-security: max-age=157680000
last-modified: Wed, 09 Nov 2022 05:12:10 GMT
x-cdn: Imperva
x-powered-by: Express
etag: W/"466c-1845acd8810"
content-type: font/woff2
x-iinfo: 9-384530438-384531061 PNNN RT(1673534943563 7051) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 18028

GET
H2 204 1.gif
nexus.ensighten.com/privacy/v1/b/ 0
266 B 14ms
13ms Image
text/plain 65.9.66.34
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/privacy/v1/b/1.gif?n=2&c=822&i=55wgyb&p=public-ca-dev&d=N4IgbgpgTgzglgewHYgFwgIwDoAMuQA0IA5gIYAuEA7qQJ5ogBMW2GjAnISAMYA2cEJOQCSAEzQAORoyIAHAK4AjfjAAWABQqqGC5XG4BabqQOiIYLnCQxypJNwhiGAVmdVitRV1mluAawhyNBkQAFsEMwYqVThKFSCibgQEPwEYNGAAXyIoCABHeQgbdNQAbVAzGysKRBR0VXJyWRhUAHpWmFDAqH0YLHJRLCTQ1sUOmFaBge5yAgHiXgRFUl5WjBxWgCkAZQNmRjwNmAA2ZwAWDGOAZhwrqQB2e+d7gH4AQQBFACEAXgwAMiQolUf3+sgAZqDjLxeMt-D8YAB9biIuC8UoYAC6WFECHUCBscL8MH+gVB5D+jAApIwAGI4Gm0g6MK40nAYM5Uq5vM7sLlvCRszkHHD-QaA+CiH6igBWMGQYFBOP+oTgUokEjuzmOOF1LIwGHYOEY5zOZxw5uOjAu9xw7EYxx17GcDv+pFIoV4IOO-wcPwAqgAVWkGCQSn4DZZIPxg0jECAAOQ9EB+DSaMH5jMZVBz-VEuRoUFEfWGjNUCC6Bh88f+xFTjWambp2dzAwLpCLJYrZYrECrcYgvpBxgMgn+MGgkCgPxzVDz7c7QwrpMgQhgP3MgnIAPdoUUPwASgBpVSyA8ALwkfigxEY5AAMgB5Y6yYjyAAaAHVZM4ELw-G83D+kgcAfAAmuoAASpAALKfp+xCiJsVwAB7nuon4fKEogyjgtD-GAGA-AAIlyxHVomyYEVcUJnD8fLcjcbwwQRdEAtwzg-IGqjyLAoh0ARnHsccPyfhAEB+Px+HcGwPxIAg5AGKQ8jkKoW76BQECiL6GA0Qm1AERgEgkWR3BnIZ7AmVcxEcb6BxWcRSJgHABH2aR1ncD63CMER7nEf6E5QAYbzxkI1GMA5MmMNRNF+TJVzUZZflOS5YDHMZcU+b6toRqI0zkDSADC8yLMsvDZURGpajqepXAaRomma5qWtaGC2vajp2i6PpgPcRFvBgbJUvchVsl8g0HMNo0HIV7H3HRaaNtyWZ0rO87UB2xZLqEPaVhR2WcW8siyDBECkDAvEQF0QhsgYbL7IcBHsHRVUSNqurGnVhrGqazU4FaNp2g6TrdeOfw1ShbC6r6PzWv8Mp-FgPU-Am-x+D8YH-IoVDg9DigglDoqhEkN5qj8bz3JqjzHG8LpnM440AKLODgPJGsRZpUuaby4ooECPje-y8FAFIOvc-yfIzfxcOQtCyBADAwNwPSyAkIA2B2QSoJc9xXM4Vy8mcEi2scRCCOI2vHLr+uG-adVEPKvEOAwViBeQXwQOCCC5FwGvkPIJQgIspDiDkZ3ytYaClJiRBqmgOt6wbz3G-92QVEU5DVJnyAMDLcsK+gSsq2rGsi-HVuJ4b2oumbQLl9bScs46GAOwgTsF2EKk1Mgj6KIFU6Ffevu2P7geZ10bdq7k53ICU0exxbCc2891eMJkmKZEAA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-34.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.tdrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Thu, 12 Jan 2023 14:49:11 GMT
via: 1.1 4f114016fe4d6c05531b0486ec2868be.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: Ujqssr_012toExzpVfRJGtAiEH24f9cPf-LGRenQbT49o5G4_mQpsg==
expires: Thu, 12 Jan 2023 14:49:10 GMT

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dajior.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ave8gvhncb27097g16p357bd2m
.tdrewards.com/	1970-01-20 17:36:51	Name: visid_incap_2714874 Value: AZG/fcBcQ56mQrVDjmYLed8dwGMAAAAAQUIPAAAAAADhMUP+2taIyjTzeoJx5vlQ
.tdrewards.com/	1969-12-31 23:59:59	Name: incap_ses_875_2714874 Value: DBYZHZLVcyvdJ/n9baAkDOAdwGMAAAAAjxyu3sNnIZCCczpm+5sKIw==
.tdrewards.com/	1969-12-31 23:59:59	Name: at_check Value: true
.tdrewards.com/	1970-01-20 17:37:50	Name: TDB_ENSIGHTEN_PRIVACY_Personalization Value: 1
.tdrewards.com/	1970-01-20 17:37:50	Name: TDB_ENSIGHTEN_PRIVACY_ThirdParty Value: 1
.tdrewards.com/	1970-01-20 13:11:26	Name: privBan Value: 1
.demdex.net/	1970-01-20 13:11:26	Name: demdex Value: 88484331934685110744066752816994157124
.tdrewards.com/	1969-12-31 23:59:59	Name: AMCVS_A783776A5245B1E50A490D44%40AdobeOrg Value: 1
.tdrewards.com/	1970-01-20 11:01:50	Name: _gcl_au Value: 1.1.1140671.1673534944
.everesttech.net/	1970-01-20 17:37:50	Name: everest_g_v2 Value: g_surferid~Y8Ad4AAAAKjWmgN-
.tdrewards.com/	1970-01-20 18:28:14	Name: mbox Value: session#60308d97db4f408e9dff987920875805#1673536805\|PC#60308d97db4f408e9dff987920875805.37_0#1736779745
.tdrewards.com/	1970-01-20 08:52:16	Name: mboxEdgeCluster Value: 37
.dpm.demdex.net/	1970-01-20 13:11:26	Name: dpm Value: 88484331934685110744066752816994157124
.td.com/	1970-01-20 18:28:14	Name: s_ecid Value: MCMID%7C88385600023119025444040624170926609526
.tdrewards.com/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cc%3Dtrue%3B
.tdrewards.com/	1970-01-20 18:28:14	Name: AMCV_A783776A5245B1E50A490D44%40AdobeOrg Value: 359503849%7CMCIDTS%7C19370%7CMCMID%7C88385600023119025444040624170926609526%7CMCAAMLH-1674139744%7C6%7CMCAAMB-1674139744%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1673542144s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19377%7CvVersion%7C5.0.1
.doubleclick.net/	1970-01-20 18:13:50	Name: IDE Value: AHWqTUkG2Wa-tQ1StnKj84WxuJjHGjcinywLr8aw7q3jlIzyutYFnaFUMVInqNvs
.agkn.com/	1970-01-20 17:37:50	Name: ab Value: 0001%3AP%2BrQkPQOdjl%2BcraYiGTYmpz3ijU7BRc3
.tdrewards.com/	1970-01-20 13:11:26	Name: AAMC_td_0 Value: REGION%7C6
.tdrewards.com/	1970-01-20 09:35:26	Name: aam_uuid Value: 88484331934685110744066752816994157124
.adnxs.com/	1970-01-20 11:01:50	Name: uuid2 Value: 936770671825961972
.mathtag.com/	1970-01-20 18:18:10	Name: uuid Value: e6e163c0-1de1-4a00-9db1-9215665a9ab6
.tapad.com/	1970-01-20 10:18:38	Name: TapAd_TS Value: 1673534945184
.tapad.com/	1970-01-20 10:18:38	Name: TapAd_DID Value: 66135544-f2e5-47ea-b79a-fd73ae90b1d1
.tapad.com/	1970-01-20 10:18:38	Name: TapAd_3WAY_SYNCS Value:
.twitter.com/	1970-01-20 18:28:14	Name: personalization_id Value: "v1_5mQvPLQCqCqM82qIy0+DKw=="
.tdrewards.com/	1970-01-20 08:52:34	Name: myNewName Value: GA1.2.912374627.1673534946
.tdrewards.com/	1970-01-20 08:53:41	Name: myNewName_gid Value: GA1.2.456849056.1673534946
.tdrewards.com/	1970-01-20 08:52:15	Name: _gat Value: 1
.bing.com/	1970-01-20 18:13:50	Name: MUID Value: 1F1FF7DCEBBA608B2026E54BEAD161A4
.everesttech.net/	1970-01-20 09:36:53	Name: ev_sync_ax Value: 20230112
.tdrewards.com/	1970-01-20 08:53:41	Name: _uetsid Value: 4330bb60928811edb28ebb87cc835522
.tdrewards.com/	1970-01-20 18:13:50	Name: _uetvid Value: 4330c140928811ed8e734f7bd9fadfda
.everesttech.net/	1969-12-31 23:59:59	Name: everest_session_v2 Value: Y8Ad4QAAANLP3TBU
.quantserve.com/	1970-01-20 11:01:50	Name: d Value: EMYBDAGEKLmvYA
.quantserve.com/	1970-01-20 18:22:29	Name: mc Value: 63c01de2-31fe7-9c4e0-e08a4
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 5670d1a752f60034
.yahoo.com/	1970-01-20 17:38:12	Name: A3 Value: d=AQABBOIdwGMCEBCJ6zMDFBRh0QBFmIFboWI&S=AQAAAvbI_UD6jTPtTnCI-NJ19Ak
.tribalfusion.com/	1970-01-20 11:01:50	Name: ANON_ID Value: alnr6itZdPufm7SpBnA8pxc24UWLfZcN3ZaLRXaVxLaOigHUUVD0i66NNTPZbw3MWvPaUywsai3k
.owneriq.net/	1970-01-20 18:28:14	Name: si Value: Q7268213461022275155
.owneriq.net/	1970-01-20 09:06:38	Name: p2 Value: adpq
.everesttech.net/	1970-01-20 09:36:53	Name: ev_sync_yh Value: 20230112
.demdex.net/	1970-01-20 13:11:26	Name: dextp Value: 21-1-1673534944725\|269-1-1673534944827\|358-1-1673534944927\|481-1-1673534945029\|540-1-1673534945130\|601-1-1673534945230\|771-1-1673534945331\|1123-1-1673534945432\|1083-1-1673534945546\|1085-1-1673534945653\|1086-1-1673534945808\|1087-1-1673534945908\|1088-1-1673534946022\|1175-1-1673534946123\|1957-1-1673534946224\|19913-1-1673534946325\|22054-1-1673534946425\|22052-1-1673534946526\|30646-1-1673534946627\|575-1-1673534946727\|53196-1-1673534946828\|59982-1-1673534946929\|83349-1-1673534947030\|139200-1-1673534947131
.amazon-adsystem.com/	1970-01-20 15:09:31	Name: ad-id Value: Ay5RIn-0pkPmhxO8pK584pc
.amazon-adsystem.com/	1970-01-20 18:28:14	Name: ad-privacy Value: 0
.tdrewards.com/	1970-01-20 09:35:26	Name: s_pers Value: %20s_vnum%3D1673568000520%2526vn%253D1%7C1673568000520%3B%20s_invisit%3Dtrue%7C1673536748702%3B%20s_nr%3D1673534948704-New%7C1676126948704%3B

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	info	URL: https://www.tdrewards.com/home-page Message: Autofocus processing was blocked because a document already has a focused element.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=157680000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10393945.fls.doubleclick.net
5322602.fls.doubleclick.net
5967600.fls.doubleclick.net
6835781.fls.doubleclick.net
6868519.fls.doubleclick.net
a.tribalfusion.com
aa.agkn.com
ad.doubleclick.net
ads.yahoo.com
adservice.google.com
analytics.twitter.com
assets.tdrewards.com
bam.nr-data.net
bat.bing.com
c.bing.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
connect.facebook.net
dajior.com
dp2.33across.com
dpm.demdex.net
exchange.adstanding.com
fei.pro-market.net
googleads.g.doubleclick.net
ib.adnxs.com
js-agent.newrelic.com
ml314.com
nexus.ensighten.com
pixel.everesttech.net
pixel.tapad.com
px.owneriq.net
s.amazon-adsystem.com
s.tribalfusion.com
smetrics.td.com
stats.g.doubleclick.net
sync.mathtag.com
td.demdex.net
tdbankfinancialgroup.tt.omtrdc.net
token.rubiconproject.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.tdrewards.com
104.244.42.3
134.209.32.136
142.250.185.102
142.250.186.162
142.251.208.134
151.101.130.137
162.247.241.14
185.29.132.245
209.15.211.147
209.54.182.161
212.82.100.182
216.58.212.162
23.36.162.82
23.44.78.119
2600:1901:0:8eee::
2606:4700::6812:18ad
2620:116:800d:21:93ca:31d8:d86e:38f6
2620:1ec:c11::200
2a00:1288:f03d:1fa::2000
2a00:1450:4001:800::2003
2a00:1450:4001:806::2008
2a00:1450:4001:827::2002
2a00:1450:400d:806::2004
2a00:1450:400d:807::200e
2a00:1450:400d:808::2002
2a00:1450:4025:401::9d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.111.234.236
35.227.248.159
37.252.171.53
45.60.65.34
46.137.71.247
52.208.6.207
52.213.249.147
52.5.150.215
52.50.136.59
54.154.10.83
54.78.245.184
65.9.66.34
67.202.105.21
69.173.144.138
0634a4a822ad137d74e2904c2a345e8a8b1766fca5307f318fb5442b6b1d3902
08f8b040ee30061c83265a81c2c00cf096d4e8669de3e4cbaa669cdd4cce763f
0b2a1aee7a62edd2f0edcadf59fd2e1c5635e5eb1c807b10e64c06176c9eb077
0cf06772574802d62c3278a734d77b43435307215294edd290cfaa8d5b4cb076
0f746d54ef41069fb798a11df83626a5bfd371c8b3401574171784ab83f65b44
162f3a7e180fbc6e0a8bd9a54559554250927db8136543dee9f3653adae7427e
17adff9a9baa33154c51146b5f1b4431e2118e46d1857cc82992420c95c49b09
1a6c3ad32cd79b1379ca98b1e0ce14d183831ff17b8d6a821ddf790cfa71ddda
1c27852a2ca27d0165f838d043c1f38c064b77a21c24eb7d69af5664ca682fe3
1de90302505bf3cdb1bfce7f2d1e76a850e3097030b79cd83e2c8a119e899aaa
238b11d0983f093813a22ec15a9bec1f577a43cb2ce30997dfb51964cb6e73fa
28f4dd52de8ad78ccfd9c8d10e6f1d8cad3d85df5963ad079f363049e7f1fe86
292eefeb70ba905ac65124dab27f3c4a198658e9835ce511cb705d197bd28179
2c3af664cd131d6c3ec4d824edea7425264bc8461e31b51afba285782735320f
2d10816bada4d94734c1cb7e191ffb89ea7d9bb5c11b3e680f6b00c3a28d4e41
372ffd5ce8a4b87cdc082a2da3866a098c60cc91224c7dd40e3a48fd6dfd4994
39b867482b03ca600d2911a4e93e31caa8bf5c9fb6eb1e681da47e52a9c7122c
3b30c57fee08b8710ae3ec4a4f44cab038c7c238fbef21adf60791b6af5d3190
3cc9d446b13d37bd14e388647dcddca03a792b5baf15397ec6e62c7cbc117cd1
428dca060b7d5f77db070079114f87cc3ff88db75a9901db057bb32d78333d42
47aae9ce4b8ad9b2911f635e273b753e51fdf4f8a6aad5fe1bcd44d49d1ab00f
4b32ef9fb38e63d534880b7d4874bd2df77d1f766c77de781232f272a0a74ca1
4f420304246c9e98fc5a69fde63af5dd051990e44cc3caec83b074c680968b21
50eac77143568171cdb4d18883053ef4a3ac65ad4291ba3b0015c40d45616fa1
5244395c4adbc8a46e232f63af966e40ab1b8d2f6a7d05d83daa2df238020fc9
5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a
5ea8f49a91421cf607c074e1afeeb79672a84a27a2c4d8d0800e3adfeb45fedc
67563318f781475915e443fef24576ea64e5de5a80e7ab3fd6b967de15538dcc
6e2b66e4041eb8d5e8da78e5440dbdd40072567b76f329affd682a6a98a1f8e5
7227f0087c2a101ab5bc2a0f01f2d8ef832143768bac3dad24d6961d8f9e1fb3
7274e17a34226a2c73e8f8d81ddeb16ee2e364982b97b0d21ee34cccce010bb4
72abe5bb9ca24bbd17d00aaa30f67c371f1df6932b24015d3cae5aa7834d7a69
745e62adadc4f6e4a659ef58229ebe44290612c2c02f93ec91d111b9bbff2792
75f3627b0f49bfc2c40aca2d5a5ffd4b8efb9f291d07ed77a0f7f894169f099a
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7f8c6789e94588d2f6c1b003f78d57a3cccb431c3e3595f1149d5ff316917b7e
7f8f92a1913474ebb54f27bb9a908eb8006c76665ed14ed7ebea958b661b4b7a
8049fbc66c70664fea2e21d74b846d01e573951ddf01d090aece12807f916737
8183f487fa94a19fb2816dca3ab186a70e2475c48e8743d56f9953b9eeabb53a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
881c6d3b246e8fd21e7325f7411e28ffa6166f45582b18d38a972dc55dc96943
89e0fad06a74d1d850f48d12d56fbeb387a245a37c6304da1a2a6e7e8043ec0d
8adf7be5e4b8e09896eb13e9eaa409a3bcf7d35a096c858127816cd520d8b13f
8cd9dee34cd96472a5fd5de618fd4420fb9814517b51176314d1136d27c01364
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8f8fb169aedd25a34e59f087bfd7ee9a0893bed8a4f3824df3cd08ea1a6d47e2
90ff16f693fd99d99b9e7d29473298941ff339aada2216b3e866d949bd830cd0
912b5c2a4455ab2a97ca3bcb3a7b6b9c8195aab2305abec1aaeab56fedfacb4d
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
95e41b151dfcb2b32e813d128bfb6a2b83ce24cae893a4dfc487dc178d3dd3b1
a01050f120544b659a5b01dd168b7416224587780616e22d71c1d223e7a6d92b
a05c1900f93a5bd7cd548b744c3b866412335c99fa9ffa7386745a56fcbe351a
a11efdd316430c3ed0ebb4a564fe6f82b59790a46b027df59bae26d7ca639dcc
a95d35e211cde1cc8e0c02d0c7b05fcf663f032dd0379ff83e7001bc6ec5bafb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe1cc21d3f67492a5f475fe98951bc9d5fd563ae8982ff1e013e890ab52be51
b1e6fa50f60420fef9a2489bf847c308641c38b0080515debc5fcb25958e470a
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b8c05adcf65d3288a493a5e03fedca3e18c1f6074c3414f94cf0aa5e45ba1927
bde0dcec69fee23a4d9549a2c5a935a8a831c8f8d5019576b7047ce5d7214064
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
bf97db62e67a544b3cf02e29c189eab95438969937d85df7c6835b6037f7effc
bff127282d1b207589f0387de3a71ac47854e28ee532c213ea97669b7299b941
c1fc31072580014053e4a786ce276cb2a4bc196dacef0b24baa7cce6d939fd48
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c396d97ae83d3fbb48e9fdfeb74a11112ce224db85caf41eeb9a56301f4c0403
c39cd074b33a0348246ff987044c7650533c69afc4727bac852f8e02722d6d67
c40b0b8b73b6b119800fdbdcb3446d2b8de94b8259ae69aba87bae0eebf1c971
c89295f4cf9f044cc628d03fcdfde1d1d4a9d9398f86d20167e1f9bd90ff571b
ca65b2d42518f2dd0c371fe5034335401b0a33e2e96faa5841f5aa32ca4318f9
caf3bd2d50ae4bcae441d5e55a4166e1bead3ee8f6c2536450ba06fbe860c264
cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f
cfcfa7de5122ae8b722961129e0a0855a07a2eb3c04889f3f18e51f3e35e055e
d32e95ef1162bfe6ff49fdb0e173fc93f90ae6ad1717b0af25eb5553246b59b9
d333b91ec038474abd149162888f378fdd803d5190f15bda93d45566d5b03af6
d5181baf1c5141e77dde7697078491f6dfb623d8571f0bbb069f26f1d37e8b26
d85f142df5ec74b2573fd4eada3b6dd595cf714f0c59a4cf5d9156e6b25d68d9
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dc4c8b4269817a4028f65fb34d0cf7410050c6e58aeb82aa9fb067e7d85b3f65
dc8b0ebf6beadaea1c4334e9e6f8ae4553e0ab5317509d1941ff9dccc3333c31
e0b6885f4b03c4c735b3a211068e3d9459d48f2b27353665420dac6948a96efb
e2f5114f1b78eea5212a2aa1a74bf3c57ed7c2e8c64b4881bf5bbb266c758f1c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e531c74a86868f49de449a6f94644bae9ede63dc7f113662e0d489943a00004b
e54d3f4ad5c3c66a747f2a7f62e7ca28abfd2db5c57b3ba53721ee02e7e11b29
e6be41188dc361ea9217fe1204ced42e6b3bbc2d0419116a35c9e1f3814dd508
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e8bc12dad2243e75b5b09ff1d6dfd89a8bc432b06457d62fe4c7a251c306f934
e927dcebecb2c550da9428ce3ef949d06bd75ec8116b3a9df83dc7ab63c1f04c
eb9dcd55b6dca690ba5f4f8f7e274e85f3e3bdb3db5890e3cd58af0cd5e455d4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09f477f4a4abe0b9bbdfa8a507b10b77511011cb0776d12aebf6977e5f2833a
f12a372af87ca16e8ff12cae656f92287a5237317f53550a299f6cf39b63e1b1
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f1f9b88ebad4eff68423c31aa4c5e365aed21c6f5e74ec53c5138751ae07ed10
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f52f3575f11db0331afa64738da91b69d38092e573986c02234ba5428e3bf089
f7b83c9ad329c527d00782e1533f9aba02721b2424b836e379a1308a2065f5e2
f8a22490a8bb04c61fe2d4818e96aaabdac84158523d7d020951a5e330e15289
fa65446c5f9b87370f0a0b961ad0a017a3e902f24f3e49e206bebc85693bdcc7
faf7f5d27e086a338c8621310d9195f9e6d2f383bf48f1a76453a1fb574857b1
fb4d0b70ca229eef39a5557e196bbd02718da51ef8a9e23da2b91c30e95d1549
fbe88ff72a8d0b650df41e2dd7933a7347be290e8ed544e308606f891c5500c9
fc811c200b56bffb3cccdee11ecfac357061527da011fadcecc60f1e55c74d36
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

www.tdrewards.com Open in urlscan Pro 45.60.65.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

174 Requests

86 %HTTPS

33 %IPv6

33 Domains

48 Subdomains

29 IPs

6 Countries

7649 kBTransfer

10504 kBSize

47 Cookies

7 Outgoing links

Page URL History

Redirected requests

174 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tdrewards.com Open in urlscan Pro
45.60.65.34 Public Scan

Screenshot
Live screenshot

Full Image

174
Requests

86 %
HTTPS

33 %
IPv6

33
Domains

48
Subdomains

29
IPs

6
Countries

7649 kB
Transfer

10504 kB
Size

47
Cookies

174 HTTP transactions
0 data transactions