www.biltrewards.com Open in urlscan Pro
76.76.21.123 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bilt.page/
Effective URL:
https://www.biltrewards.com/
Submission: On June 22 via api (June 22nd 2024, 9:39:24 am UTC) from US — Scanned from DE

Summary HTTP 261 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 43 IPs in 4 countries across 34 domains to perform 261 HTTP transactions. The main IP is 76.76.21.123, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is www.biltrewards.com. The Cisco Umbrella rank of the primary domain is 154971.
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.

This is the only time www.biltrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.117.79.164 34.117.79.164	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
44	76.76.21.123 76.76.21.123	16509 (AMAZON-02) (AMAZON-02)
2	172.67.136.129 172.67.136.129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.112 13.33.187.112	16509 (AMAZON-02) (AMAZON-02)
1 5	142.250.184.196 142.250.184.196	15169 (GOOGLE) (GOOGLE)
9	172.66.43.60 172.66.43.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 23	34.110.183.245 34.110.183.245	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1 6	2606:4700:20:... 2606:4700:20::681a:2b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
2	54.70.128.238 54.70.128.238	16509 (AMAZON-02) (AMAZON-02)
1	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
1	52.223.52.2 52.223.52.2	16509 (AMAZON-02) (AMAZON-02)
5	35.241.5.91 35.241.5.91	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.160.241.76 34.160.241.76	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2a02:6ea0:c70... 2a02:6ea0:c700::22	60068 (CDN77 _) (CDN77 _)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
44	2600:9000:249... 2600:9000:2490:800:d:ada1:a280:93a1	16509 (AMAZON-02) (AMAZON-02)
3	3.160.150.114 3.160.150.114	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	143.204.207.250 143.204.207.250	16509 (AMAZON-02) (AMAZON-02)
5	104.81.60.131 104.81.60.131	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	35.157.157.150 35.157.157.150	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:275... 2600:9000:275d:9a00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
4	156.146.33.138 156.146.33.138	60068 (CDN77 _) (CDN77 _)
42	108.138.7.78 108.138.7.78	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::681a:3b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
3	2600:1f14:5db... 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3	16509 (AMAZON-02) (AMAZON-02)
4	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
1	99.81.186.60 99.81.186.60	16509 (AMAZON-02) (AMAZON-02)
3	35.81.90.104 35.81.90.104	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:275... 2600:9000:275b:aa00:19:2755:1280:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	2600:1f18:730... 2600:1f18:730:b140:cf0b:aa48:ad16:3834	14618 (AMAZON-AES) (AMAZON-AES)
2	52.202.134.190 52.202.134.190	14618 (AMAZON-AES) (AMAZON-AES)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:6f8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
261	43

1 34.117.79.164 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 164.79.117.34.bc.googleusercontent.com

bilt.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 76.76.21.123 (Walnut, United States)

ASN16509 (AMAZON-02, US)

www.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.136.129 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.deviceinf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-112.fra60.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.196 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.66.43.60 (United States)

ASN13335 (CLOUDFLARENET, US)

transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 34.110.183.245 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 245.183.110.34.bc.googleusercontent.com

id.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o441793.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:2b4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.70.128.238 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-70-128-238.us-west-2.compute.amazonaws.com

tvspix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

decagon.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.52.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0b1d980e1f2226c6.awsglobalaccelerator.com

www2.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.241.5.91 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 91.5.241.35.bc.googleusercontent.com

static.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.160.241.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.241.160.34.bc.googleusercontent.com

flags.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:c700::22 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2600:9000:2490:800:d:ada1:a280:93a1 (United States)

ASN16509 (AMAZON-02, US)

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.160.150.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-114.fra60.r.cloudfront.net

events.framer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.207.250 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-250.fra53.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.81.60.131 (Warsaw, Poland)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-81-60-131.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.157.157.150 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275d:9a00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 156.146.33.138 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 494557430.fra.cdn77.com

cdn.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 108.138.7.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-78.fra56.r.cloudfront.net

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:3b4 (United States)

ASN13335 (CLOUDFLARENET, US)

mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3 (Boardman, United States)

ASN16509 (AMAZON-02, US)

api.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.43.134 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.81.186.60 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-186-60.eu-west-1.compute.amazonaws.com

vitals.vercel-insights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.81.90.104 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-90-104.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:275b:aa00:19:2755:1280:93a1 (United States)

ASN16509 (AMAZON-02, US)

scripts.neuro-id.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:730:b140:cf0b:aa48:ad16:3834 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.202.134.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-134-190.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:6f8 (United States)

ASN13335 (CLOUDFLARENET, US)

sync-transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	framerusercontent.com framerusercontent.com — Cisco Umbrella Rank: 45895	2 MB
75	biltrewards.com 1 redirects www.biltrewards.com — Cisco Umbrella Rank: 154971 id.biltrewards.com — Cisco Umbrella Rank: 220970 www2.biltrewards.com — Cisco Umbrella Rank: 794226 static.biltrewards.com — Cisco Umbrella Rank: 228775 flags.biltrewards.com — Cisco Umbrella Rank: 188267	2 MB
11	userway.org cdn.userway.org — Cisco Umbrella Rank: 4625 api.userway.org — Cisco Umbrella Rank: 4518	54 KB
9	transcend-cdn.com transcend-cdn.com — Cisco Umbrella Rank: 9040	144 KB
8	mgln.ai 1 redirects cdn.mgln.ai — Cisco Umbrella Rank: 47150 mgln.ai — Cisco Umbrella Rank: 21191 eu.mgln.ai — Cisco Umbrella Rank: 75286	5 KB
6	segment.com cdn.segment.com — Cisco Umbrella Rank: 1789	53 KB
5	liadm.com 2 redirects b-code.liadm.com — Cisco Umbrella Rank: 4229 rp4.liadm.com — Cisco Umbrella Rank: 5750 Failed rp.liadm.com — Cisco Umbrella Rank: 1242	38 KB
5	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3014	10 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 787	142 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 5	1 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	5 KB
4	snapchat.com tr.snapchat.com — Cisco Umbrella Rank: 938	1 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	399 KB
3	segment.io api.segment.io — Cisco Umbrella Rank: 1325	529 B
3	framer.com events.framer.com — Cisco Umbrella Rank: 54086	6 KB
2	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 70	85 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 133	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 204	72 KB
2	neuro-id.com scripts.neuro-id.com — Cisco Umbrella Rank: 130929	48 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 520	1 KB
2	gstatic.com www.gstatic.com	207 KB
2	tvspix.com tvspix.com — Cisco Umbrella Rank: 15209	387 B
2	sentry.io o441793.ingest.sentry.io — Cisco Umbrella Rank: 205267	355 B
2	deviceinf.com cdn.deviceinf.com — Cisco Umbrella Rank: 193562	103 KB
1	sync-transcend-cdn.com sync-transcend-cdn.com — Cisco Umbrella Rank: 48734
1	google.de www.google.de — Cisco Umbrella Rank: 8088	64 B
1	vercel-insights.com vitals.vercel-insights.com — Cisco Umbrella Rank: 15616	166 B
1	reddit.com pixel-config.reddit.com Failed alb.reddit.com — Cisco Umbrella Rank: 1406 conversions-config.reddit.com Failed	637 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2355
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 1274	21 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1200	13 KB
1	decagon.ai decagon.ai — Cisco Umbrella Rank: 55713	1 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 15234	43 KB
1	bilt.page 1 redirects bilt.page	141 B
261	34

	Domain	Requested by
86	framerusercontent.com	www2.biltrewards.com
44	www.biltrewards.com	www.biltrewards.com
23	id.biltrewards.com	1 redirects www.biltrewards.com www2.biltrewards.com id.biltrewards.com
9	transcend-cdn.com	www.biltrewards.com transcend-cdn.com id.biltrewards.com
8	cdn.userway.org	www.biltrewards.com cdn.userway.org www2.biltrewards.com
6	mgln.ai	1 redirects www.biltrewards.com
6	cdn.segment.com	www.biltrewards.com
5	tags.srv.stackadapt.com	www.biltrewards.com tags.srv.stackadapt.com
5	analytics.tiktok.com	www.biltrewards.com analytics.tiktok.com
5	static.biltrewards.com	www.biltrewards.com id.biltrewards.com
5	www.google.com	1 redirects www.biltrewards.com id.biltrewards.com www.gstatic.com
4	www.facebook.com	www.biltrewards.com
4	tr.snapchat.com	sc-static.net www.biltrewards.com
4	www.googletagmanager.com	www.biltrewards.com www.googletagmanager.com cdn.segment.com
3	api.segment.io	www.biltrewards.com
3	api.userway.org	www.biltrewards.com cdn.userway.org
3	events.framer.com	www2.biltrewards.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	cdn.segment.com www.googleadservices.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	rp.liadm.com	2 redirects
2	scripts.neuro-id.com	www.biltrewards.com scripts.neuro-id.com
2	rp4.liadm.com	www.biltrewards.com
2	pixel.tapad.com	2 redirects
2	www.gstatic.com	www.google.com
2	flags.biltrewards.com	www.biltrewards.com
2	tvspix.com	www.biltrewards.com
2	o441793.ingest.sentry.io	www.biltrewards.com id.biltrewards.com
2	cdn.deviceinf.com	www.biltrewards.com id.biltrewards.com
1	sync-transcend-cdn.com	transcend-cdn.com
1	www.google.de	www.biltrewards.com
1	vitals.vercel-insights.com	www.biltrewards.com
1	alb.reddit.com	www.biltrewards.com
1	region1.google-analytics.com	www.biltrewards.com
1	eu.mgln.ai	www.biltrewards.com
1	b-code.liadm.com	www.googletagmanager.com
1	sc-static.net	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com www.biltrewards.com
1	www2.biltrewards.com	www.biltrewards.com
1	decagon.ai	www.biltrewards.com
1	cdn.mgln.ai	www.biltrewards.com
1	cdn.plaid.com	www.biltrewards.com
1	bilt.page	1 redirects
0	conversions-config.reddit.com Failed	www.biltrewards.com
0	pixel-config.reddit.com Failed	www.biltrewards.com
261	45

This site contains links to these domains. Also see Links.

Domain
instagram.com
twitter.com
facebook.com
youtube.com
www.linkedin.com
legal.biltrewards.com
biltrewards.zendesk.com
bilt.page.link
biltrewards.com
www.biltalliance.com
newsroom.biltrewards.com
allyant.com

Subject Issuer	Validity	Valid
www.biltrewards.com R3	`2024-05-22` - `2024-08-20`	3 months	crt.sh
deviceinf.com Cloudflare Inc ECC CA-3	`2024-01-08` - `2024-12-31`	a year	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
*.google.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
transcend-cdn.com GTS CA 1P5	`2024-05-18` - `2024-08-16`	3 months	crt.sh
id.biltrewards.com GTS CA 1D4	`2024-05-04` - `2024-08-02`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
mgln.ai E1	`2024-06-05` - `2024-09-03`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
tvspix.com Amazon RSA 2048 M03	`2024-03-25` - `2025-04-24`	a year	crt.sh
decagon.ai R3	`2024-04-27` - `2024-07-26`	3 months	crt.sh
www2.biltrewards.com R3	`2024-05-15` - `2024-08-13`	3 months	crt.sh
static.biltrewards.com GTS CA 1D4	`2024-05-12` - `2024-08-10`	3 months	crt.sh
flags.biltrewards.com WR3	`2024-06-17` - `2024-09-15`	3 months	crt.sh
1667503734.rsc.cdn77.org R3	`2024-05-07` - `2024-08-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
framerusercontent.com Amazon RSA 2048 M02	`2023-12-18` - `2025-01-14`	a year	crt.sh
events.framer.com Amazon RSA 2048 M03	`2024-04-09` - `2025-05-07`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
sc-static.net Amazon RSA 2048 M03	`2023-12-21` - `2025-01-18`	a year	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.liadm.com Amazon RSA 2048 M03	`2023-12-02` - `2024-12-29`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
api.userway.org Amazon RSA 2048 M03	`2023-09-02` - `2024-09-30`	a year	crt.sh
*.snap.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-21` - `2025-02-20`	a year	crt.sh
vercel-insights.com Amazon RSA 2048 M03	`2023-08-23` - `2024-09-19`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
*.neuro-id.com Amazon RSA 2048 M02	`2024-05-27` - `2025-06-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-31` - `2024-06-29`	3 months	crt.sh
*.googleadservices.com WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-03` - `2024-08-26`	3 months	crt.sh
sync-transcend-cdn.com E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.biltrewards.com/
Frame ID: AFCDB19A2C5C6FE706C70788E5D03B11
Requests: 131 HTTP requests in this frame

Frame: https://www2.biltrewards.com/
Frame ID: 83AF142D0C5E4F1860A9A6E8B48B1C31
Requests: 110 HTTP requests in this frame

Frame: https://id.biltrewards.com/login/iframe/userdata/
Frame ID: 64565A28BAF288FBD15A14FD9C7A75DB
Requests: 28 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=nvprlvtfplry
Frame ID: DEFECFF1605E3908F08E4C9B3DF2828A
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=7ad3f193-82b5-4dfa-8879-986ee8a5ddf9&u_scsid=4a6e7d7a-dcf7-4b80-bce5-198facfde293&u_sclid=1197c722-974f-4bc9-b5a4-a8fbb1eb7f2e
Frame ID: 3DC34B405511B0B5D843A1D4734518CA
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly9pZC5iaWx0cmV3YXJkcy5jb206NDQz&hl=de&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=5wf0rjlm5wky
Frame ID: F86B83AD46F8C37B2653F22A3E96014E
Requests: 1 HTTP requests in this frame

Frame: https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
Frame ID: 722073B24D11B916023F09536374EC22
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bilt Rewards

Page URL History Show full URLs

http://bilt.page/ HTTP 307
https://bilt.page/ HTTP 301
https://www.biltrewards.com/ Page URL

Detected technologies

DatoCMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+https://www\.datocms-assets\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

UserWay (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.userway\.org/widget.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+recaptcha

Page Statistics

261
Requests

95 %
HTTPS

33 %
IPv6

34
Domains

45
Subdomains

43
IPs

4
Countries

4943 kB
Transfer

16011 kB
Size

36
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://instagram.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://twitter.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://facebook.com/biltrewards

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCCJoaLWfOJeBx6fD8K58nuQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/biltrewards

Search URL Search Domain Scan URL

URL: https://legal.biltrewards.com/policies
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://biltrewards.zendesk.com/hc/en-us
Title: Help Center

Search URL Search Domain Scan URL

URL: https://bilt.page.link/app
Title: App

Search URL Search Domain Scan URL

URL: https://biltrewards.com/p/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.biltalliance.com/
Title: Bilt for Real Estate Partners

Search URL Search Domain Scan URL

URL: https://newsroom.biltrewards.com/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://allyant.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bilt.page/ HTTP 307
https://bilt.page/ HTTP 301
https://www.biltrewards.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://id.biltrewards.com/login/iframe/userdata HTTP 308
https://id.biltrewards.com/login/iframe/userdata/

Request Chain 130

https://mgln.ai/pixel/sync.gif HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=13fbab79-5c2c-4856-9c87-e5fa1cb9cf24&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=13fbab79-5c2c-4856-9c87-e5fa1cb9cf24&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://eu.mgln.ai/pixel?tapad_id=869de732-780f-4b7b-a00b-e6a5553f7a73

Request Chain 162

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D&n3pc=true

Request Chain 216

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Request Chain 223

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Request Chain 246

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Request Chain 251

https://rp.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 302
https://rp4.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Request Chain 252

https://rp.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTkwNDkxMzUwNzEmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxajB6bjA4Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE5MDQ5MTM1MDcxJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 302
https://rp4.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTkwNDkxMzUwNzEmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxajB6bjA4Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE5MDQ5MTM1MDcxJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Request Chain 266

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIuYaOifXuhgMVomEeAh3Mtg-AMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8 HTTP 302
https://www.google.com/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIuYaOifXuhgMVomEeAh3Mtg-AMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwDaQooL18tZW1HLAgoLn5r9xlOqxNj2Io5oKg&random=2205092293&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIuYaOifXuhgMVomEeAh3Mtg-AMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwDaQooL18tZW1HLAgoLn5r9xlOqxNj2Io5oKg&random=2205092293&resp=GooglemKTybQhCsO&ipr=y

261 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.biltrewards.com/
Redirect Chain

http://bilt.page/
https://bilt.page/
https://www.biltrewards.com/

111 KB
14 KB

404ms
310ms

Document
text/html

76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

cab6ffebb60ef24afad18a44f8a883f8de24b2adc5105f34ec74123721d7e200

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-type: text/html; charset=utf-8
date: Sat, 22 Jun 2024 09:38:51 GMT
referrer-policy: origin
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-content-type-options: nosniff
x-matched-path: /p/homepage
x-powered-by: Next.js
x-vercel-cache: MISS
x-vercel-execution-region: cle1
x-vercel-id: fra1::cle1::s9vq4-1719049131613-501f61a0ab27
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 22 Jun 2024 09:38:51 GMT
location: https://www.biltrewards.com:443/

GET
H2 200 webpack-c6ed2485346d62d6.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 63ms
62ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/webpack-c6ed2485346d62d6.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

84db3bb8b28d58bd9f6221bc2f6803b15dc6cf67d995fd72646bf6afa91e7782

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="webpack-c6ed2485346d62d6.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::f4bpr-1719049132001-bec66f310b54
x-matched-path: /_next/static/chunks/webpack-c6ed2485346d62d6.js
etag: W/"dc743c21576dcc8986e32ab1e9e9db39"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 91cec475-5dce4e087a8c3674.js Show response
www.biltrewards.com/_next/static/chunks/ 169 KB
57 KB 64ms
64ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

963f38b2c0afc634b8f7464bb1205b99bb927e3de192ecd9bbc7950ed544d0ab

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="91cec475-5dce4e087a8c3674.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cslv2-1719049132001-d513ba69767e
x-matched-path: /_next/static/chunks/91cec475-5dce4e087a8c3674.js
etag: W/"b0839d98dd6158a4b9c6fba9bd65c329"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7438-5047dde1b6b54bcf.js Show response
www.biltrewards.com/_next/static/chunks/ 147 KB
45 KB 144ms
141ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c2d083746b9291aec11159af347860a04ca0126eda5bf63ec5404ccd797f9e03

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 16842
content-disposition: inline; filename="7438-5047dde1b6b54bcf.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::dmcrm-1719049132022-3b4b1cbc284d
x-matched-path: /_next/static/chunks/7438-5047dde1b6b54bcf.js
etag: W/"52b56bba0b25420c59bf2789e8444ae1"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 main-app-2846e6696ce5b642.js Show response
www.biltrewards.com/_next/static/chunks/ 4 KB
5 KB 146ms
144ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/main-app-2846e6696ce5b642.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4e5584b694243b45281227880c7fcf1bd876b4c9642e909fffdf5678e2e1b66b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="main-app-2846e6696ce5b642.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::tx4fz-1719049132022-fd6955aa4629
x-matched-path: /_next/static/chunks/main-app-2846e6696ce5b642.js
etag: W/"1cec0b3ea20581a48065244beed63fa8"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8898-bc0e1ff63ab80415.js Show response
www.biltrewards.com/_next/static/chunks/ 38 KB
15 KB 80ms
77ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8898-bc0e1ff63ab80415.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dae52125e7587a0e2bd0cd579b739afb5489f1eb9c28e2fd7e1ab1e18c1424d9

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 24200
content-disposition: inline; filename="8898-bc0e1ff63ab80415.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::m6q48-1719049132022-2016abc24a28
x-matched-path: /_next/static/chunks/8898-bc0e1ff63ab80415.js
etag: W/"76c73ee4f0485db383ad6eb52d1abc11"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 global-error.page-ad058a41cb3bbfdd.js Show response
www.biltrewards.com/_next/static/chunks/app/ 6 KB
5 KB 78ms
76ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/global-error.page-ad058a41cb3bbfdd.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3aa00d1215ad4c9fb018146aea862a2afd490de48a6639d084a1311f1fd0e036

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 11240
content-disposition: inline; filename="global-error.page-ad058a41cb3bbfdd.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132022-27a8ba16730f
x-matched-path: /_next/static/chunks/app/global-error.page-ad058a41cb3bbfdd.js
etag: W/"12183a3c3b4e69135bdfed0e10d0c879"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 a1377a71-4c84c77b524e6165.js Show response
www.biltrewards.com/_next/static/chunks/ 118 KB
41 KB 56ms
54ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/a1377a71-4c84c77b524e6165.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

af53dde1fe93925a0b70f4fc9501ccc97ea5b888ef6c746d94185f2ed739e5f0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="a1377a71-4c84c77b524e6165.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::qjm7v-1719049132022-e6b7cb84d7b8
x-matched-path: /_next/static/chunks/a1377a71-4c84c77b524e6165.js
etag: W/"ef588ca0007e27c4ec7b7faa59abf98d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9ffa21ba-04ca375d13ea0822.js Show response
www.biltrewards.com/_next/static/chunks/ 68 KB
28 KB 70ms
69ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9ffa21ba-04ca375d13ea0822.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

aeae3d036279fd7de7b67823163592b50baa4c5ed642cd187013b3dc1977d8b7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="9ffa21ba-04ca375d13ea0822.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wqdql-1719049132022-09e0a9d6428c
x-matched-path: /_next/static/chunks/9ffa21ba-04ca375d13ea0822.js
etag: W/"c948449ce37965bfd22f5d112c0ceae7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 2826-d3ac53490ebf1482.js Show response
www.biltrewards.com/_next/static/chunks/ 37 KB
17 KB 136ms
135ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/2826-d3ac53490ebf1482.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7c3f289c3c7e8243b778f2a5dbd0019295ed9735bc7f177fdc614456f4efd442

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="2826-d3ac53490ebf1482.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132022-cabf366edb26
x-matched-path: /_next/static/chunks/2826-d3ac53490ebf1482.js
etag: W/"789702ffa58921003319aa63bb5a0467"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9974-5c7cb387496c68a4.js Show response
www.biltrewards.com/_next/static/chunks/ 15 KB
8 KB 153ms
151ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9974-5c7cb387496c68a4.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fac6af60a4c6c2e8f540ae939737994e3202aa41767ed368ce43824a80ac5fc4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="9974-5c7cb387496c68a4.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wqdql-1719049132028-96c55fe6e854
x-matched-path: /_next/static/chunks/9974-5c7cb387496c68a4.js
etag: W/"4b7f51f9ea8392f602fd6b15e03be9ea"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 4165-cd1e78e5901a53f0.js Show response
www.biltrewards.com/_next/static/chunks/ 7 KB
6 KB 146ms
145ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/4165-cd1e78e5901a53f0.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2169716ae730dc18571dd721fd342e5f82888b913b33a718cfc55f202d465db2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 38138
content-disposition: inline; filename="4165-cd1e78e5901a53f0.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::qjm7v-1719049132028-36de8137cacb
x-matched-path: /_next/static/chunks/4165-cd1e78e5901a53f0.js
etag: W/"6941baaff72a9f234666a74c67869bcd"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1463-0a38fb557deb9b73.js Show response
www.biltrewards.com/_next/static/chunks/ 27 KB
11 KB 151ms
150ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1463-0a38fb557deb9b73.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dd1279a52d09db441ebf5dc664fb7f6a3c2eb560d12090f18eecdb47bba9258e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="1463-0a38fb557deb9b73.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cslv2-1719049132028-d575efb39f2f
x-matched-path: /_next/static/chunks/1463-0a38fb557deb9b73.js
etag: W/"9217daf0ea06b378ac628826319f6b32"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1169-f1732103d0d67a1b.js Show response
www.biltrewards.com/_next/static/chunks/ 85 KB
33 KB 131ms
122ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1169-f1732103d0d67a1b.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

703d80f8e6118ff0777dd678b1569301fd30596d7e1bd97ed883c24d242b96a5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="1169-f1732103d0d67a1b.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wqdql-1719049132057-b21677d7353a
x-matched-path: /_next/static/chunks/1169-f1732103d0d67a1b.js
etag: W/"dc65834cbefe4b0f742c153234077d30"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1455-2c977d514acb3577.js Show response
www.biltrewards.com/_next/static/chunks/ 13 KB
7 KB 134ms
126ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0514147a494bd526501ff2d456b64df556510ce233c49b900d8a7fad78db6417

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="1455-2c977d514acb3577.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::s9vq4-1719049132057-ab4f6d64e009
x-matched-path: /_next/static/chunks/1455-2c977d514acb3577.js
etag: W/"f5c98a54c4e4a9df5d0229c22de4a3d0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 455-d14bbd4de2c4525f.js Show response
www.biltrewards.com/_next/static/chunks/ 260 KB
87 KB 137ms
128ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a6bb9b1ce179bb2b03d1d257e893aadf01dd3880872f7b63cc9c78c9440a644f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="455-d14bbd4de2c4525f.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::m6q48-1719049132057-8e54367b47fb
x-matched-path: /_next/static/chunks/455-d14bbd4de2c4525f.js
etag: W/"e1a82e3fcf1e33b1780d644e9e6ae503"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 6701-461c3afaf5cc6407.js Show response
www.biltrewards.com/_next/static/chunks/ 92 KB
31 KB 140ms
132ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/6701-461c3afaf5cc6407.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1942035ce7ce741f7177c083ef254fd14a167a81020246d9d87a51377459fb5c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 23887
content-disposition: inline; filename="6701-461c3afaf5cc6407.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::dmcrm-1719049132057-c9f52e024713
x-matched-path: /_next/static/chunks/6701-461c3afaf5cc6407.js
etag: W/"baa6022d87ef4fba643b7683a165b3d2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1684-ee4bdce90a302e69.js Show response
www.biltrewards.com/_next/static/chunks/ 8 KB
5 KB 127ms
119ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1684-ee4bdce90a302e69.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

62fdba95c5081c72a84ddf4c46866cddd20bcde4c65e2514eb6dc0ab6dbb811c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="1684-ee4bdce90a302e69.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::qjm7v-1719049132057-2cdcd46cc42f
x-matched-path: /_next/static/chunks/1684-ee4bdce90a302e69.js
etag: W/"f657dc375e89368f75c9d835682f7b50"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9695-9b25b47f20f284e0.js Show response
www.biltrewards.com/_next/static/chunks/ 134 KB
48 KB 138ms
130ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9695-9b25b47f20f284e0.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

421cb37fc0471ba86d5bda3a10ef331d19e9bba1fb75ebf0a95d75d68086ae7c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="9695-9b25b47f20f284e0.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::tx4fz-1719049132057-d7694bdb0fa0
x-matched-path: /_next/static/chunks/9695-9b25b47f20f284e0.js
etag: W/"79ef5ddc76ff165b53481575e38bb556"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1441-3b4900a12a053e26.js Show response
www.biltrewards.com/_next/static/chunks/ 283 KB
95 KB 146ms
138ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1441-3b4900a12a053e26.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

69a7b7578b8179a9e3ca7501a0f078204fa83e03d7611a427a612c884a257e6f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="1441-3b4900a12a053e26.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cslv2-1719049132058-4400556772b6
x-matched-path: /_next/static/chunks/1441-3b4900a12a053e26.js
etag: W/"239e13531ea432d87c5bf0f1c9af9ec4"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 4223-51314d5e52c4a3ff.js Show response
www.biltrewards.com/_next/static/chunks/ 374 KB
91 KB 141ms
133ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/4223-51314d5e52c4a3ff.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

efea5bf59f773b24358d170be8bbce8d89be5fd91e3ca7b857fe40cf0cc2786d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 8229
content-disposition: inline; filename="4223-51314d5e52c4a3ff.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132057-b90bc034b9c4
x-matched-path: /_next/static/chunks/4223-51314d5e52c4a3ff.js
etag: W/"8cf8d5b9c931654f31fac0da5a82b90f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 page.page-634a24128012a5eb.js Show response
www.biltrewards.com/_next/static/chunks/app/(root)/p/homepage/ 6 KB
5 KB 164ms
152ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/(root)/p/homepage/page.page-634a24128012a5eb.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3deb77a8538750f753e001a34ab1d984ffcfa2431143e19e35b48407c31264f3

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 39932
content-disposition: inline; filename="page.page-634a24128012a5eb.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wqdql-1719049132061-9b3f328d6a72
x-matched-path: /_next/static/chunks/app/(root)/p/homepage/page.page-634a24128012a5eb.js
etag: W/"8d46fabf25a38e0811a159301088b39c"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9474-a491384d0eb9fad3.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 166ms
155ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9474-a491384d0eb9fad3.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5e1c5b6167bc4b4c9ddd0424ac6d398d6bdee7da37d0f24dd0327b38d99023ef

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="9474-a491384d0eb9fad3.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::s9vq4-1719049132061-cb122e67fc3c
x-matched-path: /_next/static/chunks/9474-a491384d0eb9fad3.js
etag: W/"0094be2e41db73a19996a2a893312dca"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 3761-ef5b051e74108e01.js Show response
www.biltrewards.com/_next/static/chunks/ 43 KB
19 KB 170ms
159ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/3761-ef5b051e74108e01.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e602b9865a51d84c8e4c24b7e6c45c6b68b429fd4b9a1a520a2a43a13b80a81a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="3761-ef5b051e74108e01.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::qjm7v-1719049132062-1f94cd99887f
x-matched-path: /_next/static/chunks/3761-ef5b051e74108e01.js
etag: W/"bf09e45488bc2fb3857d9f1507808e8b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 4163-46579ed45bcdb17e.js Show response
www.biltrewards.com/_next/static/chunks/ 8 KB
6 KB 169ms
158ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/4163-46579ed45bcdb17e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

60d36b92039d0fe2ed213c99dada4ca575c5895e7110b4b2660aa4968fe293c2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="4163-46579ed45bcdb17e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::tx4fz-1719049132061-86741e8ef68b
x-matched-path: /_next/static/chunks/4163-46579ed45bcdb17e.js
etag: W/"89359c90d7c9a5eba22745c9d684d8d0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7807-ca4a1d01ed3c69c4.js Show response
www.biltrewards.com/_next/static/chunks/ 17 KB
9 KB 185ms
174ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7807-ca4a1d01ed3c69c4.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2b8064de6299cde596d64084ddb147c3a043b408abd56340c2a8256b495ec9d5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 17663
content-disposition: inline; filename="7807-ca4a1d01ed3c69c4.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132061-64be5dd91224
x-matched-path: /_next/static/chunks/7807-ca4a1d01ed3c69c4.js
etag: W/"29ba458c7ccad9e8f76f6e0736b25772"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7543-9fdb86bed88af9a6.js Show response
www.biltrewards.com/_next/static/chunks/ 18 KB
9 KB 186ms
175ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7543-9fdb86bed88af9a6.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

f3c4632be2409cc3e97373cd22fbef8e443e86360c18c6e8117a95da6575b30e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="7543-9fdb86bed88af9a6.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::f4bpr-1719049132062-666434ebad7d
x-matched-path: /_next/static/chunks/7543-9fdb86bed88af9a6.js
etag: W/"25404612d704c271fa4cae41309e28f3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 574-170df20463ce9f4f.js Show response
www.biltrewards.com/_next/static/chunks/ 10 KB
6 KB 193ms
183ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/574-170df20463ce9f4f.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

f785d914fb2dd3f484f2a7fc7fc0a50642ea90be14325b4ac8b644b184c924a2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="574-170df20463ce9f4f.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bjhk8-1719049132067-9f7e9c82c708
x-matched-path: /_next/static/chunks/574-170df20463ce9f4f.js
etag: W/"1990975e284b1e37561e824d2fd944d6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 4206-f0c8950258eda00a.js Show response
www.biltrewards.com/_next/static/chunks/ 10 KB
6 KB 189ms
178ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/4206-f0c8950258eda00a.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1195810cb67e308f37d3759ba7fbc7d8e298981d38a685f31c9c86ab2f7d8242

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="4206-f0c8950258eda00a.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132067-2ccc56088a46
x-matched-path: /_next/static/chunks/4206-f0c8950258eda00a.js
etag: W/"79685e1d84ff320b3d6c5f47a7973a83"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9450-0f2d21f71f77c090.js Show response
www.biltrewards.com/_next/static/chunks/ 76 KB
27 KB 190ms
180ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9450-0f2d21f71f77c090.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e2628607af9160831d1be050c423b5d540cee1998baffcc7db73d6c7f9fed3c5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 16842
content-disposition: inline; filename="9450-0f2d21f71f77c090.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049132067-ff7288ef160e
x-matched-path: /_next/static/chunks/9450-0f2d21f71f77c090.js
etag: W/"dd97ec89c132fc6f7dd329090a18f37b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 layout.page-f9681d204ae0b1eb.js Show response
www.biltrewards.com/_next/static/chunks/app/(root)/ 92 KB
30 KB 189ms
179ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-f9681d204ae0b1eb.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

011a15f100211230ccbf8ead1fdc3e7687018ad5eebb41e392282ad85adc371e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="layout.page-f9681d204ae0b1eb.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cslv2-1719049132068-1d6c8e3a0364
x-matched-path: /_next/static/chunks/app/(root)/layout.page-f9681d204ae0b1eb.js
etag: W/"e518d5a5e6c8f2fb03c7ff2c7567ef1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 ada-compliance.js Show response
www.biltrewards.com/assets/vendor/ 2 KB
3 KB 42ms
42ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/assets/vendor/ada-compliance.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="ada-compliance.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::s9vq4-1719049132005-2552aaf8cb63
x-matched-path: /assets/vendor/ada-compliance.js
etag: W/"d2b0d05ef1d0990b8dd364cf4b0461b6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H3 200 agent.js Show response
cdn.deviceinf.com/js/v4/ 310 KB
103 KB 164ms
91ms Script
application/javascript 172.67.136.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.deviceinf.com/js/v4/agent.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.136.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA53-C1
age: 1835
x-amz-server-side-encryption: AES256
content-encoding: zstd
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
server: cloudflare
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BhGadvAhqAX3pIlmGLi%2F0YAvSF16arWm%2BRsEC9rdIns7MqvUef68VobpK03SBODUaVMTioSoYeK52Sza6VlVu8YLa4bIm9bWBCLKFW%2Bnr3i%2FXuQ6V3eUet3Sm2Fm9LGfwOX5sA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 897b4493898a37d2-FRA
x-amz-cf-id: y_3FpCdUdMArkg2QdL3NLjdSiN_1iU6xqu8BX64SA6hwYMZxYTtpRA==

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 156 KB
43 KB 244ms
53ms Script
text/javascript 13.33.187.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-112.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6c6973b84c78083006d4f2167ed3cbc6f6469cdf819a0474abfa40b91a3699c8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: yNDcZ5y.uTAM6W4jSO_9E.LpgEYNnAb1
content-encoding: br
via: 1.1 af1c2193a818b5824fd85ddd651620a8.cloudfront.net (CloudFront)
date: Sat, 22 Jun 2024 08:41:59 GMT
x-amz-request-id: XY9ETGSV8277206B
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
age: 3441
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: T3GkGQaR6BE7RvF5VA4YNvIDuavw2AHSBgto1lg2SAyMvzFt1RFCqlDi9E+NJ0B2g/yLuXeHYy8=
last-modified: Mon, 17 Jun 2024 17:25:48 GMT
server: AmazonS3
etag: W/"205c2fc8b57493f8873821815ae048fb"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: q8CxW8EMA2hwQzfc8LMn4nwFrlaPHbDVAv3SQ9JmtYkSuBKv78-A1g==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1012 B 169ms
73ms Script
text/javascript 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

GSE /

Resource Hash

c3041035d4df7dabf7fc7f0f2751666758cabfa9cba703be2a3763b213bfaecf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 22 Jun 2024 09:38:52 GMT

GET
H3 200 airgap.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 105 KB
43 KB 383ms
310ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"f40739130aa0cc889c7fc63c2ffe78ae"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44938d01c060-WAW

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ 275 KB
75 KB 170ms
54ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a24e1d533fa7898b393c136b75936b4e48878326fa67a1924ea38991a6a0171b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:48:31 GMT
content-encoding: br
via: 1.1 google
age: 3021
x-guploader-uploadid: ACJd0NrXMXGjMMYMionFh3k4kal5hobWRagP_qdA1r1-ryGyf6PL9SHPXBX6gCUsZlaKL2xQgVQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76040
last-modified: Thu, 20 Jun 2024 15:42:55 GMT
server: UploadServer
etag: "782a3b440bb3ac8eb0962ba7bff21d02"
vary: Accept-Encoding
x-goog-generation: 1718898175485164
x-goog-hash: crc32c=2tmGTA==, md5=eCo7RAuzrI6wliunv/IdAg==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 76040
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 22 Jun 2024 09:48:31 GMT

POST
H2 200 / Show response
o441793.ingest.sentry.io/api/5823479/envelope/ 2 B
299 B 150ms
43ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o441793.ingest.sentry.io/api/5823479/envelope/?sentry_key=50f039ff934e419597bde8e7652fc3d8&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.112.2

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 307 KB
103 KB 177ms
74ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-f9681d204ae0b1eb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4e1ef43961b370b7ea88ab88036ded79a35f8809fc3b92c1801c8420b4d81a31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104956
x-xss-protection: 0
last-modified: Sat, 22 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Jun 2024 09:38:52 GMT

GET
H2 200 pixel.min.js Show response
cdn.mgln.ai/ 4 KB
2 KB 162ms
57ms Script
application/javascript 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mgln.ai/pixel.min.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-f9681d204ae0b1eb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
x-amz-version-id: Qluw.Dmpsqk5N8uDOhUTz5or_W6D3CxC
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 3A8R91BMW2FPZZXB
age: 1230
x-amz-server-side-encryption: AES256
x-amz-id-2: 1M+zmkXPHkyQ0gCfduAq6wWLe59+4IU+uynyc+iub4Fu1ov/GHVz2ExtTtNEw3Mf3oa2Lr6HIQ8=
last-modified: Thu, 08 Dec 2022 20:53:16 GMT
server: cloudflare
etag: W/"37bf51efaf3af89068b080c2d9635113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TnqjBtGWPb%2B6P%2BRzjHYmqLEdeV4WGh6HjNaUxJo%2FGffrjcCZGEs3WkMWC7gMaMQhwc5bzBwrJEwHduazP1zRR7o249T2zWctF6YRR8b8fSj2SKjfeV957Mw7PxtuEfFIUTBqEo3xgOMX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 897b44975805bbbf-FRA

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 3 KB
2 KB 162ms
42ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/settings
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 0J8FdXNAYV1z6ofZJjahVic3IXJOIsUZ
content-encoding: br
via: 1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
date: Sat, 22 Jun 2024 09:12:09 GMT
x-amz-cf-pop: FRA6-C1
age: 1667
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Apr 2024 17:43:55 GMT
server: AmazonS3
etag: W/"9c420e2783cc9b135277d88d374c741a"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: szGIo4UykLwyRx7RCAby6u7ccL8_jNPh61ynB6T9QiOtTXhdVY9iCg==

GET
H2 200 t.png
tvspix.com/ 68 B
194 B 965ms
210ms Image
image/png 54.70.128.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tvspix.com/t.png?&t=1719049132572&l=tvscientific-pix-o-946859a1-af7d-49da-bef5-a1dcf030077a&u3=https%3A%2F%2Fwww.biltrewards.com%2F
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.70.128.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-70-128-238.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
pragma: no-cache
date: Sat, 22 Jun 2024 09:38:53 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 68
expires: 0

GET
H2 200 bilt.js Show response
decagon.ai/loaders/ 3 KB
1 KB 157ms
54ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://decagon.ai/loaders/bilt.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::6skmd-1719049132830-02df585a58cf
age: 17193
x-matched-path: /loaders/bilt.js
etag: W/"653cacd6241644d8457a997c6cf05e54"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bilt.js"

GET
H2 200 / Show response
www2.biltrewards.com/ Frame 83AF 1 MB
79 KB 192ms
59ms Document
text/html 52.223.52.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.biltrewards.com/

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.223.52.2 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a0b1d980e1f2226c6.awsglobalaccelerator.com

Software

Framer/22dcab7 /

Resource Hash

573bfc190a504a69f04a584c5defa190fed41db4eba930b41007c47b0d8dba3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-length: 80163
content-type: text/html
date: Sat, 22 Jun 2024 09:38:52 GMT
etag: "1f826a8c0e6d491903c8950503dee442"
last-modified: Thu, 06 Jun 2024 14:16:24 GMT
link: <https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin=""
server: Framer/22dcab7
server-timing: region;desc="eu-west-1", cache;desc="cached", ssg-status;desc="optimized", version;desc="22dcab7"
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H3

200

/ Show response
id.biltrewards.com/login/iframe/userdata/ Frame 6456
Redirect Chain

https://id.biltrewards.com/login/iframe/userdata
https://id.biltrewards.com/login/iframe/userdata/

38 KB
10 KB

273ms
273ms

Document
text/html

34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/login/iframe/userdata/

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel / Next.js

Resource Hash

789440ff83f880c051a7291e2144aaea7bbcd22b6e48b8c802bbba42b925f33f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-type: text/html; charset=utf-8
date: Sat, 22 Jun 2024 09:38:53 GMT
referrer-policy: origin
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
via: 1.1 google
x-content-type-options: nosniff
x-matched-path: /login/iframe/userdata/
x-powered-by: Next.js
x-vercel-cache: MISS
x-vercel-execution-region: iad1
x-vercel-id: fra1::iad1::nxlpq-1719049132871-00437c69adda
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-type: text/html
date: Sat, 22 Jun 2024 09:38:52 GMT
location: /login/iframe/userdata/
refresh: 0;url=/login/iframe/userdata/
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 google
x-vercel-id: fra1::5d5t6-1719049132819-0fef12da209a

GET
H2 200 GT-America-Standard-Medium.woff2
static.biltrewards.com/fonts/ 56 KB
56 KB 224ms
103ms Font
application/octet-stream 35.241.5.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Medium.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:38:57 GMT
age: 3595
x-guploader-uploadid: ACJd0NoqbxXdrwxGE0tVsehsx7Vxh6IH43x42L-TecgTeYYuSg7Bf_G6UollM0m51nOlPHmhMRUg3XDDTg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1684953483763390
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57076
last-modified: Sat, 23 Sep 2023 19:54:37 GMT
server: UploadServer
etag: "63dc66a0acb63f7b9c52d3a1996896dc"
x-goog-generation: 1695498877684028
x-goog-hash: crc32c=rAUnxg==, md5=Y9xmoKy2P3ucUtOhmWiW3A==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 57076
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 GT-America-Standard-Regular.woff2
static.biltrewards.com/fonts/ 57 KB
57 KB 161ms
40ms Font
application/octet-stream 35.241.5.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Regular.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:38:57 GMT
age: 3595
x-guploader-uploadid: ACJd0Nrr0zlDsRsQqWA4-y7hEocE9_MnxzOTVrZ3iVnQkuCzyx-DbA1_6sjuOBln3T3QwS4I77oRfXVNwQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1679355032260337
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58164
last-modified: Sat, 23 Sep 2023 19:54:36 GMT
server: UploadServer
etag: "34faea2a319852842506af0b1871af2f"
x-goog-generation: 1695498876746138
x-goog-hash: crc32c=3JtdcA==, md5=NPrqKjGYUoQlBq8LGHGvLw==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 58164
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 Allyant_Accessibility_Badge.svg
static.biltrewards.com/assets/footer/ 9 KB
9 KB 171ms
40ms Image
image/svg+xml 35.241.5.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/footer/Allyant_Accessibility_Badge.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:47:00 GMT
age: 3112
x-guploader-uploadid: ACJd0NraboIXwLqB7Ym8muPcqMigzBOs0TfhDMDDcdKqd11hFd4CO7B6kSsH5R6boaFAb-VQUhY
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8902
last-modified: Mon, 22 Apr 2024 14:38:56 GMT
server: UploadServer
etag: "ec60b6278480c91cc0bdf8f7b2891638"
vary: Origin
x-goog-generation: 1713796736912798
x-goog-hash: crc32c=PEyyKw==, md5=7GC2J4SAyRzAvfj3sokWOA==
content-type: image/svg+xml
cache-control: public,max-age=3600
x-goog-stored-content-length: 8902
accept-ranges: bytes

GET
H2 200 rent-day Show response
www.biltrewards.com/api/ 161 B
3 KB 55ms
52ms XHR
application/json 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/api/rent-day

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d5b50801dc641fb1e2b950c09696a2aa30adc1551b5dbc274b99bd365e57cdd8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
baggage: sentry-environment=production,sentry-release=00d8db6e879d9f78c780c611a23bf7a1339f5751,sentry-public_key=50f039ff934e419597bde8e7652fc3d8,sentry-trace_id=db1a0a83fc24430aa62fe7968137a760,sentry-sample_rate=0.025,sentry-sampled=false
sentry-trace: db1a0a83fc24430aa62fe7968137a760-b06d981b0ac37ba7-0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:31 GMT
strict-transport-security: max-age=63072000
age: 21
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::bjhk8-1719049132830-eeee79bfa6bd
x-matched-path: /api/rent-day
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: application/json
cache-control: public

GET
H3 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
182 B 188ms
186ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 3355a88d5b25f2bae7bcfccdbdd05c6691cb2aee244c72d3410fc24d8fb484b6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: dd20cd13a1798a22fae955faf60001d5;o=1
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 160

GET
H2 200 rent-day Show response
www.biltrewards.com/api/ 161 B
280 B 103ms
44ms XHR
application/json 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/api/rent-day

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d5b50801dc641fb1e2b950c09696a2aa30adc1551b5dbc274b99bd365e57cdd8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
baggage: sentry-environment=production,sentry-release=00d8db6e879d9f78c780c611a23bf7a1339f5751,sentry-public_key=50f039ff934e419597bde8e7652fc3d8,sentry-trace_id=db1a0a83fc24430aa62fe7968137a760,sentry-sample_rate=0.025,sentry-sampled=false
sentry-trace: db1a0a83fc24430aa62fe7968137a760-b0929aa726716390-0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:31 GMT
strict-transport-security: max-age=63072000
age: 21
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::c6nrp-1719049132886-8a2189e15f99
x-matched-path: /api/rent-day
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: application/json
cache-control: public

GET
H3 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
184 B 410ms
220ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: cb4e961da6f8de98af0cb8f8c45675b0afab26bcd6e7d81bb5879bb06f370d9a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: f0a808c40e90ac8dd6e23ff339b5b4e7
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162

GET
H2 200 frontend Show response
flags.biltrewards.com/api/ 5 KB
850 B 170ms
166ms Fetch
application/json 34.160.241.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=339663205&appName=bilt-rewards&environment=default
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 4aaab72b09c5c1d7b90357e2b2dc8900b1fc21ba5cb318c82234310651538067

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: []:production.767dc0550cea97c01125b9a780c029c67e3abffd196459aaf71413e3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json
Referer: https://www.biltrewards.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: br
via: 1.1 google
etag: W/"1359-ZvIyQROSXmHpsCdSNXJxuw=="
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 200 frontend
flags.biltrewards.com/api/ Frame 0
0 290ms
157ms Preflight 34.160.241.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=339663205&appName=bilt-rewards&environment=default
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization
access-control-allow-methods: POST, PUT, HEAD, PATCH, CONNECT, GET, DELETE, TRACE, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 22 Jun 2024 09:38:52 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google

GET
H2 200 widget.js Show response
cdn.userway.org/ 2 KB
2 KB 157ms
39ms Script
application/javascript 2a02:6ea0:c700::22
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/assets/vendor/ada-compliance.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ac7c3dd84f3cd7cafadf1b5e77814c98d0439c1fe96f5eaf81f2370d2d155d4e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:52 GMT
via: 1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 248
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702653
x-77-cache: HIT
x-cache: HIT
x-age: 1420
x-accel-date: 1719047712
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwB1GY4tAH3jAUAAAwBisclxAH3fQIAAA
x-accel-expires: @1719051312
x-77-age: 1420
last-modified: Tue, 18 Jun 2024 09:08:13 GMT
server: CDN77-Turbo
etag: W/"ea664e9b286460f8889aaea1004c6dba"
x-77-nzt-ray: 6d204d11045b2fa1ac9b76664ee57538
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
vary: Accept-Encoding
x-amz-cf-id: MxTZIJcasfqqZ_6AjMhDdLdHkhf49OMm8ZzBoauh8Jx-Mm7rBQTGgA==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/ 518 KB
207 KB 131ms
40ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

612ad04469fba362238294e47106a2e6061ef90c111851c0cdcae2e3ee27a6bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 06:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9557
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 210814
x-xss-protection: 0
last-modified: Sat, 15 Jun 2024 04:02:13 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 22 Jun 2025 06:59:36 GMT

GET
H3 200 ui.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 295 KB
83 KB 364ms
311ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"2ff4fae52b8ac954d5874b92987806e9"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44995846b620-WAW

GET
H2 200 web Show response
id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/ 6 KB
7 KB 175ms
174ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/web
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: /
Resource Hash: bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google, 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json; charset=utf-8

GET
H2 200 chunk-JMD3LO76.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 562 KB
165 KB 171ms
50ms Script
text/javascript 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-JMD3LO76.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

29d3c8286a91c62982c3587e45983704c16c24f51271fda2dd69c3741b6b1b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 14:15:08 GMT
x-amz-version-id: J_wVtchRIGx10Bj5zspdloSRQBY7phMy
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
age: 1365826
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Va-9zg6QqeexKQYcpS2u9wgSKnZfPetq_z9sGLUcxPJCNx2oH-wFHA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jun 2024 14:14:30 GMT
server: CloudFront
etag: W/"86aa21516567f0f5a0c4009b7f73044e"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Accept-Encoding,Origin
timing-allow-origin: *
x-amz-cf-id: Va-9zg6QqeexKQYcpS2u9wgSKnZfPetq_z9sGLUcxPJCNx2oH-wFHA==

GET
H2 200 chunk-ELYU6EKT.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 447 B
1 KB 170ms
51ms Script
text/javascript 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-ELYU6EKT.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4e0ea1029eab3b7c0bb3183eaa684b29064f2de371720317b8a35519fe26589e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Jan 2024 02:31:13 GMT
x-amz-version-id: KBor7BFQn_pp2zxPGsA.bi5b6hyTs2yW
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 13676861
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ZmDUGYn9iQb2-p1Xxmk4I7nire6IdVbGzRcuYJ2doCma3MDu_7DlRA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
content-length: 447
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Jan 2024 18:18:07 GMT
server: CloudFront
etag: "bac0d5b5f6a61029b51079932ccda746"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ZmDUGYn9iQb2-p1Xxmk4I7nire6IdVbGzRcuYJ2doCma3MDu_7DlRA==

GET
H2 200 o5nx0y8gL9Q5XpEnTWw73jqlBv_82EBxcsRZtTau1_8.6JNKVFWS.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 722 KB
103 KB 119ms
51ms Script
text/javascript 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/o5nx0y8gL9Q5XpEnTWw73jqlBv_82EBxcsRZtTau1_8.6JNKVFWS.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

fd438b7b60f7bc26c93c1f85ee28415519bfc6ead5b02c08cbfe51ffc8bea846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 14:23:23 GMT
x-amz-version-id: FspJOjfrt.kHdIXiTCcGNiEZS0V1XcuP
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
age: 1365331
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="FRMp_3mFGKNGAvzaLnzKyqefbfQ8EUO8qdvFvl5ukNjf_E6SjRPyVw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jun 2024 14:16:23 GMT
server: CloudFront
etag: W/"2c34709ddd075f49a25f708cb82a07e0"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Accept-Encoding,Origin
timing-allow-origin: *
x-amz-cf-id: FRMp_3mFGKNGAvzaLnzKyqefbfQ8EUO8qdvFvl5ukNjf_E6SjRPyVw==

GET
H2 200 chunk-YMXEJLDD.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 700 B
2 KB 119ms
51ms Script
text/javascript 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-YMXEJLDD.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

1d6ec88f567df6145ff31cc4f634d8c576965b5572838f97f9de77af6c3d3239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 07 Feb 2024 07:46:54 GMT
x-amz-version-id: kqrsrKuANINZi08S3mJ7cUCGizvoSq7Y
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 11757120
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="a9FPcdBG7XTE33DtXeKbwqTs2ai-TA2lU5RJmPSywGDiOFdTftYR4Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 700
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Feb 2024 17:06:44 GMT
server: CloudFront
etag: "f2a1f09b1f23f395f4d6d7dd9f39d37b"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: a9FPcdBG7XTE33DtXeKbwqTs2ai-TA2lU5RJmPSywGDiOFdTftYR4Q==

GET
H2 200 chunk-42U43NKG.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 44 B
947 B 179ms
144ms Script
text/javascript 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-42U43NKG.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

7b2faec4335de81abbf1ebf794f91a4f2b870b317093448b84082b5f411c741c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 30 Nov 2023 16:55:56 GMT
x-amz-version-id: evlVAxy7o1HEHfkTxbxNsM7i9okrmm0E
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 17685778
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="84ABGtvC8shaxd4GtC1SGW3AeqnwbNWAsz4KtBzdJuBZhH4DqvHovQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 44
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Nov 2023 16:29:22 GMT
server: CloudFront
etag: "f5fe0cab78140e0e5aa29f68ce8c2888"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 84ABGtvC8shaxd4GtC1SGW3AeqnwbNWAsz4KtBzdJuBZhH4DqvHovQ==

GET
H2 200 script Show response
events.framer.com/ Frame 83AF 16 KB
6 KB 473ms
328ms Script
text/javascript 3.160.150.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events.framer.com/script

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.160.150.114 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-160-150-114.fra60.r.cloudfront.net

Software

Resource Hash

03337e69f3ba0d92c0ee4e6336eab382bbb5ce99d425bc1c0092a9b8618df364

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: gzip
via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amzn-remapped-content-length: 15882
x-amz-cf-pop: FRA60-P7
x-amzn-requestid: 3ec644f1-34d6-4e48-88be-fda7ac5b9de4
x-amzn-trace-id: Root=1-66769bad-0bc8acbb7af83c2874a57167
x-cache: Miss from cloudfront
content-type: text/javascript
timestamp: Sat, 22 Jun 2024 09:37:13 GMT
x-amz-apigw-id: Zw1DKE_VoAMEHwA=
content-length: 5325
x-amz-cf-id: mteAlVNl3nxXcDj8JHVN6sFctFlPd5Xl5ZsNnhdbAAspckXtrwbBJA==

GET
H2 200 QjUw3jJCmMzYz9c4QnfbBW9f90.png
framerusercontent.com/images/ Frame 83AF 132 KB
133 KB 188ms
67ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/QjUw3jJCmMzYz9c4QnfbBW9f90.png?scale-down-to=2048

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

dbf408b4b3dfd2f8d8eb0aeb6b7edbd058145baef0e6a6f66c5cdfae60ea6129

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060094
x-amzn-requestid: 3dc091e1-e03e-4bb6-8e0b-a1847090b251
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="35XUP7OVDJOsq0UqBpZUmO_4gtcU2EwTOFAXRlWN1ZpqNPhgHw1j8Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "9f44f9a2d3462b9c42daf50925f812a6"
x-amzn-trace-id: root=1-66572c6d-5653d00e16b2eb414cab87c3;parent=34eb06818d235f3c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 35XUP7OVDJOsq0UqBpZUmO_4gtcU2EwTOFAXRlWN1ZpqNPhgHw1j8Q==

GET
H2 200 OJrwICelx547sU9TUfsOWWw2XU.png
framerusercontent.com/images/ Frame 83AF 81 KB
82 KB 188ms
67ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OJrwICelx547sU9TUfsOWWw2XU.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4fe2c28d8627936146b3409c924fde52d8992d7899f9c13c2a10d10b922edffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060096
x-amzn-requestid: 6e0cc2f4-7637-4ec1-bbdc-dc83c05c5720
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="bY0ToR7XBLIBOWMXxjWJjjASBszk4Zf6V5RAG34eZM4_40UK4cMXcQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "1861c09973cf6e2fa2957a5a3db9c1dd"
x-amzn-trace-id: root=1-66572c6d-361e9e850f32cd4909c0669d;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: bY0ToR7XBLIBOWMXxjWJjjASBszk4Zf6V5RAG34eZM4_40UK4cMXcQ==

GET
H2 200 Bxu6GY24oplllZd0X0beaOpeu1Y.png
framerusercontent.com/images/ Frame 83AF 28 KB
29 KB 176ms
145ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Bxu6GY24oplllZd0X0beaOpeu1Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

20f77cc806e9b12931909006e7b7c0f3ef604448553127fb4840befb83e3dbdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904134
x-amzn-requestid: 21a7df8e-5453-415e-bedc-82721691ad88
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="43PLy3ozFGQU-vf0Yh9wlZod2z1QIMZBaPV7jTSTd2KV9TUH4qIbAw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "694649febd947e20961fdc52c36a1b6f"
x-amzn-trace-id: root=1-66598da4-721ea4037d5b0cd6514d5b2d;parent=43c7c2b2df20fa0d;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 43PLy3ozFGQU-vf0Yh9wlZod2z1QIMZBaPV7jTSTd2KV9TUH4qIbAw==

GET
H2 200 Yq0ObCqEE6wFZWZK5Dp54noE4.png
framerusercontent.com/images/ Frame 83AF 29 KB
30 KB 227ms
197ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Yq0ObCqEE6wFZWZK5Dp54noE4.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

37b0e3adcb423c67bf49bdd6d3dd0648efefa8d9e20480b0b29d46a19e4ba219

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: d46bac26-e09a-40e9-9fd5-afed7738ff75
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="VRJ9oR_uiyo55kDcFjOK4X-UfPc5TgtCOyI1-PIiM7AhpUDi8a17iA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "c6e24cdaccc5299d7a8f875f8743d30e"
x-amzn-trace-id: root=1-66598da4-2f196e0c6f1b0fe95a37fba3;parent=01213195f8a07e79;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: VRJ9oR_uiyo55kDcFjOK4X-UfPc5TgtCOyI1-PIiM7AhpUDi8a17iA==

GET
H2 200 kPxJM4tLgnLH1CadICtjXQIzHyU.png
framerusercontent.com/images/ Frame 83AF 11 KB
12 KB 171ms
141ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/kPxJM4tLgnLH1CadICtjXQIzHyU.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9f2de267caf2c16b77c75714244dca82f24cbad55ac1ebe2a521478f0f80d96c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 655c2465-83ac-4256-96e1-11e0768108fc
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CYSzWi7Pil-YnAaDs_6RRr2bBS7nAU69LM9dQTgsdqcY_alLMxdM_g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b6d8528cb0862d636f44357e6661fb6b"
x-amzn-trace-id: root=1-665db9e2-254a7ac76d7432ca070fda85;parent=264945b32c77953c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: CYSzWi7Pil-YnAaDs_6RRr2bBS7nAU69LM9dQTgsdqcY_alLMxdM_g==

GET
H2 200 kZedshteNKwEnTSThLDeUR8Dvg.png
framerusercontent.com/images/ Frame 83AF 4 KB
4 KB 231ms
201ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/kZedshteNKwEnTSThLDeUR8Dvg.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9ce46acefa37fdb6c3e82848ca0d9df1ab1c3e0ebaa9e13333bea9cc06a0417a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904136
x-amzn-requestid: 9cf6db6d-409a-4c2d-9ab2-258a0d7d4101
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="gp80fGB68oeap8MkjB2vfWTKXbR4Jnma05Mff3hVCdV9f9dUHAsA-w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "26203c8dff3ed4958d08038a155e0508"
x-amzn-trace-id: root=1-66598da4-0c626deb69d2ff1536d8ef45;parent=3da6b0933a5c7898;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: gp80fGB68oeap8MkjB2vfWTKXbR4Jnma05Mff3hVCdV9f9dUHAsA-w==

GET
H2 200 PpmuiGEDXM3kHtBp5icQtJnddr8.png
framerusercontent.com/images/ Frame 83AF 28 KB
29 KB 182ms
152ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/PpmuiGEDXM3kHtBp5icQtJnddr8.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fbae4ca2b9bfa35c988e17cda52739ebb5fccae54aadcbd3bd60ea685d8f7db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630664
x-amzn-requestid: 2967c2f4-83a7-4b05-ad1e-bee6a85e63d2
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="vsuIEhUaHS6LZTj_bKiaeLwNKKJcjtMAzvG7LDtB9qf0BumOymVFyQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4d149524d55a92725620617c72dc0f5b"
x-amzn-trace-id: root=1-665db9e4-3a03706506592bf701908d96;parent=0398abb62d612e13;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: vsuIEhUaHS6LZTj_bKiaeLwNKKJcjtMAzvG7LDtB9qf0BumOymVFyQ==

GET
H2 200 u3YgOCmum1dUpL43rOc7L0t2pTE.png
framerusercontent.com/images/ Frame 83AF 30 KB
31 KB 188ms
159ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/u3YgOCmum1dUpL43rOc7L0t2pTE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

af579449c699ae38f8549823d30a2431f10ff142d8b8a7b020c3c3fa657afb04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 948e388f-22b0-4706-8615-9ae55b7cec87
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="U7RfVbEMX4w_Q6k9LloOAW5TLv-gomVzIpehWB0_rMdVTK5EBf63HA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "54d9766988f720d880a80bcd046a7f4c"
x-amzn-trace-id: root=1-66598da4-4bd94c9d39d417a513be5ec3;parent=7f222031b585e31c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: U7RfVbEMX4w_Q6k9LloOAW5TLv-gomVzIpehWB0_rMdVTK5EBf63HA==

GET
H2 200 q2ZbwDh95WKyNtMuZKqIZa0Y.png
framerusercontent.com/images/ Frame 83AF 65 KB
66 KB 206ms
176ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/q2ZbwDh95WKyNtMuZKqIZa0Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b44fba50cfe4f65d7064ea44d718ca944a543a21523a1199f54b51267b382aaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: eff35b84-b4f1-49cc-95af-f92d18a80e02
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="n7asi2I7446E0GJMv6kJKcfkl5YbZsZB1736mqzT-t9OeMOWcmT7jA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "92970d3281920a9345514e4c0b3d8611"
x-amzn-trace-id: root=1-665db9e2-518bcac235956b6b5676ffab;parent=2d2530afbab55057;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: n7asi2I7446E0GJMv6kJKcfkl5YbZsZB1736mqzT-t9OeMOWcmT7jA==

GET
H2 200 VyL41pOzjpyf0ifC7GjerSeo3E.png
framerusercontent.com/images/ Frame 83AF 38 KB
39 KB 198ms
168ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/VyL41pOzjpyf0ifC7GjerSeo3E.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7b54954f42c244b6469b41796790bf3a73ef8dea90df796de72700e338510b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 2daf957c-5c19-4ed7-bce0-d2a59eb5ba15
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="GpSsU8rvsSZ0pI5wAeqcj81DDz1jNqGx12U-3y5U5CpnREp33RIH-w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "8ee442950d0dfd58fb72890fdf5ef378"
x-amzn-trace-id: root=1-66598da4-1d8199fa1f2323420dfa21eb;parent=75a1c780cb8736e5;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: GpSsU8rvsSZ0pI5wAeqcj81DDz1jNqGx12U-3y5U5CpnREp33RIH-w==

GET
H2 200 ly7hsGndYyaskNI1AqcxaAt6I.png
framerusercontent.com/images/ Frame 83AF 17 KB
18 KB 220ms
190ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/ly7hsGndYyaskNI1AqcxaAt6I.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c4364793c025ac994a20ca914390c6149d96d04d49e899c1f2841b86403085d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 71735d26-de1a-465c-9c5e-aaaf90897b42
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="9xntoX0AP1zyAsS_hUH44tQ40C37Xwq1HB-wyH8lKLT70NbUcj8GLg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "02ea2c88a54ea62fa4c658d492294406"
x-amzn-trace-id: root=1-66598da4-783ae3b149df1f67619ab9b3;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 9xntoX0AP1zyAsS_hUH44tQ40C37Xwq1HB-wyH8lKLT70NbUcj8GLg==

GET
H2 200 RVFtmFp0chpaTRBkxXKss5HkWuI.png
framerusercontent.com/images/ Frame 83AF 16 KB
17 KB 238ms
209ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/RVFtmFp0chpaTRBkxXKss5HkWuI.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

202acd59e03fcb77117dc9236c520e2d05a94970cba9c7b5cb9a5b59b3044f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630664
x-amzn-requestid: d4622b8d-3758-4fb0-ae40-0f260aa2d2b3
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="D8jZxEcm_aV1SdOVspdxlj0ZYDlyWMZtHbBeM61DRABhhIaRaUPApg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "e00b69153884cd656dc2b410e8b08cc9"
x-amzn-trace-id: root=1-665db9e4-6407f79559a1e1a35d384043;parent=56c4dce1803ec62b;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: D8jZxEcm_aV1SdOVspdxlj0ZYDlyWMZtHbBeM61DRABhhIaRaUPApg==

GET
H2 200 wkMxGLA0wVGsaSgWt2doW86Zic.png
framerusercontent.com/images/ Frame 83AF 23 KB
24 KB 244ms
214ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/wkMxGLA0wVGsaSgWt2doW86Zic.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b7b48e76ac20a8506f11556b83cbbc3da9ed6d26be2b200c37395efc4acb54da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630665
x-amzn-requestid: f484bbe3-b5ff-4517-8cee-dfe0512c5187
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Dsg2XSeKICa989irBXrnQunLywTunupMuP7uuc-6W-p0nMEBKIk7DA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "54bf9e3a2a9f9265c6a95ecfa43f52cc"
x-amzn-trace-id: root=1-665db9e2-651b91d42612b063681a5491;parent=65955e563fd658ab;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Dsg2XSeKICa989irBXrnQunLywTunupMuP7uuc-6W-p0nMEBKIk7DA==

GET
H2 200 UPxnowvsa2Fbt3lp5oDDFXRjROc.png
framerusercontent.com/images/ Frame 83AF 24 KB
25 KB 245ms
216ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/UPxnowvsa2Fbt3lp5oDDFXRjROc.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c9ea60675037dce0df08f2176c1aae4a77109ebbde2731de6a1c2877cf25d385

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 3cc689dd-3955-497e-aa41-7d0a3d1d3d0e
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="DbhBr9N7JiFPj9wv84CI0PrzygPSoMZolIF4Oa1_3q22hRJednBkOA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b00357e17985a8fa8eccecede802323b"
x-amzn-trace-id: root=1-665db9e2-402eb0a1276d338178d877c0;parent=0ee42dc5dc766c5d;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: DbhBr9N7JiFPj9wv84CI0PrzygPSoMZolIF4Oa1_3q22hRJednBkOA==

GET
H2 200 2Zx97veGwo826dqlIbR2hMKiY.png
framerusercontent.com/images/ Frame 83AF 115 KB
116 KB 260ms
231ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/2Zx97veGwo826dqlIbR2hMKiY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e89e060a5fbaf33c2384ec566de329536cb538cf6aa813f307976510270cd92f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630663
x-amzn-requestid: 4aabbcd8-0b71-4a3f-a86b-62235ed0ab0a
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="mpWP3JfrXg6YcWSKPqmeyU-Zv6qvMhhJF9ekWGtDxdxHJdfn6a04Gg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "c22d0e2420f65629a25b5832e55d875c"
x-amzn-trace-id: root=1-665db9e4-119c5a1958e6203b5e2c5b47;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: mpWP3JfrXg6YcWSKPqmeyU-Zv6qvMhhJF9ekWGtDxdxHJdfn6a04Gg==

GET
H2 200 i6iRuC8inkOu49dyb2cMx7KLX9o.png
framerusercontent.com/images/ Frame 83AF 21 KB
22 KB 287ms
258ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/i6iRuC8inkOu49dyb2cMx7KLX9o.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

62c08a47b9c1ea92ff71f00169d06efb448ca8776fcb802eec4cabbfa2330b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904136
x-amzn-requestid: 75e3b5a6-b1c4-4672-a30a-9e2c5811203e
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ny0MN3rYQLRJlVGaT7cpUaHDrUrqp3ObCtprFRvXhvTmchkAZTmpMw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4cfb90fa3ade57033e09c070cbd91b79"
x-amzn-trace-id: root=1-66598da4-443bc49c570d03fe72ece2c0;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ny0MN3rYQLRJlVGaT7cpUaHDrUrqp3ObCtprFRvXhvTmchkAZTmpMw==

GET
H2 200 4Um58dLygSHRrlUbzVAaCiPfHeE.png
framerusercontent.com/images/ Frame 83AF 47 KB
48 KB 292ms
263ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/4Um58dLygSHRrlUbzVAaCiPfHeE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f1cb3329ff7fd33266cf9cccb78db005f7debfb81c04064dc99027e70ae802b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904134
x-amzn-requestid: 0d41e008-20c6-4d6b-a5b9-88f87a853419
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="hsjTcrNkAmtsVfffpdTkv33q-Wzt8P2vrhoBOW5EfercoXrfHvhp7A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "197f62d4bf715c9807e791b412362eef"
x-amzn-trace-id: root=1-66598da4-3760d7b84b6e6b2472d72963;parent=6bc7e912b0d61504;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: hsjTcrNkAmtsVfffpdTkv33q-Wzt8P2vrhoBOW5EfercoXrfHvhp7A==

GET
H2 200 OwD5vj1mJJkrw8fQ4TLBsZu7VY.png
framerusercontent.com/images/ Frame 83AF 61 KB
62 KB 304ms
275ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OwD5vj1mJJkrw8fQ4TLBsZu7VY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ce5ba9175b06a09cbcf8a19a531d9b73387910d84102e3f1f2485b9174bc4387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060096
x-amzn-requestid: 871e5468-64ea-455c-add6-e5f50abd8d83
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="xYCY3NHyExLO6XdugVK5rLbXwUlJFwuVmuW6TR9-hxwuya--Ex7BsQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "94b01a5a19008bafc1d542d3263e3c49"
x-amzn-trace-id: root=1-66572c6c-18c7254f2b7ad69361d7b718;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: xYCY3NHyExLO6XdugVK5rLbXwUlJFwuVmuW6TR9-hxwuya--Ex7BsQ==

GET
H2 200 6tTbkXggWgQCAJ4DO2QEdXXmgM.svg
framerusercontent.com/images/ Frame 83AF 214 B
1 KB 303ms
274ms Image
image/svg+xml 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/6tTbkXggWgQCAJ4DO2QEdXXmgM.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ca764b5867087d3c5ffc2bb0497a50b2ecf18ae7252169951ec97e18a592973d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630673
x-amzn-requestid: 287cb11d-cee8-4c57-ab46-862af731cfe1
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Yx7h-zkykKmOvMgypIFpIIyiGUe_VrFwC1xqTvmaHCkkQwtaMLsZfw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "a97b47fb394d0ff03e5b03f3e8770898"
x-amzn-trace-id: root=1-665db9dc-328707dd2530ef0b0da46ad7;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Yx7h-zkykKmOvMgypIFpIIyiGUe_VrFwC1xqTvmaHCkkQwtaMLsZfw==

GET
H2 200 11KSGbIZoRSg4pjdnUoif6MKHI.svg
framerusercontent.com/images/ Frame 83AF 215 B
1 KB 304ms
275ms Image
image/svg+xml 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/11KSGbIZoRSg4pjdnUoif6MKHI.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

6fce5a0604a6267ad769dd5e7afbfcf8bd0390897f682aec71f6307999a5b67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904145
x-amzn-requestid: a3c947f9-e9c6-4b08-ae8d-e304bf927afe
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ZNBKnbWmrilzttgf-03kqrgoVxUNuZHQpuzLm4nQYm8dYHPgECqDLQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "a708cac1128e9b31af21c0c9dc3af441"
x-amzn-trace-id: root=1-66598d9c-484ff6b764d55c14758247ae;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ZNBKnbWmrilzttgf-03kqrgoVxUNuZHQpuzLm4nQYm8dYHPgECqDLQ==

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ Frame 83AF 275 KB
0 0ms
0ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a24e1d533fa7898b393c136b75936b4e48878326fa67a1924ea38991a6a0171b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:48:31 GMT
content-encoding: br
via: 1.1 google
age: 3021
x-guploader-uploadid: ACJd0NrXMXGjMMYMionFh3k4kal5hobWRagP_qdA1r1-ryGyf6PL9SHPXBX6gCUsZlaKL2xQgVQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76040
last-modified: Thu, 20 Jun 2024 15:42:55 GMT
server: UploadServer
etag: "782a3b440bb3ac8eb0962ba7bff21d02"
vary: Accept-Encoding
x-goog-generation: 1718898175485164
x-goog-hash: crc32c=2tmGTA==, md5=eCo7RAuzrI6wliunv/IdAg==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 76040
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 22 Jun 2024 09:48:31 GMT

GET
H2 204 init Show response
mgln.ai/ 0
1 KB 194ms
170ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/init

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049133&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=7pJVqYkF9R4DfUmZxWZPWrJCrI2csMIEk5dvycB3fJI%3D
x-request-id: 2755aaba-4961-4ff8-9afd-61917de5cd7f
x-runtime: 0.001474
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049133&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=7pJVqYkF9R4DfUmZxWZPWrJCrI2csMIEk5dvycB3fJI%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 897b449a3b97bbbf-FRA

GET
H2 200 middleware.a67f50f18838564a.js Show response
www.biltrewards.com/_next/static/chunks/ 27 KB
11 KB 66ms
66ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/middleware.a67f50f18838564a.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-c6ed2485346d62d6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

f5c11b2faacb090663dba1dbdd9ac247f815004deb2c0fb69748b1f596631651

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="middleware.a67f50f18838564a.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cslv2-1719049133193-579423e463fe
x-matched-path: /_next/static/chunks/middleware.a67f50f18838564a.js
etag: W/"d8ed6ecf1bcf2403242c563af4e25811"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 ajs-destination.7b1c63e918e17749.js Show response
www.biltrewards.com/_next/static/chunks/ 30 KB
10 KB 71ms
71ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/ajs-destination.7b1c63e918e17749.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-c6ed2485346d62d6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

64a682d09e22f72c124f301d043a75f56b14238959bb1f06853663a3e570119f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
strict-transport-security: max-age=63072000
age: 40198
content-disposition: inline; filename="ajs-destination.7b1c63e918e17749.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::h5m2n-1719049133193-92f3eaf29625
x-matched-path: /_next/static/chunks/ajs-destination.7b1c63e918e17749.js
etag: W/"e02eef26b019af592529267e31bd4e1f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 Allyant_Accessibility_Badge.svg
static.biltrewards.com/assets/footer/ Frame 6456 9 KB
0 4ms
3ms Image
image/svg+xml 35.241.5.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/footer/Allyant_Accessibility_Badge.svg
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:47:00 GMT
age: 3112
x-guploader-uploadid: ACJd0NraboIXwLqB7Ym8muPcqMigzBOs0TfhDMDDcdKqd11hFd4CO7B6kSsH5R6boaFAb-VQUhY
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8902
last-modified: Mon, 22 Apr 2024 14:38:56 GMT
server: UploadServer
etag: "ec60b6278480c91cc0bdf8f7b2891638"
vary: Origin
x-goog-generation: 1713796736912798
x-goog-hash: crc32c=PEyyKw==, md5=7GC2J4SAyRzAvfj3sokWOA==
content-type: image/svg+xml
cache-control: public,max-age=3600
x-goog-stored-content-length: 8902
accept-ranges: bytes

GET
H3 200 d53115df1a52623d.css
id.biltrewards.com/_next/static/css/ Frame 6456 17 KB
3 KB 59ms
57ms Stylesheet
text/css 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/css/d53115df1a52623d.css

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

1ad5cbd82e3a7cf3ccd6a845dfc3553a53387f6fc00226442c468d9099a9ec71

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="d53115df1a52623d.css"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::ccl7q-1719049133376-425e24f1f834
x-matched-path: /_next/static/css/d53115df1a52623d.css
etag: W/"61e4fed0e5435a3827180654d403bcfe"
x-vercel-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 webpack-b0a5e1d7374acc7a.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 4 KB
2 KB 217ms
202ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/webpack-b0a5e1d7374acc7a.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

51b136f6f84fedaeb07360a1e92942da0ebe5ec5384541b530f86e42d19551f2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 10837
content-disposition: inline; filename="webpack-b0a5e1d7374acc7a.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::47v88-1719049133983-73241bc79295
x-matched-path: /_next/static/chunks/webpack-b0a5e1d7374acc7a.js
etag: W/"4c987c24bcb6db6af8a60a785eee8e34"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 0a08d48a-4dbd3104a60c9a9c.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 168 KB
54 KB 171ms
157ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/0a08d48a-4dbd3104a60c9a9c.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

0d77c0ca71f84e8e1b82911c1c6e7ba7b5c192b1ce10bce9a8db97e08139e688

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="0a08d48a-4dbd3104a60c9a9c.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::t4kjl-1719049133980-50066fb4c12a
x-matched-path: /_next/static/chunks/0a08d48a-4dbd3104a60c9a9c.js
etag: W/"02995431b62df8b1c8b38a1e08ba3f2e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 229-b73ce4ace404a953.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 223 KB
66 KB 187ms
174ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

83aabe649060a7e2ae2d90805d2e69bfcb75b54156056654bea6e44ef5487d72

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 14005
content-disposition: inline; filename="229-b73ce4ace404a953.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::dsq8s-1719049133982-ec55c916a16f
x-matched-path: /_next/static/chunks/229-b73ce4ace404a953.js
etag: W/"0dc8b8f8e79454fae0001b8f92bf3d69"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 main-app-0ea49371b9deef83.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 4 KB
2 KB 91ms
80ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/main-app-0ea49371b9deef83.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

f055a73d3fe13b7d925ba16aafa34752b4eb2d189e090582bafe9175201a300c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="main-app-0ea49371b9deef83.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::7hj89-1719049133974-2c076179b929
x-matched-path: /_next/static/chunks/main-app-0ea49371b9deef83.js
etag: W/"e1b54fdcba70908a711cac944899ccb7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 721-2cdcc63a9f471ed1.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 93 KB
33 KB 87ms
76ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/721-2cdcc63a9f471ed1.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

ecb6a4d933a00cfe52f85667db28eda1780e587a99b82356d51da319d6393b1a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="721-2cdcc63a9f471ed1.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::tcxqg-1719049133975-d72a351bfcaa
x-matched-path: /_next/static/chunks/721-2cdcc63a9f471ed1.js
etag: W/"e16ae8fa970bcea41cfc409b7840368f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 page-b1f02fc899a86e23.js Show response
id.biltrewards.com/_next/static/chunks/app/login/iframe/userdata/ Frame 6456 4 KB
2 KB 210ms
197ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/app/login/iframe/userdata/page-b1f02fc899a86e23.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

b6f4991669d6ea1940677643d7de78a35d53b2eb8c7857d4596071f83b08a287

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 14237
content-disposition: inline; filename="page-b1f02fc899a86e23.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::khzxs-1719049133981-d9eb0b356e66
x-matched-path: /_next/static/chunks/app/login/iframe/userdata/page-b1f02fc899a86e23.js
etag: W/"b715639ba269e78215022618554ba1b0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 a1377a71-fd6e3887691d8424.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 117 KB
38 KB 197ms
183ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/a1377a71-fd6e3887691d8424.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

12ce72c5dd8a160d24d631751a8cac946705951d40e2138443784332c1fb4bc1

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="a1377a71-fd6e3887691d8424.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::f6pkl-1719049133984-126af0174058
x-matched-path: /_next/static/chunks/a1377a71-fd6e3887691d8424.js
etag: W/"c7cb8d8f3220b324d05f9afcde0465e2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 79c2edf2-5442c814c6a09f6a.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 80 KB
21 KB 212ms
198ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/79c2edf2-5442c814c6a09f6a.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

494a146ffec032558a2c89bca94c444f5bd0ea6970b068b7448cc32de2dc9683

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 24913
content-disposition: inline; filename="79c2edf2-5442c814c6a09f6a.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::4bv45-1719049133982-72e27a17c53a
x-matched-path: /_next/static/chunks/79c2edf2-5442c814c6a09f6a.js
etag: W/"0ff58599fb395d77aa49df6c42419bca"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 970-ba0531afe4c18711.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 363 KB
118 KB 284ms
270ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/970-ba0531afe4c18711.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

500ee0fc9dcd17ca71b3709172a4dddd674597fae73bc448e7fa1c49c337e33e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="970-ba0531afe4c18711.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::h9bx4-1719049133984-974f828242c3
x-matched-path: /_next/static/chunks/970-ba0531afe4c18711.js
etag: W/"52b64fc67f4e945ff2be5ed2599882bd"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 956-979c1c6573794c8a.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 49 KB
18 KB 90ms
72ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/956-979c1c6573794c8a.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

6266e044e9d67f5e08c39dec30aeb2c9ffc3dbf6c837a6f60da52b050b474794

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 15443
content-disposition: inline; filename="956-979c1c6573794c8a.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::9p4nc-1719049133990-80de3448b0fc
x-matched-path: /_next/static/chunks/956-979c1c6573794c8a.js
etag: W/"5e532490d718659e463dda126fa78820"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 19-6c4c6d287fe1dcd1.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 26 KB
9 KB 99ms
80ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/19-6c4c6d287fe1dcd1.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

0feefca7e8ce6c3ebd31a7cfa3512c71c26cdefd210d2f74a5e89bbd839f622a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="19-6c4c6d287fe1dcd1.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049133984-12e6b7dde403
x-matched-path: /_next/static/chunks/19-6c4c6d287fe1dcd1.js
etag: W/"134ff8076a49217295dcbb38327137ae"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 923-26508e10a6c6e37d.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 6456 331 KB
107 KB 103ms
84ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/923-26508e10a6c6e37d.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

4b45f70cbcd6394f27df04bee4c1aca056efc2eee825131d1e377dc096e7ee14

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="923-26508e10a6c6e37d.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::7hj89-1719049133984-86942daf5703
x-matched-path: /_next/static/chunks/923-26508e10a6c6e37d.js
etag: W/"7781afa8c366c6bc91bd9d5ae46565d9"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 layout-1536083dd496a9da.js Show response
id.biltrewards.com/_next/static/chunks/app/ Frame 6456 62 KB
16 KB 142ms
124ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/app/layout-1536083dd496a9da.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

cb827af49284733662d398bf4818138a436923da9ba38393931ac0ac53e013ee

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 40571
content-disposition: inline; filename="layout-1536083dd496a9da.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::s74l2-1719049133989-66145c95c374
x-matched-path: /_next/static/chunks/app/layout-1536083dd496a9da.js
etag: W/"e9eeadbb3085f8039ff315754091e38b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 agent.js Show response
cdn.deviceinf.com/js/v4/ Frame 6456 310 KB
0 8ms
8ms Script
application/javascript 172.67.136.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.deviceinf.com/js/v4/agent.js
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.136.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA53-C1
age: 1835
x-amz-server-side-encryption: AES256
content-encoding: zstd
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
server: cloudflare
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BhGadvAhqAX3pIlmGLi%2F0YAvSF16arWm%2BRsEC9rdIns7MqvUef68VobpK03SBODUaVMTioSoYeK52Sza6VlVu8YLa4bIm9bWBCLKFW%2Bnr3i%2FXuQ6V3eUet3Sm2Fm9LGfwOX5sA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 897b4493898a37d2-FRA
x-amz-cf-id: y_3FpCdUdMArkg2QdL3NLjdSiN_1iU6xqu8BX64SA6hwYMZxYTtpRA==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ Frame 6456 2 KB
0 9ms
9ms Script
text/javascript 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

GSE /

Resource Hash

c3041035d4df7dabf7fc7f0f2751666758cabfa9cba703be2a3763b213bfaecf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 22 Jun 2024 09:38:52 GMT

GET
H3 200 airgap.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 6456 105 KB
0 9ms
9ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:52 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"f40739130aa0cc889c7fc63c2ffe78ae"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44938d01c060-WAW

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 269 KB
93 KB 81ms
79ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10874839969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e53275f385e2028b72ff5befb16d9c572ce15af0acbdad0b6a883727eea7fe7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94632
x-xss-protection: 0
last-modified: Sat, 22 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Jun 2024 09:38:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 295 KB
101 KB 90ms
88ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QLSYZKSM0E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b23080a581fce2c39cc64439ea784226a4a6e2ed79736690f5af9ea5226f9b60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 102863
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 22 Jun 2024 09:38:53 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 178ms
49ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Jun 2024 19:23:03 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12116

GET
H2 200 scevent.min.js Show response
sc-static.net/ 47 KB
21 KB 182ms
63ms Script
application/javascript 143.204.207.250
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.207.250 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-250.fra53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 49b343928b1ecfd853bbabd42279e84443b766a99c97888e3cd1441944381023

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: gzip
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 20523
x-amz-cf-id: TZPLZXBs0jpFpQnO2kOEDMQnS2q-6cXaLIuhD1L-buL_BJtAbPsKTg==

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 375ms
180ms Script
application/javascript 104.81.60.131
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.81.60.131 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-81-60-131.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6089ff6068ba58f811c9bd97012b755c5481801e4dede1cc0dc871967959ca1c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 43c646b8.14cf0749
date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240622093853E7BBD7BF79E29894AD8B-21913EDB5A9A4DD7-00
x-cache: TCP_MISS from a104-81-60-127.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time: 114,104.81.60.127
server-timing: cdn-cache; desc=MISS, edge; dur=105, origin; dur=10, inner; dur=2
content-length: 2298
pragma: no-cache
server: nginx
x-tt-logid: 20240622093853E7BBD7BF79E29894AD8B
x-cache-remote: TCP_MISS from a23-220-104-8.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 10,23.220.104.8
x-tt-trace-host: 01c67c59c51e22f2e3f175b97e1af2f2e0f963f076d4474da39601c7e533eae9c5c434dbb28676ce039ba52e8383abe6472c37b030120fbecbe46f5e500e3e785c0c07f3ab0a8ffc9edae73de5ee83fd57c72bdaefd242dd0c93d6ffbf05b54dd5132e53e7b0733a1f14487aeb0a5de77f
expires: Sat, 22 Jun 2024 09:38:53 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
8 KB 275ms
136ms Script
text/javascript 35.157.157.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.157.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 138491efc73fe612c6741a53f4d87034642453b09598bf4ed47e88c0a44d101c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 22 Jun 2024 09:38:53 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 b-00ri.min.js Show response
b-code.liadm.com/ 101 KB
36 KB 186ms
48ms Script
application/javascript 2600:9000:275d:9a00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/b-00ri.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:9a00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 02:28:15 GMT
content-encoding: gzip
via: 1.1 1f5c750c03b26301631398b45f61e262.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P11
age: 25838
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public,max-age=86400
x-amz-cf-id: n4HZaA2o4o4sOegIk5gG4Cq6-NC6pYdgGH6FrzY_FpZ5DF7AkIQD8Q==

GET
H2 200 t.png
tvspix.com/ 68 B
193 B 249ms
211ms Image
image/png 54.70.128.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tvspix.com/t.png?&t=1719049133440&l=tvscientific-pix-o-946859a1-af7d-49da-bef5-a1dcf030077a&u3=https%3A%2F%2Fwww.biltrewards.com%2F
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.70.128.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-70-128-238.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
pragma: no-cache
date: Sat, 22 Jun 2024 09:38:53 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 68
expires: 0

GET
H3 200 widget_app_base_1718701551140.js Show response
cdn.userway.org/widgetapp/2024-06-18-09-05-51/ 153 KB
44 KB 107ms
49ms Script
application/javascript 156.146.33.138
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widget.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 156.146.33.138 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 494557430.fra.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6aaebe577c186a50a1a101fc8b8d3717037e9e06b04411aaa1ab6181ca7820bb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 603f36cbe39a66d93949b80e7296dad4.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 834
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702616
x-77-cache: HIT
x-cache: HIT
x-age: 346517
x-accel-date: 1718702616
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwBnJIhiAH3lUkFAAwBnJIhJwH3DQAAAA
x-accel-expires: @1744622603
x-77-age: 346517
last-modified: Tue, 18 Jun 2024 09:08:08 GMT
server: CDN77-Turbo
etag: W/"77708384a0baaf6b42aab0ec27776aab"
x-77-nzt-ray: f6587a1dc6008f17ad9b7666e24d8d21
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: abosIwSIJzFaOE5IBt217N739FeFPEdi_rgWO-L4Xgb6p5NxigJXrA==

GET
H3 206 ysCNtc4urbg6XoahxtFjQ5iM.mp4
framerusercontent.com/assets/ Frame 83AF 95 KB
0 54ms
54ms Media
video/mp4 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/ysCNtc4urbg6XoahxtFjQ5iM.mp4

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer: https://www2.biltrewards.com/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 21 Feb 2024 19:18:05 GMT
x-amz-version-id: ZGpzvVL52zWME_U_sZUF.yLajT1DjUei
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 10506049
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
Content-Range: bytes 0-7171940/7171941
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="3hTnfWhBEMeElSnfhNmM0BLGGvHCcHK7F7EhVosbZJrb6flehN6euw==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
Content-Length: 7171941
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 21 Feb 2024 19:00:48 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "007bb0d7a6f76537bc66283ea97c56f3"
x-frame-options: deny
content-type: video/mp4
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 3hTnfWhBEMeElSnfhNmM0BLGGvHCcHK7F7EhVosbZJrb6flehN6euw==

GET
H2 200 GT-America-Extended-Bold.woff2
static.biltrewards.com/fonts/ 63 KB
63 KB 54ms
50ms Font
application/octet-stream 35.241.5.91
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Extended-Bold.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:37:13 GMT
age: 100
x-guploader-uploadid: ACJd0NoBDti9bbUFlepZUBl3-MPviCc0nDjVlxDRFCCWnM35Bdw0gocS3KyaLJRI7yEmqQdjp8P7Gh1bHw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1679355033778551
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64096
last-modified: Sat, 23 Sep 2023 19:54:37 GMT
server: UploadServer
etag: "62d21cb9a8474aa65c284dc0af48bc30"
x-goog-generation: 1695498877482917
x-goog-hash: crc32c=ri+bug==, md5=YtIcuahHSqZcKE3Ar0i8MA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 64096
accept-ranges: bytes
content-type: application/octet-stream

GET
DATA 200
OK truncated
/ Frame 83AF 16 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6162a259efcc903ece88a8301a46b44e3a77c220b3752c01eb02caa0af358870

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 16 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab32bc58349446cd3c8761af45640b13ed01073a6553e5779a9b03852d591ca4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 536 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea9ed2f612e41fcd700060fad5eff94165c56fb549e6334173177b4a540a5a9d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5b3b178dc8df3767511096744a36ee3edcee7ed62be5f8504244e6b70cf7398

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 406 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 990fba98068c77b0616f1d04a1df3ae1e0b6a0fe19809beb34864ab99044ba78

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 LqDnnljXEwgpUOKntxS1EWW6Rg.woff2
framerusercontent.com/assets/ Frame 83AF 62 KB
63 KB 77ms
75ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/LqDnnljXEwgpUOKntxS1EWW6Rg.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

b758c20d70f6b20fa85f31c23b9dea1ad5551a1cfd9ed56485c63cc592b2a15b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 11 Dec 2023 19:43:08 GMT
x-amz-version-id: 2K1KJcp0J5ZC8eipZGka2Zx75YaYhk90
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 16725345
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="IAplk3I_S0EsZkc4dUgK8aFfXf1ICuYJH0uS6edC7a9sRrhi96DrzQ==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
content-length: 63328
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 Mar 2023 21:13:11 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "c2d37cba33fee33551bad2907242eab9"
x-frame-options: deny
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: IAplk3I_S0EsZkc4dUgK8aFfXf1ICuYJH0uS6edC7a9sRrhi96DrzQ==

GET
H3 200 ZOQnZ28bo7qibfKtLjS7lnsO4~aPaqOZNJkxYT2qc_-WAEnT8sEAw10p7tnZdSX4PzEH4.woff2
framerusercontent.com/modules/assets/ Frame 83AF 57 KB
58 KB 64ms
62ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/assets/ZOQnZ28bo7qibfKtLjS7lnsO4~aPaqOZNJkxYT2qc_-WAEnT8sEAw10p7tnZdSX4PzEH4.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

ae3cd625206f3b22398ce3e5ffcc22c2a6ff95a535e7c4addbfb7e7e2d146ace

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 10:45:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2155978
x-cache: Hit from cloudfront
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="U-502Ho1kPn8m0EglQarLc1eWPO5m2SwkrOX4e5hOQCJTWdkgvInrA==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 58660
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=2592000, immutable
vary: Accept
timing-allow-origin: *
x-amz-cf-id: U-502Ho1kPn8m0EglQarLc1eWPO5m2SwkrOX4e5hOQCJTWdkgvInrA==

GET
H3 200 s15i8VNMBMOyVBn9RdA2jtEVxk.woff2
framerusercontent.com/assets/ Frame 83AF 61 KB
62 KB 64ms
63ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/s15i8VNMBMOyVBn9RdA2jtEVxk.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

9dd316606967a03abedcf35c83300f9763241b13a2066f67dabff0573def70e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 08 Oct 2023 21:54:56 GMT
x-amz-version-id: QzjntSJQOtTLeMbw9KBGRRx4g5m0iW0c
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 22247038
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="2qU2D-yNRqTPIEDcwNI1i5jP51ESDHoH-Vb_7wFBcRz4i0gGhg__6Q==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 62460
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 Mar 2023 21:13:09 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "5fff9cfbc052741b83f04fadc035af87"
x-frame-options: deny
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 2qU2D-yNRqTPIEDcwNI1i5jP51ESDHoH-Vb_7wFBcRz4i0gGhg__6Q==

GET
H3 200 9vZ4CFUb3rKQR5PiFoCAG4XK9ds~OMnLjX5KG42fbQ9CabmPYWfngmsLKfBkxrst4820Nz8.woff2
framerusercontent.com/modules/assets/ Frame 83AF 56 KB
56 KB 77ms
75ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/assets/9vZ4CFUb3rKQR5PiFoCAG4XK9ds~OMnLjX5KG42fbQ9CabmPYWfngmsLKfBkxrst4820Nz8.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

ff65c7581b6b14184d2d6ab9ebe9416b06fcbb86c3a7a32ca30b3bc7871256a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 22:39:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 557956
x-cache: Hit from cloudfront
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="IK23eDllGJ8E1aNV3dH8mMAeWhzWLFt8PGg-PX4M6SW75jheCQDUzw==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 56856
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Range
cache-control: public, max-age=2592000, immutable
vary: Accept
timing-allow-origin: *
x-amz-cf-id: IK23eDllGJ8E1aNV3dH8mMAeWhzWLFt8PGg-PX4M6SW75jheCQDUzw==

GET
H3 200 8qn5SJXAslrGaAAxdWjJDc6gng.woff2
framerusercontent.com/assets/ Frame 83AF 47 KB
48 KB 77ms
76ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/8qn5SJXAslrGaAAxdWjJDc6gng.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

b02546b57554da630a4827a7755b1f72d22374513f811dc0590ebe942758cbfa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 15 Dec 2023 12:32:13 GMT
x-amz-version-id: Uo2HPioSZt72O.VWi6F9mEBTdQw0j0ck
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 16405601
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="6k7of-L719SsFeL-V_l_ykF5QUX3ZOnvWRFYpnYe1MOZmtZRuoOhWg==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
content-length: 48256
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 Mar 2023 21:13:11 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "425ac390cb52f1e99c8b61faa7e6a235"
x-frame-options: deny
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 6k7of-L719SsFeL-V_l_ykF5QUX3ZOnvWRFYpnYe1MOZmtZRuoOhWg==

GET
H3 200 0iJMoAt43UHHN4iZwJ9BRySDSfM.woff2
framerusercontent.com/assets/ Frame 83AF 57 KB
58 KB 78ms
76ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/0iJMoAt43UHHN4iZwJ9BRySDSfM.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 15 Dec 2023 12:32:12 GMT
x-amz-version-id: AT_2BH0O2V6cPJxPyzU1of5S3JbluJW3
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 16405602
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="5AMuBD7sBE1uZix71my71Gc833RjY-b8hbJ3COdoSnrBL3yi4wQOAg==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
content-length: 58164
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 02 Mar 2023 21:13:09 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "3a1c34d491e0f22ddcce5ef4225fc4e4"
x-frame-options: deny
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 5AMuBD7sBE1uZix71my71Gc833RjY-b8hbJ3COdoSnrBL3yi4wQOAg==

GET
H3 200 ZIA17DG79ouXlfoQjamRRhk3cc4.woff2
framerusercontent.com/assets/ Frame 83AF 56 KB
56 KB 78ms
76ms Font
application/octet-stream 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/ZIA17DG79ouXlfoQjamRRhk3cc4.woff2

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 08 Oct 2023 21:54:56 GMT
x-amz-version-id: 2bAIUvN.lJv0IRflfgk7e39O0NwsKLB9
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 22247038
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="ABuLlm8wiTBjS01fiiVSdTQa-93GGxp_wU-6YkOFpZZIcMSYwzaXIA==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
content-length: 57076
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 27 Jun 2023 17:17:03 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "ee4103e3d2fcb9bd36adc839b2456f83"
x-frame-options: deny
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: ABuLlm8wiTBjS01fiiVSdTQa-93GGxp_wU-6YkOFpZZIcMSYwzaXIA==

POST
H2 204 view Show response
mgln.ai/ 0
87 B 151ms
150ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D
x-request-id: 0e9a3eac-9292-48db-89be-c9a2b00161ab
x-runtime: 0.002188
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 897b44a29fbcbbbf-FRA

POST
H2 204 view Show response
mgln.ai/ 0
384 B 85ms
81ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D
x-request-id: 2721bfe5-bb5b-4cae-9e99-4020378d92ac
x-runtime: 0.002155
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 897b44a29fbbbbbf-FRA

GET
H2

200

pixel
eu.mgln.ai/
Redirect Chain

https://mgln.ai/pixel/sync.gif
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=13fbab79-5c2c-4856-9c87-e5fa1cb9cf24&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=13fbab79-5c2c-4856-9c87-e5fa1cb9cf24&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://eu.mgln.ai/pixel?tapad_id=869de732-780f-4b7b-a00b-e6a5553f7a73

43 B
306 B

251ms
205ms

Image
image/gif

2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu.mgln.ai/pixel?tapad_id=869de732-780f-4b7b-a00b-e6a5553f7a73

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-transfer-encoding: binary
content-disposition: inline; filename="magellan_pixel.gif"; filename*=UTF-8''magellan_pixel.gif
content-length: 43
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D
x-request-id: f7e9f907-4f56-4b30-a37c-c321bea01fd8
x-runtime: 0.001431
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a065920df8cc4016d67c3a464be90099"
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D"}]}
content-type: image/gif
vary: Origin
cache-control: max-age=0, private, must-revalidate
cf-ray: 897b44a3f9b7bbbf-FRA

Redirect headers

date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://eu.mgln.ai/pixel?tapad_id=869de732-780f-4b7b-a00b-e6a5553f7a73
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame DEFE 0
0 265ms
98ms Document
text/html 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=nvprlvtfplry

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pj4-4_n_vOGe7R_kGqWM7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-pj4-4_n_vOGe7R_kGqWM7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jun 2024 09:38:54 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 684ms
172ms Preflight 2606:4700:20::681a:3b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:3b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 897b44a19ebd1c36-FRA
content-length: 0
date: Sat, 22 Jun 2024 09:38:54 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D
server: cloudflare
via: 1.1 vegur

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 680ms
169ms Preflight 2606:4700:20::681a:3b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:3b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 897b44a19ec31c36-FRA
content-length: 0
date: Sat, 22 Jun 2024 09:38:54 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1719049134&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=OmCdwrTHG6xBkKo8txi3QSrLUkM9OFPwNpn1UBMvL9E%3D
server: cloudflare
via: 1.1 vegur

POST
H3 202 page Show response
id.biltrewards.com/fsrelay/rec/ 87 B
108 B 286ms
180ms XHR
text/plain 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/fsrelay/rec/page

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Resource Hash

14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.biltrewards.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87

GET
H2 200 rewards Show response
www.biltrewards.com/ 155 B
3 KB 193ms
181ms Fetch
text/x-component 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

7be741b4a7fd270fceaeef9ab0eacb2f2388768640f57fa6d73a45a38442a20d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::cslv2-1719049134350-dcbf47b2b232
x-matched-path: /rewards.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 rent Show response
www.biltrewards.com/account/ 231 B
3 KB 312ms
302ms Fetch
text/x-component 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/account/rent?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

0ea53799d9235155729f269199568c5759ddd42d13bc9acd16d2d29fb4a6af7f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::c6nrp-1719049134350-4795b1405380
x-matched-path: /account/rent.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 dining Show response
www.biltrewards.com/rewards/ 179 B
3 KB 190ms
182ms Fetch
text/x-component 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards/dining?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

6711527fd25adcf240b3ec1d760630d37024a90f9e0ce86fdcfe954ea6d40308

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::f4bpr-1719049134350-f762cb03960e
x-matched-path: /rewards/dining.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 travel Show response
www.biltrewards.com/rewards/ 179 B
3 KB 187ms
179ms Fetch
text/x-component 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards/travel?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

7a6e79744a7d6d2fcff9e47bba4e54a54ad1a6b3a7da29bebcc38055b48a6555

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::r2k5k-1719049134350-63646a910d46
x-matched-path: /rewards/travel.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 card Show response
www.biltrewards.com/ 2 B
3 KB 59ms
51ms Fetch
application/json 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/card?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Sat, 22 Jun 2024 09:38:54 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="card.rsc"
content-length: 2
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::7zhz2-1719049134350-1645f191f089
x-matched-path: /card.rsc
etag: "99914b932bd37a50b983c5e7c90ae93b"
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H2 200 schemaFilter.ebb7091d058f3554.js Show response
www.biltrewards.com/_next/static/chunks/ 8 KB
5 KB 49ms
48ms Script
application/javascript 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/schemaFilter.ebb7091d058f3554.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-c6ed2485346d62d6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

21c9cafe5eb7345319ef7da290e10b069ee08649da4caa285a8ece3059b10616

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 22 Jun 2024 09:38:54 GMT
strict-transport-security: max-age=63072000
age: 40199
content-disposition: inline; filename="schemaFilter.ebb7091d058f3554.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::h5m2n-1719049134366-01a1db15f446
x-matched-path: /_next/static/chunks/schemaFilter.ebb7091d058f3554.js
etag: W/"85277637f17dcb3651ba9a333af31c8f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 cm.css
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 15 KB
4 KB 332ms
299ms Stylesheet
text/css 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/cm.css

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"58539a2b908f4e73e04d4f950b1b35a3"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44a24ec5c060-WAW

POST
H2 200 anonymous
events.framer.com/ Frame 83AF 0
0 388ms
387ms Fetch
application/json 3.160.150.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-114.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
via: 1.1 f14a77f80eb66aa455bd94a07a2a0c64.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P7
x-amzn-trace-id: Root=1-66769baf-08379f8f49998ab26758255c;Parent=67726c0d91e7e8b6;Sampled=0;lineage=c457ad49:0
x-amzn-requestid: 6e2357b6-01a8-4305-963a-b92f8d08629b
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: Zw1DaEgwoAMEj5A=
content-length: 0
x-amz-cf-id: eCbAPisly8wBHfXS_-1i1hEZphTXo8dg_3hiMkT_2bOmZj8mn1FAow==

OPTIONS
H2 200 anonymous
events.framer.com/ Frame 0
0 419ms
315ms Preflight
application/json 3.160.150.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-114.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www2.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Sat, 22 Jun 2024 09:38:54 GMT
via: 1.1 f14a77f80eb66aa455bd94a07a2a0c64.cloudfront.net (CloudFront)
x-amz-apigw-id: Zw1DXFnMoAMEpIA=
x-amz-cf-id: nYO97GbmDjjb5zgV21l1CkUB_7EXIZZsHe8T1HbzhbDMkKaMONgv8w==
x-amz-cf-pop: FRA60-P7
x-amzn-requestid: afd5b9de-31a3-4674-889c-ca3017411122
x-cache: Miss from cloudfront

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 145ms
46ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QLSYZKSM0E&gtm=45je46j0v874427215z8863411406za200zb863411406&_p=1719049132568&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=260883237.1719049135&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719049134&sct=1&seg=0&dl=https%3A%2F%2Fwww.biltrewards.com%2F&dt=Bilt%20Rewards&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3408&_z=fetch
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 22 Jun 2024 09:38:54 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.biltrewards.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET config
pixel-config.reddit.com/pixels/t2_7lmxmkme/ 0
0

GET t2_7lmxmkme_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 0
0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 148ms
41ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1719049134760&id=t2_7lmxmkme&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=c8ea2545-0dce-49bf-9ec1-42a1bc51664a&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 130ms
129ms Stylesheet
text/css 35.157.157.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.157.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa3a40b1584de88702a437e11601cbc67d35701f29139d86dbf7b620657a8888

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 22 Jun 2024 09:38:54 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 208ms
129ms Fetch
image/jpeg 35.157.157.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.157.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 22 Jun 2024 09:38:54 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

POST
H2 200 TlbN1PqpZB Show response
api.userway.org/api/tunings/ 2 KB
2 KB 638ms
198ms XHR
application/json 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/TlbN1PqpZB
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 89d7ac5e70c89011e4f6624ede8f1b6f71065286e6964fccff6bd8210c7aef3e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
etag: W/"7a7-6slbWGYBQ2D9dKX0S6QOTsp4ekU"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usr52c6be0c3f054d5
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 1959
x-service-version: uw-pr

GET
H2 404 terms
www.biltrewards.com/ 29 B
0 774ms
774ms Fetch
text/html 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/terms?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
date: Sat, 22 Jun 2024 09:38:55 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 0
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 85d820b1bda4f76df8cbdbc31a1752e4fb702635
x-status: MISS
content-length: 29
x-xss-protection: 1; mode=block
x-served-by: cache-sjc1000123-SJC, cache-fra-eddf8230020-FRA
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::7zhz2-1719049134840-2c0ecdead219
vary: Accept-Encoding
content-type: text/html,text/html
access-control-allow-origin: *
cache-control: no-store
accept-ranges: bytes
cf-ray: 897b44a4dcbc4d7a-FRA
timing-allow-origin: *

GET
H2 200 main.MTU0NDc1MDUxMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 344 KB
99 KB 66ms
65ms Script
application/javascript 104.81.60.131
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.81.60.131 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-81-60-131.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 52960b56e4d4fbf39e5cae2833367131bb2354c69ab5d9eb296d82733f62923d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 14cf1752
date: Sat, 22 Jun 2024 09:38:54 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024062015140454AFE806A01CA9825DCA
x-tt-trace-id: 00-24062015140454AFE806A01CA9825DCA-7DE910B2299CB5C7-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a104-81-60-127.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01dff163adc31b3da30e07ff8a381e19f2b6c860440b9727d4bd14425698ebdf7402166f93f5d14bb55c4960c3b11b1d06e9b84e1e9f5eee7b567dbc90ad0d20ff86582fa291468c0929b26d87ea7ab35359b5ef0cdbe70737125ec3e2851c4bd5
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length: 100227

GET
H3 200 xCQC3Wupbo8m3lPpUkDhzX5YD4.png
framerusercontent.com/images/ Frame 83AF 41 KB
42 KB 44ms
43ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/xCQC3Wupbo8m3lPpUkDhzX5YD4.png?scale-down-to=1024

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

7d46554b1ec9ba44cd027945b42335477ad77025ec30b7f303e11a89f9cb0bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630665
x-amzn-requestid: 28f941b4-2b8c-4899-9538-2b2662afb62b
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="sRN9Rh9TF78iRIswB9rGqZqo9O0iQM-x5MwK_7giePJGpRPxqHt1TQ==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "1811dd28d2e060b3c3ad89e5bb5f4a8f"
x-amzn-trace-id: root=1-665db9e4-28d274834850c5622bc00949;parent=616215edfd899d9c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: sRN9Rh9TF78iRIswB9rGqZqo9O0iQM-x5MwK_7giePJGpRPxqHt1TQ==

GET
H3 200 7dgusnBALjfsS0yucyysUvo9a8o.jpg
framerusercontent.com/images/ Frame 83AF 87 KB
88 KB 46ms
45ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/7dgusnBALjfsS0yucyysUvo9a8o.jpg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

f0e937e654fc07b9187dfc8650d2cf9bc3f9f595ceddba60e26733e9bec02a48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 6048bdf6-85d3-4769-9354-b17ff8e53d66
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="DOArOWiF6YrvvULRlf-Rc2qQLNdoVMdYnoLnyJd7lqtXREN0uyeTWQ==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "2c00c5a4ff420a9b0674670177e52290"
x-amzn-trace-id: root=1-665db9e2-6aeb6f1703f7fb30762d4b62;parent=46a8d6999aa69914;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: DOArOWiF6YrvvULRlf-Rc2qQLNdoVMdYnoLnyJd7lqtXREN0uyeTWQ==

GET
H3 200 NI61TIlpX6TJbklIpHSie2tEpGE.png
framerusercontent.com/images/ Frame 83AF 38 KB
39 KB 43ms
43ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/NI61TIlpX6TJbklIpHSie2tEpGE.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

683b6674782995c6728baee97f4d2cbc8a5c3e816eb3fbcf1688c349dfc139d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904116
x-amzn-requestid: 3f164e5a-0a61-455e-808d-c15bee4c7dda
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="8UAW2Rjl_4nwKD8Wwtv2YOV_mgWE0izmLod3wbVXDSfH03d4rBhJfA==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "59cf6528879350f198e89f70e196542b"
x-amzn-trace-id: root=1-66598db8-0396471e235526b372fa45df;parent=1ec8711ce974ffa8;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 8UAW2Rjl_4nwKD8Wwtv2YOV_mgWE0izmLod3wbVXDSfH03d4rBhJfA==

PUT error
conversions-config.reddit.com/v1/pixel/ 0
0

GET
H2 200 7ad3f193-82b5-4dfa-8879-986ee8a5ddf9.js Show response
tr.snapchat.com/config/com/ 200 B
480 B 261ms
142ms Script
application/javascript 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/config/com/7ad3f193-82b5-4dfa-8879-986ee8a5ddf9.js?v=3.19.2-2406181858

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

14d839905fc43bb48e3a980a8567cb6a098ce4ff4f54e5f2f1119a8af19ab962

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
content-type: application/javascript
access-control-allow-origin: https://www.biltrewards.com
x-envoy-upstream-service-time: 92
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200

GET
H2 200 i
tr.snapchat.com/cm/ Frame 3DC3 0
0 171ms
58ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=7ad3f193-82b5-4dfa-8879-986ee8a5ddf9&u_scsid=4a6e7d7a-dcf7-4b80-bce5-198facfde293&u_sclid=1197c722-974f-4bc9-b5a4-a8fbb1eb7f2e

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Sat, 22 Jun 2024 09:38:55 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google
x-envoy-upstream-service-time: 0

GET
H2 200 p
tr.snapchat.com/ 68 B
453 B 166ms
53ms Image
image/png 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tr.snapchat.com/p?pid=7ad3f193-82b5-4dfa-8879-986ee8a5ddf9&ev=PAGE_VIEW&intg=gtm&pids=7ad3f193-82b5-4dfa-8879-986ee8a5ddf9&u_c1=4c7411b9-64ba-485b-8549-da653cd5d2d4&u_sclid=1197c722-974f-4bc9-b5a4-a8fbb1eb7f2e&u_scsid=4a6e7d7a-dcf7-4b80-bce5-198facfde293&bg=false&bt=1d53c387&d_a=x86&d_bvs=%5B%7B%22brand%22%3A%22Not%2FA)Brand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22126.0.6478.114%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22126.0.6478.114%22%7D%5D&d_os=10.0.0&d_ot=Win32&df=true&huah=true&m_dcl=718&m_pi=718&m_pl=0&m_pv=2&m_rd=3634&m_sh=1200&m_sl=1&m_sw=1600&pl=https%3A%2F%2Fwww.biltrewards.com%2F&trackId=0825b3ea-10bc-4f5d-9aed-15230e3d998a&ts=1719049134975&v=3.19.2-2406181858

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, no-transform
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ Frame 6456 275 KB
0 0ms
0ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a24e1d533fa7898b393c136b75936b4e48878326fa67a1924ea38991a6a0171b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 08:48:31 GMT
content-encoding: br
via: 1.1 google
age: 3021
x-guploader-uploadid: ACJd0NrXMXGjMMYMionFh3k4kal5hobWRagP_qdA1r1-ryGyf6PL9SHPXBX6gCUsZlaKL2xQgVQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76040
last-modified: Thu, 20 Jun 2024 15:42:55 GMT
server: UploadServer
etag: "782a3b440bb3ac8eb0962ba7bff21d02"
vary: Accept-Encoding
x-goog-generation: 1718898175485164
x-goog-hash: crc32c=2tmGTA==, md5=eCo7RAuzrI6wliunv/IdAg==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 76040
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 22 Jun 2024 09:48:31 GMT

POST
H2 200 / Show response
o441793.ingest.sentry.io/api/4505110879076352/envelope/ Frame 6456 2 B
56 B 44ms
43ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o441793.ingest.sentry.io/api/4505110879076352/envelope/?sentry_key=1bc00c0ad527487bb7700e3836d413e1&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.112.2

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=P...

0
0

GET
H3 200 xCQC3Wupbo8m3lPpUkDhzX5YD4.png
framerusercontent.com/images/ Frame 83AF 41 KB
0 16ms
16ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/xCQC3Wupbo8m3lPpUkDhzX5YD4.png?scale-down-to=1024

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

7d46554b1ec9ba44cd027945b42335477ad77025ec30b7f303e11a89f9cb0bfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630665
x-amzn-requestid: 28f941b4-2b8c-4899-9538-2b2662afb62b
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="sRN9Rh9TF78iRIswB9rGqZqo9O0iQM-x5MwK_7giePJGpRPxqHt1TQ==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "1811dd28d2e060b3c3ad89e5bb5f4a8f"
x-amzn-trace-id: root=1-665db9e4-28d274834850c5622bc00949;parent=616215edfd899d9c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: sRN9Rh9TF78iRIswB9rGqZqo9O0iQM-x5MwK_7giePJGpRPxqHt1TQ==

GET
H3 200 7dgusnBALjfsS0yucyysUvo9a8o.jpg
framerusercontent.com/images/ Frame 83AF 87 KB
0 17ms
17ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/7dgusnBALjfsS0yucyysUvo9a8o.jpg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

f0e937e654fc07b9187dfc8650d2cf9bc3f9f595ceddba60e26733e9bec02a48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:08 GMT
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 6048bdf6-85d3-4769-9354-b17ff8e53d66
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="DOArOWiF6YrvvULRlf-Rc2qQLNdoVMdYnoLnyJd7lqtXREN0uyeTWQ==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "2c00c5a4ff420a9b0674670177e52290"
x-amzn-trace-id: root=1-665db9e2-6aeb6f1703f7fb30762d4b62;parent=46a8d6999aa69914;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: DOArOWiF6YrvvULRlf-Rc2qQLNdoVMdYnoLnyJd7lqtXREN0uyeTWQ==

GET
H3 200 NI61TIlpX6TJbklIpHSie2tEpGE.png
framerusercontent.com/images/ Frame 83AF 38 KB
0 18ms
18ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/NI61TIlpX6TJbklIpHSie2tEpGE.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

683b6674782995c6728baee97f4d2cbc8a5c3e816eb3fbcf1688c349dfc139d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:38 GMT
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904116
x-amzn-requestid: 3f164e5a-0a61-455e-808d-c15bee4c7dda
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="8UAW2Rjl_4nwKD8Wwtv2YOV_mgWE0izmLod3wbVXDSfH03d4rBhJfA==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "59cf6528879350f198e89f70e196542b"
x-amzn-trace-id: root=1-66598db8-0396471e235526b372fa45df;parent=1ec8711ce974ffa8;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 8UAW2Rjl_4nwKD8Wwtv2YOV_mgWE0izmLod3wbVXDSfH03d4rBhJfA==

GET
H3 200 emCFcnwNiMYScIxwr45IJOzQLg4.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 50ms
40ms Image
image/png 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/emCFcnwNiMYScIxwr45IJOzQLg4.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

b7b8ac25904dcb445701b5d1efa127727723d8d9e7f440457f12ca5d3b26c9b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 31 May 2024 08:43:16 GMT
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904138
x-amzn-requestid: 15787162-25f3-4c08-b5d8-a34ccd535d8b
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="G14p7K0N0DttX5DCrwECgVfbJng6URvydGTwABALkZRFGpr-VQ45UA==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-amzn-trace-id: root=1-66598da0-5f2ea0e41f23622f1e03bf99;parent=5839fe29ff262996;sampled=0;lineage=f456f256:0
etag: "aa590c551c50afa34a98a0f8a8ac7399"
x-frame-options: deny
vary: Accept
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: G14p7K0N0DttX5DCrwECgVfbJng6URvydGTwABALkZRFGpr-VQ45UA==

GET
H3 200 B2j04d4DELSVPqW3pu2DeFzMZU.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 59ms
45ms Image
image/png 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/B2j04d4DELSVPqW3pu2DeFzMZU.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

b27e2ff6dcd76549f2f66acf69dbcc8a5dcc53af127a14ac4e5d33adcd18cde7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Jun 2024 12:41:05 GMT
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630670
x-amzn-requestid: 28e54349-9451-4a38-9c9e-08298e5251fb
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="DMwc0SBqkAHvCFADw5GUrc6GeRX2uMpMoMIkfCFPhO7jgcIAJOQyIw==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-amzn-trace-id: root=1-665db9de-295bd1ba4eb8e1d24d1d407b;sampled=1;lineage=f456f256:0
etag: "18cd8eb0be448062f5cc3c67a4a1e8cf"
x-frame-options: deny
vary: Accept
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: DMwc0SBqkAHvCFADw5GUrc6GeRX2uMpMoMIkfCFPhO7jgcIAJOQyIw==

GET
H3 200 f2fwl12tvW9YGosVlJxHf8yLgk.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 59ms
43ms Image
image/png 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/f2fwl12tvW9YGosVlJxHf8yLgk.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

4fd7bdd78f1e54f45a4a21f57679cb6fdf3aee47a8d71dd8852a4193eb9c4b60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 29 May 2024 13:23:56 GMT
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060099
x-amzn-requestid: 753b1330-ee55-400e-9d06-c6436aba35fb
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Ggghk3ajo7DzQalEYvYGBwXrMgxjcUvlyqnjlOb42npPcdfj2U7n7g==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-amzn-trace-id: root=1-66572c6b-089261245c4dae6779919dd2;parent=7ddf7b3a1cc8dd01;sampled=0;lineage=f456f256:0
etag: "838b6be2e5997326aa0808aa32dec145"
x-frame-options: deny
vary: Accept
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Ggghk3ajo7DzQalEYvYGBwXrMgxjcUvlyqnjlOb42npPcdfj2U7n7g==

GET
H3 200 XjelGy0AgZXWBtmYgQFM6So2cZU.png
framerusercontent.com/images/ Frame 83AF 17 KB
18 KB 61ms
46ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/XjelGy0AgZXWBtmYgQFM6So2cZU.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

3975c47fff967119b9775089525647f5d497ea7257e51714513f6f256d3625fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060097
x-amzn-requestid: c582ca2a-8237-4560-b979-02e829300785
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="FTatG8vJWDAWKbq7l7nEzJAO1c-8Vig7SFDl06VQcNyQdcwhb9Qk0w==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "684497f79f0c68d68ba6d662b4c53cbf"
x-amzn-trace-id: root=1-66572c6c-52bf42422680dbcf64907742;parent=77d6effe502c0317;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: FTatG8vJWDAWKbq7l7nEzJAO1c-8Vig7SFDl06VQcNyQdcwhb9Qk0w==

GET
H3 200 ViCoXi9FWxoh8GjbX1a14g7pZX0.png
framerusercontent.com/images/ Frame 83AF 9 KB
10 KB 60ms
44ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/ViCoXi9FWxoh8GjbX1a14g7pZX0.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

9d447bee8eb8d321fe2e3f829e2124e5787c3bac7296b177403874ae0a299292

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 8c6213c7-d84c-4d87-a121-0487eaf96386
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="iuzfm0x8Pb7ax_JjubYWmxhYiMNi4ed7GLD5FUvPkQ4Zs33kdZAPRQ==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "409add196b9aa22df6a22e5d91ddf361"
x-amzn-trace-id: root=1-66598da4-5a0f9e233abbcf362803220b;parent=6a51f07a197a0666;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: iuzfm0x8Pb7ax_JjubYWmxhYiMNi4ed7GLD5FUvPkQ4Zs33kdZAPRQ==

GET
H3 200 8ibs6KgHYOJb6Y4lzhBQsszTRc.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 61ms
45ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/8ibs6KgHYOJb6Y4lzhBQsszTRc.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

e498946ef2d00f12cbf3c4f8c8be6bb8fb9ffa990944630f6d259acde57cf999

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: b5de577d-e1a5-4855-b2d0-da1da3d5b776
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="ToVJpg_lJZvIaA6f3Gs7T9EtE6jW0y5lc7fL2b-gjUZST3iHPIoquw==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4f6adf4494a8f5c2992cd29f2c8a67ca"
x-amzn-trace-id: root=1-66598da4-511e4e5b3dd4c88f48487b1e;parent=5e0cf439378a2228;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ToVJpg_lJZvIaA6f3Gs7T9EtE6jW0y5lc7fL2b-gjUZST3iHPIoquw==

GET
H3 200 MxRklazzy1Emai1IjUOn2ORYq8.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 63ms
47ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/MxRklazzy1Emai1IjUOn2ORYq8.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

d376c9595e16045188b228567a68bec78396ca47faecc5f04c3495ab7a5ab59b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 81962af3-1f89-4d8b-9a99-8bbbc5e24ce5
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="VW4om06_CMk_xxO7Uq33TWZCdp1V4a3e68Lb835xvv0Ekeo1oMY8OQ==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "27d0c8242fbb0a4f0dcf0eac3a7b71f3"
x-amzn-trace-id: root=1-66598da4-32f3b1b83de981fb4fca35ff;parent=41d944808f950b04;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: VW4om06_CMk_xxO7Uq33TWZCdp1V4a3e68Lb835xvv0Ekeo1oMY8OQ==

GET
H3 200 wiRNqk3Xr49CYkBPQk79io2TT1g.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 64ms
48ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/wiRNqk3Xr49CYkBPQk79io2TT1g.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

cc57203ea0b8a86aba51ea18bb78f7a9e511c2dc24dd2a7b689f29b9df7242a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630670
x-amzn-requestid: 3d53330e-7f5f-4ebe-9481-a0eea0982786
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="RaymW7iZRPdH8LTQMSQwj09-MbJF0EO_XtgdwmCJctcrX6OUskLNuQ==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "a79691a321f25b17568e00198b6f8826"
x-amzn-trace-id: root=1-665db9e1-5c6160c927a1d2690afe9e34;parent=03862afadbb19c2f;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: RaymW7iZRPdH8LTQMSQwj09-MbJF0EO_XtgdwmCJctcrX6OUskLNuQ==

GET
H3 200 5JsrF9pUWaXrgy50k6xEWQpJoxA.png
framerusercontent.com/images/ Frame 83AF 10 KB
11 KB 64ms
48ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/5JsrF9pUWaXrgy50k6xEWQpJoxA.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

475a55edce361bad240a6408fa6267076a2d2b73dcef041aa280ec5c9467a286

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630667
x-amzn-requestid: e03ed5cd-70a0-435a-bd94-81dc3dd76c36
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="4mbZI5R_vFw6kvKdg0wGm3VMiya1iEuJOz0Qh6ilxjKZK6QvUxDq7A==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "8ae9fb38ec4ccfa924f575981346cbe5"
x-amzn-trace-id: root=1-665db9e2-6625f3de4575d25570fe1820;parent=1b3a1c8687373466;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 4mbZI5R_vFw6kvKdg0wGm3VMiya1iEuJOz0Qh6ilxjKZK6QvUxDq7A==

GET
H3 200 aFXvQ8tvchAhSy28xtqLwAcc.png
framerusercontent.com/images/ Frame 83AF 9 KB
10 KB 65ms
49ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/aFXvQ8tvchAhSy28xtqLwAcc.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

7c09dc696c210431b85a1336a790bee42caba2a82b0562193019460a9cd0511f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060098
x-amzn-requestid: 92800631-3008-4595-b3ef-8a674b564060
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="m6_XkRETibe2LvBCkdg0V9tovjwpwmOloXIP_ttfC-YucIk1EYoBZg==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "cb74823e00a10ee36c435b4ceab4d5bf"
x-amzn-trace-id: root=1-66572c6c-4053045322acfb1470e27293;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: m6_XkRETibe2LvBCkdg0V9tovjwpwmOloXIP_ttfC-YucIk1EYoBZg==

GET
H3 200 Fi5WiSlR8pQgUTvWiBx9llcchmY.png
framerusercontent.com/images/ Frame 83AF 4 KB
4 KB 65ms
50ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Fi5WiSlR8pQgUTvWiBx9llcchmY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

610ac12bb1be1f6e8060140872b103525aadd80c221812bcabd554bc2f2e34b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060098
x-amzn-requestid: 08062572-8e4d-4e63-820f-5812c6dcab56
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="U5StkWztxi0knacQq_1egB3SAPalse2hZSOMnjx4N9rKv_PqaSQwbw==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "26b2d5d840e8eb29f504de86ff0566fb"
x-amzn-trace-id: root=1-66572c6c-7c8ac10401f63d247344b3f1;parent=3d97ee680e03e8f0;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: U5StkWztxi0knacQq_1egB3SAPalse2hZSOMnjx4N9rKv_PqaSQwbw==

GET
H3 200 Ax6NHsTfN0grr4AHyWTy2Sz2RI.png
framerusercontent.com/images/ Frame 83AF 6 KB
7 KB 61ms
46ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Ax6NHsTfN0grr4AHyWTy2Sz2RI.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

a3d3b82848a897cca8674d4bc3068c3ce45a2becbf4998cbc9515664c34a322e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1630668
x-amzn-requestid: 5a70967b-6f9d-41db-9826-268df4f9534b
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Mau2efRLbGnZK-W6RZ7yTPQKj2uDQLGp2KDabgbS8grgZ4sMfQSmew==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "bfcbe806b2ec62ffbd9f92a4a355ecfd"
x-amzn-trace-id: root=1-665db9e2-56dead2a6331019a2fcdd8e7;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Mau2efRLbGnZK-W6RZ7yTPQKj2uDQLGp2KDabgbS8grgZ4sMfQSmew==

GET
H3 200 8WJAm6JhDhA9oa7JjDgElrhOiQ.png
framerusercontent.com/images/ Frame 83AF 9 KB
10 KB 61ms
47ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/8WJAm6JhDhA9oa7JjDgElrhOiQ.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

757b912d4f48aaaf2053af5f00cd45e1ad23de29249de67f7a96cc9b6ac70a0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060098
x-amzn-requestid: 6e2f48e4-bb0c-4dde-9599-39d3923b2b75
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="w8zRHLHD7G6AkJXb_Sd45i5FUkOTclmvBa_HIDxi82Zj8CTIMXwQow==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "9298b67562f2b63ccc811bb9de23bf98"
x-amzn-trace-id: root=1-66572c6c-0f807d1960e655e305719660;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: w8zRHLHD7G6AkJXb_Sd45i5FUkOTclmvBa_HIDxi82Zj8CTIMXwQow==

GET
H3 200 o5yryGY3RMxXyiyQyqeuPPxOz60.png
framerusercontent.com/images/ Frame 83AF 8 KB
9 KB 77ms
57ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/o5yryGY3RMxXyiyQyqeuPPxOz60.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

2326d7a2489ae158a664495981e4cec214da8fb4e6d6aa093fadc433486af3c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: a23168ee-db25-4d1d-ad8b-5c93222919d7
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="sVPsy-AZWLcglmRKsgAgS9ZFNfggLFL5a2cDoW1OhYv94cNftC0tkg==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "9de9bb25ce2836f48b686bf7dbdb3016"
x-amzn-trace-id: root=1-66598da4-3630f3bc6dd178e732af4df2;parent=01f1f394e7e25084;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: sVPsy-AZWLcglmRKsgAgS9ZFNfggLFL5a2cDoW1OhYv94cNftC0tkg==

GET
H3 200 9ak0DxXbaVM1VoMTeIMa99JiKI.png
framerusercontent.com/images/ Frame 83AF 11 KB
12 KB 76ms
58ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/9ak0DxXbaVM1VoMTeIMa99JiKI.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

a458efbeb06b8b8de77ef153bf6b16620faef28fad8c0d73bef6d7ae3360d72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: db7640b2-33fd-4bf3-85da-c10184a62f56
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="sUvAF4VGvhbakbLFTUknst0R4z8j4w-QeWWLM21S58aJ8QM7c0HsOA==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "3143ead47d330dd0784a744697ce87f2"
x-amzn-trace-id: root=1-66598da4-11cfb06a7ea8d6394d9f3822;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: sUvAF4VGvhbakbLFTUknst0R4z8j4w-QeWWLM21S58aJ8QM7c0HsOA==

GET
H3 200 hnIi4P7pdlJAXqbv27Bue7JEr2k.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 76ms
59ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/hnIi4P7pdlJAXqbv27Bue7JEr2k.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

ce4c7c19ed3cd34764cbb45b14076b5abccba41cc04082ef4da748693431f77e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: c8121bd5-e0c8-4a6b-b0a3-2f0d484f01ae
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="ih_WOJTqj0iUcegjUkNTxAqiUeDAg-JwnqNZEB4D0yFGuoRqBQaFWg==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "258ecc1e947c3cb74e91511de888d99c"
x-amzn-trace-id: root=1-66598da4-34cddb152d4a434b20b07162;parent=74c01d7b40d26570;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ih_WOJTqj0iUcegjUkNTxAqiUeDAg-JwnqNZEB4D0yFGuoRqBQaFWg==

GET
H3 200 wlTHpTUu4ykBMBG21EX0CERes.png
framerusercontent.com/images/ Frame 83AF 8 KB
9 KB 78ms
60ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/wlTHpTUu4ykBMBG21EX0CERes.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

d9420833dd5b3eb3c599e0c280e827fe95cc9110f019096fa10c0ecc13afcd1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: bcd9400b-8e0f-42ee-a99e-64a739a2ee29
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Rvu9FdVoORnVeFPPv8V_MMSbmht9_v5cFTzm1SccFlGxt-mB0tBRWw==",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b6e54b2970b17f62418549ea7e3bbba3"
x-amzn-trace-id: root=1-66598da4-1107a32a642bef335660899b;parent=49041e277c1d64a8;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Rvu9FdVoORnVeFPPv8V_MMSbmht9_v5cFTzm1SccFlGxt-mB0tBRWw==

GET
H3 200 pMOoQGEce2gdLvB4HZNfsf4sY.png
framerusercontent.com/images/ Frame 83AF 8 KB
8 KB 69ms
54ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/pMOoQGEce2gdLvB4HZNfsf4sY.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

95305ed6d32b63aa16209f1b84efbf350fe190e94ffeaef272b9e66712d72844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904134
x-amzn-requestid: c1314f9d-3838-4c33-99e1-e0fe8b7ff4a9
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="eJ-pi4gQYWSksK8C4E9WA2vTizpDkjDc-9AnrxUyhlPXcI7JbWLJLA==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4838c6b2efadce33355cc93e72772f07"
x-amzn-trace-id: root=1-66598da8-75e6693e3042ccbb27027127;parent=616d4b5b0786b014;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: eJ-pi4gQYWSksK8C4E9WA2vTizpDkjDc-9AnrxUyhlPXcI7JbWLJLA==

GET
H3 200 GqxnFscgQXWBc0FTLQUcBVmIfV8.png
framerusercontent.com/images/ Frame 83AF 11 KB
12 KB 71ms
56ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/GqxnFscgQXWBc0FTLQUcBVmIfV8.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

63caa836b6ba19a09dc60ac7db5373c9d23009aeb364e296abbda94909e02395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 8df834db-b41d-48e8-85eb-9e1100964a29
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="ciUpoXT_waBTMrOz1-iV2ln4dZD6CZS4yTHE2KqfE2QxANvr9EBkdA==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "33a6d0ebf69371cde1f8a7cd147b749c"
x-amzn-trace-id: root=1-66598da5-7815db1e473716e800c558bf;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ciUpoXT_waBTMrOz1-iV2ln4dZD6CZS4yTHE2KqfE2QxANvr9EBkdA==

GET
H3 200 eODr1NJCd9NMOsg3WpToY6znD0.png
framerusercontent.com/images/ Frame 83AF 12 KB
12 KB 72ms
57ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/eODr1NJCd9NMOsg3WpToY6znD0.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

8580df1ebad232b889f390a02b08a578e186116c464b93fd8e9156cd9333091c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 1f224cd6-7550-4b5b-99f0-8f3177eb412a
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="GVawNIMQxRJlzM8pfeIhiybCrDvk4VNGTpVbjj9c9HlNq4cpG1OX8w==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "63a22e7519637f9d320256db52ad3d50"
x-amzn-trace-id: root=1-66598da5-47840abb796230eb34fd5ff9;parent=6f2c66d9739fa28f;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: GVawNIMQxRJlzM8pfeIhiybCrDvk4VNGTpVbjj9c9HlNq4cpG1OX8w==

GET
H3 200 yhcjbBUdWKuI5ee25BmmDwVlQ.png
framerusercontent.com/images/ Frame 83AF 5 KB
6 KB 73ms
58ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/yhcjbBUdWKuI5ee25BmmDwVlQ.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

298f8b36f4d49fc2be74afcdfc1672d55624fac2ba2d49b1c46071ca9a0ea2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 50855ddf-3924-466d-8636-83a7c1d7f0c9
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="k6KfQ84mj7LUKhDHWxYTfXThz53O_X78TON44n5r7Z4Ab70CHEEqZw==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "e6345d2a4f9a1aafb083b469aa3f8ce4"
x-amzn-trace-id: root=1-66598da5-2c24877c355f53c9704317a4;parent=75b303318e0b8d12;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: k6KfQ84mj7LUKhDHWxYTfXThz53O_X78TON44n5r7Z4Ab70CHEEqZw==

GET
H3 200 uMy6gIwSwWrVGDsXDGVWHHKzYEE.png
framerusercontent.com/images/ Frame 83AF 4 KB
5 KB 73ms
59ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/uMy6gIwSwWrVGDsXDGVWHHKzYEE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

f0757d938e68130aee5b0839ac25d02f21f5432dd5759e3cbe25bb94949c42c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060099
x-amzn-requestid: 38aebe41-ede1-48e8-9114-83e6006e5da4
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="viRmhpIPV-oFGOxFC9Q0fmoeAZyz4zkS-W4vtdFA2WcwGfW9gHqfsw==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "7abd82913af84c811baa5c035e32e03d"
x-amzn-trace-id: root=1-66572c6c-0df4526b5407dd2567f62c10;parent=43499c6dd23b3e46;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: viRmhpIPV-oFGOxFC9Q0fmoeAZyz4zkS-W4vtdFA2WcwGfW9gHqfsw==

GET
H3 200 NRqZdfp0sRwRZ2mBC3XB3MGG4.png
framerusercontent.com/images/ Frame 83AF 3 KB
4 KB 75ms
61ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/NRqZdfp0sRwRZ2mBC3XB3MGG4.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

6e0f94a2636f15c141ede374e49a58605533f10ba382fb187145bfa14d747fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 8044c6e8-a592-4da6-8278-5ed2604321be
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="tKoyVElmcfTOsGJdDQhPorS50lKr7qgNqc_osQQHZEjdmpqTqao5og==",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "809b1eb77e75d894cb1c4aa4ffe7bc69"
x-amzn-trace-id: root=1-66598da5-5bd779fa4ed9cfb245b060d6;parent=372638b91e4f3f84;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: tKoyVElmcfTOsGJdDQhPorS50lKr7qgNqc_osQQHZEjdmpqTqao5og==

GET
H3 200 c8bJ9cJNZu0SSI90azRcdddA.png
framerusercontent.com/images/ Frame 83AF 5 KB
5 KB 74ms
60ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/c8bJ9cJNZu0SSI90azRcdddA.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

addfa40b0e2d8f0492a9b1d8ff3e8e68c3f154fbf166cef3225fdebdbc38f9a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060099
x-amzn-requestid: ee4817e5-8a23-4223-a944-9b06a09f8214
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="YHHlmKyC8oN0VvxzpHWqs56tYi1gd5SyHclehw_TtdaDsRDkgS9zhQ==",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b8aabfaf62606b1a7a2466bd2e9b573a"
x-amzn-trace-id: root=1-66572c6c-6ca1bb0307d1886c20688741;parent=2ccdb10464f719c6;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: YHHlmKyC8oN0VvxzpHWqs56tYi1gd5SyHclehw_TtdaDsRDkgS9zhQ==

GET
H3 200 PJj4RY5yFu6gqPz485dMfCclbxQ.png
framerusercontent.com/images/ Frame 83AF 15 KB
16 KB 75ms
61ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/PJj4RY5yFu6gqPz485dMfCclbxQ.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

a500071897a30f33c4e6e6cf948cab97235367df9e558963285fbf58eab7e248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 1904137
x-amzn-requestid: 24026d8f-7c39-4d2e-b4dc-e541d78e1a07
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="V4EkBqNijgbQ7qzgIH4_OhPatjip1Mmbx2tr2bSFWUUecA9omxpuPA==",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "8da5134f7595ef7e60c01adcc0e413a6"
x-amzn-trace-id: root=1-66598da5-53bb65014ec8691e63475353;parent=682a4a812f8ed5b3;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: V4EkBqNijgbQ7qzgIH4_OhPatjip1Mmbx2tr2bSFWUUecA9omxpuPA==

GET
H3 200 gMGCZacBG9NmOgMr0vAlUWzMM.png
framerusercontent.com/images/ Frame 83AF 3 KB
4 KB 73ms
59ms Image
image/avif 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/gMGCZacBG9NmOgMr0vAlUWzMM.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

650d19b695e2f03bf1e362abecf36f676ee56550db3f41185d356ce838a5902b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 2060099
x-amzn-requestid: be90e07a-045d-4ed1-88b9-0d451ef4b41a
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="dcFjaAsWRRsbcAwHaVjWXXDpS8HlB_Et_Q48P6wjfDWpd9jzNILnGA==",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "f25c62047a8e8770667560ae5f4c038b"
x-amzn-trace-id: root=1-66572c6c-073efedb244cc2dc3d3fb30c;parent=33acbad5afbd5a89;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: dcFjaAsWRRsbcAwHaVjWXXDpS8HlB_Et_Q48P6wjfDWpd9jzNILnGA==

GET
H2 200 6tTbkXggWgQCAJ4DO2QEdXXmgM.svg
framerusercontent.com/images/ Frame 83AF 214 B
0 15ms
15ms Image
image/svg+xml 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/6tTbkXggWgQCAJ4DO2QEdXXmgM.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ca764b5867087d3c5ffc2bb0497a50b2ecf18ae7252169951ec97e18a592973d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:00 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630673
x-amzn-requestid: 287cb11d-cee8-4c57-ab46-862af731cfe1
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Yx7h-zkykKmOvMgypIFpIIyiGUe_VrFwC1xqTvmaHCkkQwtaMLsZfw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "a97b47fb394d0ff03e5b03f3e8770898"
x-amzn-trace-id: root=1-665db9dc-328707dd2530ef0b0da46ad7;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Yx7h-zkykKmOvMgypIFpIIyiGUe_VrFwC1xqTvmaHCkkQwtaMLsZfw==

GET
H2 200 11KSGbIZoRSg4pjdnUoif6MKHI.svg
framerusercontent.com/images/ Frame 83AF 215 B
0 15ms
15ms Image
image/svg+xml 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/11KSGbIZoRSg4pjdnUoif6MKHI.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

6fce5a0604a6267ad769dd5e7afbfcf8bd0390897f682aec71f6307999a5b67e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:08 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904145
x-amzn-requestid: a3c947f9-e9c6-4b08-ae8d-e304bf927afe
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ZNBKnbWmrilzttgf-03kqrgoVxUNuZHQpuzLm4nQYm8dYHPgECqDLQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "a708cac1128e9b31af21c0c9dc3af441"
x-amzn-trace-id: root=1-66598d9c-484ff6b764d55c14758247ae;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ZNBKnbWmrilzttgf-03kqrgoVxUNuZHQpuzLm4nQYm8dYHPgECqDLQ==

GET
H2 200 OJrwICelx547sU9TUfsOWWw2XU.png
framerusercontent.com/images/ Frame 83AF 81 KB
0 15ms
15ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OJrwICelx547sU9TUfsOWWw2XU.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4fe2c28d8627936146b3409c924fde52d8992d7899f9c13c2a10d10b922edffe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 2060096
x-amzn-requestid: 6e0cc2f4-7637-4ec1-bbdc-dc83c05c5720
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="bY0ToR7XBLIBOWMXxjWJjjASBszk4Zf6V5RAG34eZM4_40UK4cMXcQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=2
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "1861c09973cf6e2fa2957a5a3db9c1dd"
x-amzn-trace-id: root=1-66572c6d-361e9e850f32cd4909c0669d;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: bY0ToR7XBLIBOWMXxjWJjjASBszk4Zf6V5RAG34eZM4_40UK4cMXcQ==

GET
H3 200 default_script0.4RU4AH5R.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame 83AF 2 KB
2 KB 65ms
53ms Script
text/javascript 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/default_script0.4RU4AH5R.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

8350d4a28c626745a84ef55f886aed54bd77fc6b6b997ea9af7d2b45c64c47f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 06 Jun 2024 14:23:23 GMT
x-amz-version-id: LkRewux.PNXg.MduFihjDP.lJWK97.20
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
age: 1365333
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="0BU94b1U85fCimrx3-2AiK7MZmmkTD3yAadF9wNRfKZMoyt5v4q7HA==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 06 Jun 2024 14:16:23 GMT
server: CloudFront
etag: W/"25e3b8273c872525cc8c3121c40da27e"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Accept-Encoding,Origin
timing-allow-origin: *
x-amz-cf-id: 0BU94b1U85fCimrx3-2AiK7MZmmkTD3yAadF9wNRfKZMoyt5v4q7HA==

GET
H2 200 widget.js Show response
cdn.userway.org/ Frame 83AF 2 KB
0 14ms
13ms Script
application/javascript 2a02:6ea0:c700::22
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ac7c3dd84f3cd7cafadf1b5e77814c98d0439c1fe96f5eaf81f2370d2d155d4e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:52 GMT
via: 1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 248
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702653
x-77-cache: HIT
x-cache: HIT
x-age: 1420
x-accel-date: 1719047712
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwB1GY4tAH3jAUAAAwBisclxAH3fQIAAA
x-accel-expires: @1719051312
x-77-age: 1420
last-modified: Tue, 18 Jun 2024 09:08:13 GMT
server: CDN77-Turbo
etag: W/"ea664e9b286460f8889aaea1004c6dba"
x-77-nzt-ray: 6d204d11045b2fa1ac9b76664ee57538
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
vary: Accept-Encoding
x-amz-cf-id: MxTZIJcasfqqZ_6AjMhDdLdHkhf49OMm8ZzBoauh8Jx-Mm7rBQTGgA==

GET
DATA 200
OK truncated
/ Frame 83AF 729 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da70c773cd3a8d489bad7c03fb89b63053843aa52c0545749df089a08e64f78f

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2086fef391221a13d759836370ef5bae70c15e1389eb6504dc3a31c987e0a88

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db9c28d70f03728ad94c11d34cea446ed992aaa6167344d3eb362379f7fdaaf0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 777 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff54e9b2209db7e90df95ee8523a1176d4c14d06b413cc817dfbbda6d64a03e1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a61375e44fd14535935364ba62f844371eb9fb77ad0e4437720086719fa0da7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 319 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d9df2764c7d56ded13faf14e7235e19ae3232be0f54e8ddd60ed76e6339f3af

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 536 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52ea1136d79c3a7ebe4f345fdec565e4bac855aeb6ae4dafb54b7b7f29edb881

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 743 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e12cb695307b2703bce81c01aaeaf24cf0aa0602c8307458ea4f117719fb6ac

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 188768601044fa9d36f7e8318b53e650a64fb03b28c2b04eb8b99facdadce63e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7e514331c85e2bff2ab629fc901146eaec70a8fbfd84ee6dc9242dbb9d0030

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 83AF 645 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db8dee9ad499fb9b623de94c004b284d5529c842c2822340d4ad2f2f8f44968c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 PeV1BiYkQUoBq9a4xHPOFZaIKs~OYvKke6pEo6tZJDWeo6LVWQ-3rkTs09Fc-ShUEf3Zww.ttf
framerusercontent.com/modules/assets/ Frame 83AF 104 KB
48 KB 43ms
41ms Font
font/ttf 108.138.7.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/modules/assets/PeV1BiYkQUoBq9a4xHPOFZaIKs~OYvKke6pEo6tZJDWeo6LVWQ-3rkTs09Fc-ShUEf3Zww.ttf

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.78 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-78.fra56.r.cloudfront.net

Software

Resource Hash

9e16d83a2c1724e2cbfd819c46e35e26b7911de8678342fc0d6a00e277764306

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 15 Jun 2024 19:38:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05d62f18b6532eb36f4d53b3337857c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 568803
x-cache: Hit from cloudfront
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="cl4nKmsY_n14o5-mHvbb-VoeZP_E9ZF_1gk3w-Ih-LXg-n5Q_NCnew==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: deny
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: Content-Range
cache-control: public, max-age=2592000, immutable
vary: Accept-Encoding,Accept
timing-allow-origin: *
x-amz-cf-id: cl4nKmsY_n14o5-mHvbb-VoeZP_E9ZF_1gk3w-Ih-LXg-n5Q_NCnew==

GET
H2 404 bilt-platform-terms-of-use
www.biltrewards.com/terms/ 29 B
0 911ms
910ms Fetch
text/html 76.76.21.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/terms/bilt-platform-terms-of-use?_rsc=9hgrl

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.123 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%2C%22%2F%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
date: Sat, 22 Jun 2024 09:38:56 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 0
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 39abfbb1e15415ca5096f262f9173c79b6ccd3ca
x-status: MISS
content-length: 29
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10021-SJC, cache-fra-eddf8230044-FRA
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::r2k5k-1719049135286-b315e0fe2460
vary: Accept-Encoding
content-type: text/html,text/html
access-control-allow-origin: *
cache-control: no-store
accept-ranges: bytes
cf-ray: 897b44a79ecf2c45-FRA
timing-allow-origin: *

GET
H3 200 en.json Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/ 8 KB
2 KB 306ms
306ms Fetch
application/json 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/en.json

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"deeec53da2118f7d45f432e74ecef857"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44a789b3b620-WAW

GET
H2 200 facebook-pixel.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 10 KB
4 KB 122ms
40ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 21:50:52 GMT
content-encoding: gzip
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-version-id: 73B4bUucoqQ.zop5Rb.39qMTDNo8ltid
x-amz-cf-pop: FRA6-C1
age: 7386484
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3273
last-modified: Fri, 08 Mar 2024 07:35:29 GMT
server: AmazonS3
etag: "4b03a476015c2ba9b9e74e895b97c12c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: Rf1PIHHrgUId_TMB0wQgQNkz-uHGdivyx0pTb8P8LaW4Oy88QDQ6nA==

GET
H2 200 adwords.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 4 KB
2 KB 122ms
40ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 23:59:28 GMT
content-encoding: gzip
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-version-id: .PFTD1mf4T6.cqCzCGDBaoXaZe77x4YA
x-amz-cf-pop: FRA6-C1
age: 12303568
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1356
last-modified: Wed, 18 Oct 2023 10:36:34 GMT
server: AmazonS3
etag: "257fe81df53dcd4819bc1a81e78fce58"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: 83neywpzdukSgLsiK6_cvvOA0SBeinc2Iadap8D8zaH-YtGOXLdQMg==

GET
H2 200 google-tag-manager.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 3 KB
2 KB 122ms
41ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 04 Jun 2024 02:24:38 GMT
content-encoding: gzip
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-version-id: 2QnOYwF5YFKn4huywZP2TBu6SmwTBwS6
x-amz-cf-pop: FRA6-C1
age: 1581258
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1343
last-modified: Mon, 03 Jun 2024 14:40:12 GMT
server: AmazonS3
etag: "a2b1aa1a0e402b1f891c929f94449d47"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: NnF-2pPWr2Zpd-x-1-k5-LSWLx26cOWterZqDJkIuOuB4NxLwRJ0Ig==

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
313 B 130ms
128ms XHR
text/plain 35.157.157.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CLz8BddIbHunRwx9J6JGIQ&is_js=true&landing_url=https%3A%2F%2Fwww.biltrewards.com%2F&t=Bilt%20Rewards&tip=Yw-4nesfQD555luFlqIYKXuvBnQTquQvvEIxbPiKiFQ&host=https%3A%2F%2Fwww.biltrewards.com&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIKrwxJMwEc-o56xp8vU6hQdRzR9-gyuuQbHJQBs3cHGXEHwYBCCtt9qzBjABOgRpr-VwQgQ0wuPo.SYRaiDR4Fedfl%252ByCG0p2a0N4OT%252BEahaR5Zoy8jjikS4&sa-user-id-v2=s%253AhLW-g-ZvW_lCpWHWCXSW4VD_B2Q.3%252FKLeTqdmpXqYoQDze6yRdtyHbxq591lVL38FvBaUzU&sa-user-id=s%253A0-84b5be83-e66f-5bf9-42a5-61d6097496e1.BoC1xr%252BePVZXCPAw9LgphswV6a8dqLfCP7mSR%252FBnJLM
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.157.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:38:55 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

POST
H2 200 vitals
vitals.vercel-insights.com/v1/ 2 B
166 B 175ms
56ms Ping
text/plain 99.81.186.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vitals.vercel-insights.com/v1/vitals
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.186.60 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-186-60.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
x-ratelimit-reset: 60
x-ratelimit-limit: 1000
cross-origin-resource-policy: cross-origin
content-length: 2
x-ratelimit-remaining: 999
content-type: text/plain; charset=utf-8

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=P...

0
0

GET
H2 200 identify_ce1d8843.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 65ms
64ms Script
application/javascript 104.81.60.131
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.81.60.131 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-81-60-131.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 14cf1fe5
date: Sat, 22 Jun 2024 09:38:55 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024052114000004272442F7A0EDA3B38B
x-tt-trace-id: 00-24052114000004272442F7A0EDA3B38B-1014094C36A193D7-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a104-81-60-127.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01f0aa22a47840d568f06f04b350ac5e00f33107bfe998a83cd8a1a6f4a8b8fd41f51711afe6974abe18e13d1a543999b6d15314d82ee53766603dd8de0c0e068e506e48d3dc3e429e4bb6682df1d501fa01e5bcf1bb14453ffdca9f613d34648b
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length: 39630

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
700 B 200ms
199ms Ping
text/plain 104.81.60.131
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.81.60.131 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-81-60-131.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 14cf2019
date: Sat, 22 Jun 2024 09:38:55 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2406220938559FAB1DCB290A3155B64F-3DE77E24477EF242-00
x-cache: TCP_MISS from a104-81-60-127.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
server-timing: inner; dur=24, cdn-cache; desc=MISS, edge; dur=6, origin; dur=128
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202406220938559FAB1DCB290A3155B64F
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 128,104.81.60.127
x-tt-trace-host: 01c67c59c51e22f2e3f175b97e1af2f2e0013dc8a7f322131148960820de6745dcefc5a13d807ec36c114dabae802584311278f6a6cf78aade30b85e98fe240c38925d83f61aa6f8417589e86827ca096c03dcd1fe587a4ffccfd7bd7202c40f35
access-control-allow-headers: Authorization,*
expires: Sat, 22 Jun 2024 09:38:55 GMT

GET
H3 200 en-US.json Show response
cdn.userway.org/widgetapp/2024-06-18-09-05-51/locales/ 621 B
1 KB 40ms
39ms XHR
application/json 156.146.33.138
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/locales/en-US.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 156.146.33.138 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 494557430.fra.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:55 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 245
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702619
x-77-cache: HIT
x-cache: HIT
x-age: 346516
x-accel-date: 1718702619
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwBnJIhiAH3lEkFAAwBJRPCNAH3WgIAAA
x-accel-expires: @1744622017
x-77-age: 346516
last-modified: Tue, 18 Jun 2024 09:08:08 GMT
server: CDN77-Turbo
etag: W/"85d8c40aac9c25bb0b993d4aa039a56f"
x-77-nzt-ray: f6587a1dc6006795af9b7666b1516628
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: I006M6BIl7x-xLgz4FGThaxSg5wYjrOJhu0AdfevLOumupf2UxH-iA==

POST
H2 200 t Show response
api.segment.io/v1/ 21 B
176 B 635ms
207ms Fetch
application/json 35.81.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/t

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.81.90.104 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-81-90-104.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:38:56 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
177 B 633ms
207ms Fetch
application/json 35.81.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.81.90.104 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-81-90-104.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:38:56 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H3 200 widget_app_base_1718701551140.js Show response
cdn.userway.org/widgetapp/2024-06-18-09-05-51/ Frame 83AF 153 KB
0 0ms
0ms Script
application/javascript 156.146.33.138
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widget.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 156.146.33.138 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 494557430.fra.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6aaebe577c186a50a1a101fc8b8d3717037e9e06b04411aaa1ab6181ca7820bb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:53 GMT
via: 1.1 603f36cbe39a66d93949b80e7296dad4.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 834
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702616
x-77-cache: HIT
x-cache: HIT
x-age: 346517
x-accel-date: 1718702616
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwBnJIhiAH3lUkFAAwBnJIhJwH3DQAAAA
x-accel-expires: @1744622603
x-77-age: 346517
last-modified: Tue, 18 Jun 2024 09:08:08 GMT
server: CDN77-Turbo
etag: W/"77708384a0baaf6b42aab0ec27776aab"
x-77-nzt-ray: f6587a1dc6008f17ad9b7666e24d8d21
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: abosIwSIJzFaOE5IBt217N739FeFPEdi_rgWO-L4Xgb6p5NxigJXrA==

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=P...

0
0

POST
H2 200 p
tr.snapchat.com/ 0
94 B 53ms
52ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
access-control-allow-origin: https://www.biltrewards.com
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 commons.c42222c4cb2f8913500f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 48ms
48ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 10:56:48 GMT
content-encoding: gzip
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-version-id: HopHKmY9TBcR3b.zdj3KrkRozUW9hj.F
x-amz-cf-pop: FRA6-C1
age: 6907328
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22177
last-modified: Fri, 08 Mar 2024 07:35:27 GMT
server: AmazonS3
etag: "befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: n9hcoQB_uF-N0xHaeWlAjE8JLZqd6e3bHbUXtF9V8rvtHihXsqlTlg==

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
842 B 212ms
211ms Ping
text/plain 104.81.60.131
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.81.60.131 Warsaw, Poland, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-81-60-131.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1a4c8c10.14cf231b
date: Sat, 22 Jun 2024 09:38:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2406220938558CFC275CB5170756912A-770C526BDA4B1BBE-00
x-cache: TCP_MISS from a104-81-60-127.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-)
x-parent-response-time: 140,104.81.60.127
server-timing: cdn-cache; desc=MISS, edge; dur=118, origin; dur=31, inner; dur=29
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202406220938558CFC275CB5170756912A
x-cache-remote: TCP_MISS from a23-201-31-222.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 33,23.201.31.222
x-tt-trace-host: 01c67c59c51e22f2e3f175b97e1af2f2e0f963f076d4474da39601c7e533eae9c5ff7c55146bcae3570e4c4fccaafbf68ee098fe6b01c8e9b445d01db212e9e7ff579bccc1026a058465340d73a05fc8a9cf92f1725814727d1b9d4548dbde5d2595056adf0d613501be8144fb1386dced
access-control-allow-headers: Authorization,*
expires: Sat, 22 Jun 2024 09:38:56 GMT

GET
H2 200 QjUw3jJCmMzYz9c4QnfbBW9f90.png
framerusercontent.com/images/ Frame 83AF 132 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/QjUw3jJCmMzYz9c4QnfbBW9f90.png?scale-down-to=2048

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

dbf408b4b3dfd2f8d8eb0aeb6b7edbd058145baef0e6a6f66c5cdfae60ea6129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:59 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 2060094
x-amzn-requestid: 3dc091e1-e03e-4bb6-8e0b-a1847090b251
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="35XUP7OVDJOsq0UqBpZUmO_4gtcU2EwTOFAXRlWN1ZpqNPhgHw1j8Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "9f44f9a2d3462b9c42daf50925f812a6"
x-amzn-trace-id: root=1-66572c6d-5653d00e16b2eb414cab87c3;parent=34eb06818d235f3c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 35XUP7OVDJOsq0UqBpZUmO_4gtcU2EwTOFAXRlWN1ZpqNPhgHw1j8Q==

GET
H2 200 Bxu6GY24oplllZd0X0beaOpeu1Y.png
framerusercontent.com/images/ Frame 83AF 28 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Bxu6GY24oplllZd0X0beaOpeu1Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

20f77cc806e9b12931909006e7b7c0f3ef604448553127fb4840befb83e3dbdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:18 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904134
x-amzn-requestid: 21a7df8e-5453-415e-bedc-82721691ad88
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="43PLy3ozFGQU-vf0Yh9wlZod2z1QIMZBaPV7jTSTd2KV9TUH4qIbAw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "694649febd947e20961fdc52c36a1b6f"
x-amzn-trace-id: root=1-66598da4-721ea4037d5b0cd6514d5b2d;parent=43c7c2b2df20fa0d;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 43PLy3ozFGQU-vf0Yh9wlZod2z1QIMZBaPV7jTSTd2KV9TUH4qIbAw==

GET
H2 200 Yq0ObCqEE6wFZWZK5Dp54noE4.png
framerusercontent.com/images/ Frame 83AF 29 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Yq0ObCqEE6wFZWZK5Dp54noE4.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

37b0e3adcb423c67bf49bdd6d3dd0648efefa8d9e20480b0b29d46a19e4ba219

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: d46bac26-e09a-40e9-9fd5-afed7738ff75
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="VRJ9oR_uiyo55kDcFjOK4X-UfPc5TgtCOyI1-PIiM7AhpUDi8a17iA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "c6e24cdaccc5299d7a8f875f8743d30e"
x-amzn-trace-id: root=1-66598da4-2f196e0c6f1b0fe95a37fba3;parent=01213195f8a07e79;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: VRJ9oR_uiyo55kDcFjOK4X-UfPc5TgtCOyI1-PIiM7AhpUDi8a17iA==

GET
H2 200 kPxJM4tLgnLH1CadICtjXQIzHyU.png
framerusercontent.com/images/ Frame 83AF 11 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/kPxJM4tLgnLH1CadICtjXQIzHyU.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9f2de267caf2c16b77c75714244dca82f24cbad55ac1ebe2a521478f0f80d96c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 655c2465-83ac-4256-96e1-11e0768108fc
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="CYSzWi7Pil-YnAaDs_6RRr2bBS7nAU69LM9dQTgsdqcY_alLMxdM_g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b6d8528cb0862d636f44357e6661fb6b"
x-amzn-trace-id: root=1-665db9e2-254a7ac76d7432ca070fda85;parent=264945b32c77953c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: CYSzWi7Pil-YnAaDs_6RRr2bBS7nAU69LM9dQTgsdqcY_alLMxdM_g==

GET
H2 200 PpmuiGEDXM3kHtBp5icQtJnddr8.png
framerusercontent.com/images/ Frame 83AF 28 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/PpmuiGEDXM3kHtBp5icQtJnddr8.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

fbae4ca2b9bfa35c988e17cda52739ebb5fccae54aadcbd3bd60ea685d8f7db3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630664
x-amzn-requestid: 2967c2f4-83a7-4b05-ad1e-bee6a85e63d2
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="vsuIEhUaHS6LZTj_bKiaeLwNKKJcjtMAzvG7LDtB9qf0BumOymVFyQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4d149524d55a92725620617c72dc0f5b"
x-amzn-trace-id: root=1-665db9e4-3a03706506592bf701908d96;parent=0398abb62d612e13;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: vsuIEhUaHS6LZTj_bKiaeLwNKKJcjtMAzvG7LDtB9qf0BumOymVFyQ==

GET
H2 200 u3YgOCmum1dUpL43rOc7L0t2pTE.png
framerusercontent.com/images/ Frame 83AF 30 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/u3YgOCmum1dUpL43rOc7L0t2pTE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

af579449c699ae38f8549823d30a2431f10ff142d8b8a7b020c3c3fa657afb04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 948e388f-22b0-4706-8615-9ae55b7cec87
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="U7RfVbEMX4w_Q6k9LloOAW5TLv-gomVzIpehWB0_rMdVTK5EBf63HA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "54d9766988f720d880a80bcd046a7f4c"
x-amzn-trace-id: root=1-66598da4-4bd94c9d39d417a513be5ec3;parent=7f222031b585e31c;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: U7RfVbEMX4w_Q6k9LloOAW5TLv-gomVzIpehWB0_rMdVTK5EBf63HA==

GET
H2 200 q2ZbwDh95WKyNtMuZKqIZa0Y.png
framerusercontent.com/images/ Frame 83AF 65 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/q2ZbwDh95WKyNtMuZKqIZa0Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b44fba50cfe4f65d7064ea44d718ca944a543a21523a1199f54b51267b382aaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: eff35b84-b4f1-49cc-95af-f92d18a80e02
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="n7asi2I7446E0GJMv6kJKcfkl5YbZsZB1736mqzT-t9OeMOWcmT7jA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "92970d3281920a9345514e4c0b3d8611"
x-amzn-trace-id: root=1-665db9e2-518bcac235956b6b5676ffab;parent=2d2530afbab55057;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: n7asi2I7446E0GJMv6kJKcfkl5YbZsZB1736mqzT-t9OeMOWcmT7jA==

GET
H2 200 VyL41pOzjpyf0ifC7GjerSeo3E.png
framerusercontent.com/images/ Frame 83AF 38 KB
0 1ms
1ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/VyL41pOzjpyf0ifC7GjerSeo3E.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

7b54954f42c244b6469b41796790bf3a73ef8dea90df796de72700e338510b7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 2daf957c-5c19-4ed7-bce0-d2a59eb5ba15
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="GpSsU8rvsSZ0pI5wAeqcj81DDz1jNqGx12U-3y5U5CpnREp33RIH-w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "8ee442950d0dfd58fb72890fdf5ef378"
x-amzn-trace-id: root=1-66598da4-1d8199fa1f2323420dfa21eb;parent=75a1c780cb8736e5;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: GpSsU8rvsSZ0pI5wAeqcj81DDz1jNqGx12U-3y5U5CpnREp33RIH-w==

GET
H2 200 ly7hsGndYyaskNI1AqcxaAt6I.png
framerusercontent.com/images/ Frame 83AF 17 KB
0 0ms
0ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/ly7hsGndYyaskNI1AqcxaAt6I.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c4364793c025ac994a20ca914390c6149d96d04d49e899c1f2841b86403085d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904135
x-amzn-requestid: 71735d26-de1a-465c-9c5e-aaaf90897b42
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="9xntoX0AP1zyAsS_hUH44tQ40C37Xwq1HB-wyH8lKLT70NbUcj8GLg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "02ea2c88a54ea62fa4c658d492294406"
x-amzn-trace-id: root=1-66598da4-783ae3b149df1f67619ab9b3;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: 9xntoX0AP1zyAsS_hUH44tQ40C37Xwq1HB-wyH8lKLT70NbUcj8GLg==

GET
H2 200 RVFtmFp0chpaTRBkxXKss5HkWuI.png
framerusercontent.com/images/ Frame 83AF 16 KB
0 1ms
1ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/RVFtmFp0chpaTRBkxXKss5HkWuI.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

202acd59e03fcb77117dc9236c520e2d05a94970cba9c7b5cb9a5b59b3044f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:09 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630664
x-amzn-requestid: d4622b8d-3758-4fb0-ae40-0f260aa2d2b3
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="D8jZxEcm_aV1SdOVspdxlj0ZYDlyWMZtHbBeM61DRABhhIaRaUPApg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "e00b69153884cd656dc2b410e8b08cc9"
x-amzn-trace-id: root=1-665db9e4-6407f79559a1e1a35d384043;parent=56c4dce1803ec62b;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: D8jZxEcm_aV1SdOVspdxlj0ZYDlyWMZtHbBeM61DRABhhIaRaUPApg==

GET
H2 200 wkMxGLA0wVGsaSgWt2doW86Zic.png
framerusercontent.com/images/ Frame 83AF 23 KB
0 1ms
1ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/wkMxGLA0wVGsaSgWt2doW86Zic.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

b7b48e76ac20a8506f11556b83cbbc3da9ed6d26be2b200c37395efc4acb54da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630665
x-amzn-requestid: f484bbe3-b5ff-4517-8cee-dfe0512c5187
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="Dsg2XSeKICa989irBXrnQunLywTunupMuP7uuc-6W-p0nMEBKIk7DA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "54bf9e3a2a9f9265c6a95ecfa43f52cc"
x-amzn-trace-id: root=1-665db9e2-651b91d42612b063681a5491;parent=65955e563fd658ab;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: Dsg2XSeKICa989irBXrnQunLywTunupMuP7uuc-6W-p0nMEBKIk7DA==

GET
H2 200 UPxnowvsa2Fbt3lp5oDDFXRjROc.png
framerusercontent.com/images/ Frame 83AF 24 KB
0 2ms
2ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/UPxnowvsa2Fbt3lp5oDDFXRjROc.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

c9ea60675037dce0df08f2176c1aae4a77109ebbde2731de6a1c2877cf25d385

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:07 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630666
x-amzn-requestid: 3cc689dd-3955-497e-aa41-7d0a3d1d3d0e
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="DbhBr9N7JiFPj9wv84CI0PrzygPSoMZolIF4Oa1_3q22hRJednBkOA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "b00357e17985a8fa8eccecede802323b"
x-amzn-trace-id: root=1-665db9e2-402eb0a1276d338178d877c0;parent=0ee42dc5dc766c5d;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: DbhBr9N7JiFPj9wv84CI0PrzygPSoMZolIF4Oa1_3q22hRJednBkOA==

GET
H2 200 2Zx97veGwo826dqlIbR2hMKiY.png
framerusercontent.com/images/ Frame 83AF 115 KB
0 2ms
2ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/2Zx97veGwo826dqlIbR2hMKiY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e89e060a5fbaf33c2384ec566de329536cb538cf6aa813f307976510270cd92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 12:41:10 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1630663
x-amzn-requestid: 4aabbcd8-0b71-4a3f-a86b-62235ed0ab0a
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="mpWP3JfrXg6YcWSKPqmeyU-Zv6qvMhhJF9ekWGtDxdxHJdfn6a04Gg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "c22d0e2420f65629a25b5832e55d875c"
x-amzn-trace-id: root=1-665db9e4-119c5a1958e6203b5e2c5b47;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: mpWP3JfrXg6YcWSKPqmeyU-Zv6qvMhhJF9ekWGtDxdxHJdfn6a04Gg==

GET
H2 200 i6iRuC8inkOu49dyb2cMx7KLX9o.png
framerusercontent.com/images/ Frame 83AF 21 KB
0 2ms
2ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/i6iRuC8inkOu49dyb2cMx7KLX9o.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

62c08a47b9c1ea92ff71f00169d06efb448ca8776fcb802eec4cabbfa2330b7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:17 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904136
x-amzn-requestid: 75e3b5a6-b1c4-4672-a30a-9e2c5811203e
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ny0MN3rYQLRJlVGaT7cpUaHDrUrqp3ObCtprFRvXhvTmchkAZTmpMw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=7
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "4cfb90fa3ade57033e09c070cbd91b79"
x-amzn-trace-id: root=1-66598da4-443bc49c570d03fe72ece2c0;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: ny0MN3rYQLRJlVGaT7cpUaHDrUrqp3ObCtprFRvXhvTmchkAZTmpMw==

GET
H2 200 4Um58dLygSHRrlUbzVAaCiPfHeE.png
framerusercontent.com/images/ Frame 83AF 47 KB
0 2ms
2ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/4Um58dLygSHRrlUbzVAaCiPfHeE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

f1cb3329ff7fd33266cf9cccb78db005f7debfb81c04064dc99027e70ae802b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 31 May 2024 08:43:18 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 1904134
x-amzn-requestid: 0d41e008-20c6-4d6b-a5b9-88f87a853419
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="hsjTcrNkAmtsVfffpdTkv33q-Wzt8P2vrhoBOW5EfercoXrfHvhp7A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "197f62d4bf715c9807e791b412362eef"
x-amzn-trace-id: root=1-66598da4-3760d7b84b6e6b2472d72963;parent=6bc7e912b0d61504;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: hsjTcrNkAmtsVfffpdTkv33q-Wzt8P2vrhoBOW5EfercoXrfHvhp7A==

GET
H2 200 OwD5vj1mJJkrw8fQ4TLBsZu7VY.png
framerusercontent.com/images/ Frame 83AF 61 KB
0 3ms
3ms Image
image/avif 2600:9000:2490:800:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OwD5vj1mJJkrw8fQ4TLBsZu7VY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:800:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ce5ba9175b06a09cbcf8a19a531d9b73387910d84102e3f1f2485b9174bc4387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 13:23:57 GMT
via: 1.1 409b27093eb36cec367cdee5f3ecf8b2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P6
age: 2060096
x-amzn-requestid: 871e5468-64ea-455c-add6-e5f50abd8d83
content-security-policy-report-only: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/reportOnly;
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="xYCY3NHyExLO6XdugVK5rLbXwUlJFwuVmuW6TR9-hxwuya--Ex7BsQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=8
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
etag: "94b01a5a19008bafc1d542d3263e3c49"
x-amzn-trace-id: root=1-66572c6c-18c7254f2b7ad69361d7b718;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=31536000
timing-allow-origin: *
x-amz-cf-id: xYCY3NHyExLO6XdugVK5rLbXwUlJFwuVmuW6TR9-hxwuya--Ex7BsQ==

POST
H2 200 TlbN1PqpZB Show response
api.userway.org/api/tunings/ Frame 83AF 63 B
446 B 218ms
217ms XHR
application/json 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/TlbN1PqpZB
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 0ca8160a692d2ede5ba928e6b91500ca2e3b41bce9f4da9ac974b7df22f03cfb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
etag: W/"3f-PV0A++2rqOc4r1el3VJc1nugD2g"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usr82b7bccd934045c
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 63
x-service-version: uw-pr

GET
H2 200 commons.a61d7bea37d2de5d4b69.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 70 KB
22 KB 48ms
47ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/1455-2c977d514acb3577.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 20 Jun 2024 02:59:55 GMT
content-encoding: gzip
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
x-amz-version-id: V.SxMmReU8g28xcE4bFlqm5TAakYuTpt
x-amz-cf-pop: FRA6-C1
age: 196741
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 21911
last-modified: Mon, 03 Jun 2024 14:40:11 GMT
server: AmazonS3
etag: "c467a63b2e7c3a99be423ace649014d8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: jVHGMcXi6Egs-0A5BDPK2xLhIqAx148fA7l3EVIDSlNGwb68BZJD2A==

GET
H2 200 nid-pixel520.js Show response
scripts.neuro-id.com/c/ Frame 6456 1 KB
1 KB 148ms
44ms Script
application/json 2600:9000:275b:aa00:19:2755:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.neuro-id.com/c/nid-pixel520.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:aa00:19:2755:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 484c4ee9d29985b8253fc7a491ccfd062160585ce79280d088e9877fb969bf15

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: l3eyZyjvgrBkpRfEUbsa1PNCfRoP4bph
content-encoding: gzip
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
date: Sat, 22 Jun 2024 09:37:42 GMT
x-amz-cf-pop: FRA60-P7
age: 75
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 707
last-modified: Thu, 06 Jun 2024 17:34:49 GMT
server: AmazonS3
etag: "7f13fca18370d439fbc0a313bec2a019"
content-type: application/json
cache-control: max-age=90
accept-ranges: bytes
x-amz-cf-id: w2XYdfotUpfuI9-lAlEqYSObjvYCE7IISp0RF-Lfpwpeo3T3cjVDUQ==

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=P...

0
0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/ Frame 6456 518 KB
0 0ms
0ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

612ad04469fba362238294e47106a2e6061ef90c111851c0cdcae2e3ee27a6bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 06:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9557
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 210814
x-xss-protection: 0
last-modified: Sat, 15 Jun 2024 04:02:13 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 22 Jun 2025 06:59:36 GMT

GET
H3 200 xdi.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 6456 26 KB
12 KB 288ms
287ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/xdi.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eff87b0205e1ebe55ca731239b15df7b48583b9015ce78cb50a886a97e8b1be8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"aa1a6c432a54ae84e0a582a0f4b77c78"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44ad0b9db620-WAW

GET
H3 200 ui.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 6456 295 KB
0 1ms
0ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:53 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"2ff4fae52b8ac954d5874b92987806e9"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44995846b620-WAW

GET
H3 200 en-US.json Show response
cdn.userway.org/widgetapp/2024-06-18-09-05-51/locales/ Frame 83AF 621 B
0 0ms
0ms XHR
application/json 156.146.33.138
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/locales/en-US.json
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js
Protocol: H3
Security: QUIC, , AES_256_GCM
Server: 156.146.33.138 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 494557430.fra.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:55 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 245
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702619
x-77-cache: HIT
x-cache: HIT
x-age: 346516
x-accel-date: 1718702619
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwBnJIhiAH3lEkFAAwBJRPCNAH3WgIAAA
x-accel-expires: @1744622017
x-77-age: 346516
last-modified: Tue, 18 Jun 2024 09:08:08 GMT
server: CDN77-Turbo
etag: W/"85d8c40aac9c25bb0b993d4aa039a56f"
x-77-nzt-ray: f6587a1dc6006795af9b7666b1516628
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: I006M6BIl7x-xLgz4FGThaxSg5wYjrOJhu0AdfevLOumupf2UxH-iA==

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=P...

43 B
272 B

418ms
117ms

Image
image/gif

52.202.134.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Server: 52.202.134.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-134-190.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
x-pixel-event-id: 587d63b2-5735-4445-b6bf-3ae76e1e8e83
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?dtstmp=1719049136250&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D
date: Sat, 22 Jun 2024 09:38:56 GMT
content-length: 0

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYW...
https://rp4.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjY...

43 B
270 B

424ms
122ms

Image
image/gif

52.202.134.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTkwNDkxMzUwNzEmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxajB6bjA4Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE5MDQ5MTM1MDcxJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Server: 52.202.134.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-134-190.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
x-pixel-event-id: 05b03308-9580-46a5-9f66-1287257f66ab
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?dtstmp=1719049136251&aid=b-00ri&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTkwNDkxMzUwNzEmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxajB6bjA4Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE5MDQ5MTM1MDcxJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D
date: Sat, 22 Jun 2024 09:38:56 GMT
content-length: 0

GET remediation_1718701551140.js
cdn.userway.org/widgetapp/2024-06-18-09-05-51/remediation/ 0
0

GET IXD25a7qYzAOaBBz.json
cdn.userway.org/remediations/consolidated/2055530/ 0
0

GET
H2 200 body_wh.svg
cdn.userway.org/widgetapp/images/ 4 KB
3 KB 43ms
41ms Image
image/svg+xml 2a02:6ea0:c700::22
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/body_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:56 GMT
via: 1.1 47bf742fc3975367a1788e300150d028.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 37
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702655
x-77-cache: HIT
x-cache: HIT
x-age: 346481
x-accel-date: 1718702655
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwB1GY4tAH3cUkFAAwBJRPCMQH3fwIAAA
x-accel-expires: @1744622016
x-77-age: 346481
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"1d8b1582fe82bd329041cc1982ad42e4"
x-77-nzt-ray: 6d204d11045b2fa1b09b76662d1e9112
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: fybUTrUQTf0ePw59LaHbPg2c_3j_eh3CzYQozyC8t9WlIi4yLXjGvQ==

GET
H2 200 spin_wh.svg
cdn.userway.org/widgetapp/images/ 2 KB
1 KB 42ms
42ms Image
image/svg+xml 2a02:6ea0:c700::22
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/spin_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::22 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 22 Jun 2024 09:38:56 GMT
via: 1.1 004e894746bfb0d8f9e19ef0400dda24.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 37
x-amz-server-side-encryption: AES256
x-accel-date-max: 1718702654
x-77-cache: HIT
x-cache: HIT
x-age: 346482
x-accel-date: 1718702654
alt-svc: h3=":443"; ma=86400
x-77-nzt: EgwB1GY4tAH3ckkFAAwB1GY4EQH3fgIAAA
x-accel-expires: @1744622016
x-77-age: 346482
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"8e0a35946bf39d10f46a1f1653366a0a"
x-77-nzt-ray: 6d204d11045b2fa1b09b76660be49712
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
vary: Accept-Encoding
x-amz-cf-id: -eZ7PyP_ToccEAwC1kVA2gc8cZ8Y3bemhpcnfWm1RJsYV1vjmLtlgA==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 356ms
44ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0313b0d078dfe6c7ab517c11404b0c01458469006fbf1a0d4d4c5e90517e54f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 22 Jun 2024 09:38:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58024
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2805, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: bwt6iFeS3Ld/sfK+MqQLOWB0TxJu7uVU2aQ5U3aHY9In8onLuXE21TUFQD2aN0Z7McB2DjHH2GhvG5V0IoLxEQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 53 KB
19 KB 161ms
85ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

d3ef83f7563159fa039d4607edcc39c0b0e1387a9788675395070023dcbe520d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19404
x-xss-protection: 0
server: cafe
etag: 5470010768453112333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 22 Jun 2024 09:38:56 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 307 KB
103 KB 73ms
73ms Script
application/javascript 142.250.184.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX&l=dataLayer&gtm_preview=gtm_auth=WonWorjHdmyZK4CuPVtRVg&gtm_preview=env-8

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.232 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2b2889d19a0ef33459e32d35e846a30a47d0f5b0c7ec34af17b166762140c30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104928
x-xss-protection: 0
last-modified: Sat, 22 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 22 Jun 2024 09:38:56 GMT

GET
H2 200 nid-adv-5.2.6.js Show response
scripts.neuro-id.com/ Frame 6456 150 KB
47 KB 45ms
45ms Script
application/javascript 2600:9000:275b:aa00:19:2755:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.neuro-id.com/nid-adv-5.2.6.js
Requested by: Host: scripts.neuro-id.com
URL: https://scripts.neuro-id.com/c/nid-pixel520.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:aa00:19:2755:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6e7cf16d4cf4ae924a5effe760d503d3dfe27fd40196dc3dd1da25aa35e6463d

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 23:28:40 GMT
content-encoding: gzip
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
x-amz-version-id: yxCY.ebSgW9nRrnJwbrzD_vYMExHtEBm
x-amz-cf-pop: FRA60-P7
age: 1419017
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47545
last-modified: Mon, 03 Jun 2024 15:49:48 GMT
server: AmazonS3
etag: "90d59f553f1ee376acaa7b61874ef0a6"
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: FKJkiA3I1jyJGQLPeS7qrxIoGW1IJhz3_4bykcB0G2QcAeRLpRhMzg==

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame F86B 0
0 71ms
70ms Document
text/html 142.250.184.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly9pZC5iaWx0cmV3YXJkcy5jb206NDQz&hl=de&v=KXX4ARWFlYTftefkdODAYWZh&size=invisible&cb=5wf0rjlm5wky

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MICCOmvM1_qenHw2nQTwQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://id.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-MICCOmvM1_qenHw2nQTwQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 22 Jun 2024 09:38:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cm.css
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 6456 15 KB
0 0ms
0ms Stylesheet
text/css 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/cm.css

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"58539a2b908f4e73e04d4f950b1b35a3"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44a24ec5c060-WAW

GET
H3 200 en.json Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/ Frame 6456 8 KB
0 0ms
0ms Fetch
application/json 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/en.json

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"deeec53da2118f7d45f432e74ecef857"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
timing-allow-origin: *
cf-ray: 897b44a789b3b620-WAW

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/10874839969/ 3 KB
2 KB 90ms
89ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10874839969/?random=1719049136563&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

1a3491a27f8281f439af6dba39251dfcd1f056100e629c9a428265df9109f033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 22 Jun 2024 09:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1525
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/ 43 B
61 B 168ms
78ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=1719049136567&cv=9&fst=1719049136567&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=path%3D%2F%3Breferrer%3D%3Bsearch%3D%3Btitle%3DBilt%20Rewards%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2F&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 22 Jun 2024 09:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/10874839969/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u...
https://www.google.com/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_hi...
https://www.google.de/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his...

42 B
64 B

108ms
57ms

Image
image/gif

142.250.186.67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIuYaOifXuhgMVomEeAh3Mtg-AMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwDaQooL18tZW1HLAgoLn5r9xlOqxNj2Io5oKg&random=2205092293&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Server

142.250.186.67 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 22 Jun 2024 09:38:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 22 Jun 2024 09:38:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10874839969/?random=874110728&cv=9&fst=1719049136563&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyPW5hdmlnYXRpb24tc291cmNlLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIuYaOifXuhgMVomEeAh3Mtg-AMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwDaQooL18tZW1HLAgoLn5r9xlOqxNj2Io5oKg&random=2205092293&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 353467326379958 Show response
connect.facebook.net/signals/config/ 59 KB
13 KB 119ms
118ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/353467326379958?v=2.9.158&r=stable&domain=www.biltrewards.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6c8c90b357504a1f42080e1d72b9bf9a74cf7ebf2e6b5b56472be2d1ca73cff0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 22 Jun 2024 09:38:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=65, mss=1297, tbw=63565, tp=-1, tpl=-1, uplat=78, ullat=0
pragma: public
x-fb-debug: w2iQWUiV5kgIfyvKwCRedTmOcWMMTO+qxw+tbcby1PXpZha6S5lbSlOmxEwSJJPjQdLtkofAE+xUK99+vXX6cw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 132ms
39ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=353467326379958&ev=PageView&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1719049137042&sw=1600&sh=1200&ud[external_id]=d27c6579327067a0d8157d080a895dfd6835a996bc1a88789275e495b4aaecd5&v=2.9.158&r=stable&a=seg&ec=0&o=4124&fbp=fb.1.1719049137040.696724214812339004&pm=1&hrl=f542a7&ler=empty&cdl=API_unavailable&it=1719049136871&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1719049135478-f83a830e-3a9a-406a-b322-5f8de2cd2385&cs_cc=1&cas=7368986099863077%2C5027429843991248%2C5406700332768189%2C4118934621525755%2C4544091382281257%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=GET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=2832, tp=-1, tpl=-1, uplat=1, ullat=1
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 22 Jun 2024 09:38:57 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 297ms
205ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=353467326379958&ev=PageView&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1719049137042&sw=1600&sh=1200&ud[external_id]=d27c6579327067a0d8157d080a895dfd6835a996bc1a88789275e495b4aaecd5&v=2.9.158&r=stable&a=seg&ec=0&o=4124&fbp=fb.1.1719049137040.696724214812339004&pm=1&hrl=f542a7&ler=empty&cdl=API_unavailable&it=1719049136871&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1719049135478-f83a830e-3a9a-406a-b322-5f8de2cd2385&cs_cc=1&cas=7368986099863077%2C5027429843991248%2C5406700332768189%2C4118934621525755%2C4544091382281257%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=FGET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x7a637d11c868b643","source_keys":["1","2"]},{"key_piece":"0x0f7f131dd328ae57","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Sat, 22 Jun 2024 09:38:57 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7383259823931525964", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=14, mss=1297, tbw=3150, tp=-1, tpl=-1, uplat=165, ullat=0
pragma: no-cache
x-fb-debug: fVNyXJAHm9zjR0hntKhnxCpo5q4YpI1/CJ367WUuNnnkrNzmlQH/8H83mBn6b9reErumP4dk3tJyIqTv1sKChw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7383259823931525964"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
125 B 45ms
44ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=353467326379958&ev=User%20properties&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1719049140199&sw=1600&sh=1200&ud[external_id]=d27c6579327067a0d8157d080a895dfd6835a996bc1a88789275e495b4aaecd5&v=2.9.158&r=stable&a=seg&ec=1&o=4124&fbp=fb.1.1719049137040.696724214812339004&pm=1&hrl=a80ff7&ler=empty&cdl=API_unavailable&it=1719049136871&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1719049135455-0acc72f8-3a83-4e3a-9a10-6af3225f8de2&tm=2&cs_cc=1&cas=5027429843991248%2C5406700332768189%2C4118934621525755%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=GET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=6450, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 22 Jun 2024 09:39:00 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
1 KB 70ms
70ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=353467326379958&ev=User%20properties&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1719049140199&sw=1600&sh=1200&ud[external_id]=d27c6579327067a0d8157d080a895dfd6835a996bc1a88789275e495b4aaecd5&v=2.9.158&r=stable&a=seg&ec=1&o=4124&fbp=fb.1.1719049137040.696724214812339004&pm=1&hrl=a80ff7&ler=empty&cdl=API_unavailable&it=1719049136871&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1719049135455-0acc72f8-3a83-4e3a-9a10-6af3225f8de2&tm=2&cs_cc=1&cas=5027429843991248%2C5406700332768189%2C4118934621525755%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=FGET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xccf857131fcf2f5c","source_keys":["1","2"]},{"key_piece":"0x15d2943097dc4e2a","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Sat, 22 Jun 2024 09:39:00 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7383259838273328299", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1297, tbw=6619, tp=-1, tpl=-1, uplat=27, ullat=0
pragma: no-cache
x-fb-debug: lsjmfteTdG+/U7LEi7z4I1IkuGGB5fL2sLCm3r3wDAhTu2KIfYI6QumoAxBTId5k1ukE8TWy5mqIej4K+YAilw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7383259838273328299"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
sync-transcend-cdn.com/consent-manager/ Frame 7220 0
0 167ms
66ms Document
application/xhtml+xml 2606:4700::6812:6f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:6f8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://id.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET,HEAD,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
age: 6573
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 897b44cbc957a02e-FRA
content-disposition: inline
content-encoding: br
content-type: application/xhtml+xml
date: Sat, 22 Jun 2024 09:39:01 GMT
etag: W/"ecaabd46fc191f55321d2c2683697460"
expect-ct: max-age=86400, enforce
expires: Sat, 22 Jun 2024 09:40:01 GMT
referrer-policy: same-origin
server: cloudflare
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 status Show response
api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2F/DESKTOP/WIDGET_ON/ 77 B
454 B 4157ms
4157ms Fetch
application/json 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2F/DESKTOP/WIDGET_ON/status
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb22:4a2a:1755:1e89:3db3 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 22 Jun 2024 09:39:05 GMT
etag: W/"4d-wYLRLrbWidRwnfhEvoB+Y2U04NY"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 77
x-service-version: seo-w-e487c77f

GET
H2 204 js_tracking Show response
tags.srv.stackadapt.com/ 0
154 B 222ms
222ms XHR
text/plain 35.157.157.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/js_tracking?url=https%3A%2F%2Fwww.biltrewards.com%2F&uid=CLz8BddIbHunRwx9J6JGIQ&v=1&host=https%3A%2F%2Fwww.biltrewards.com&l_src=&l_src_d=&u_src=&u_src_d=&shop=false
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.157.150 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-157-150.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:39:05 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET

POST
H2 200 m Show response
api.segment.io/v1/ 21 B
176 B 207ms
207ms Fetch
application/json 35.81.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/m

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/7438-5047dde1b6b54bcf.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.81.90.104 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-81-90-104.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 22 Jun 2024 09:39:23 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel-config.reddit.com
URL: https://pixel-config.reddit.com/pixels/t2_7lmxmkme/config

Domain: www.redditstatic.com
URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry

Domain: conversions-config.reddit.com
URL: https://conversions-config.reddit.com/v1/pixel/error

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D&n3pc=true

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D

Domain: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/remediation/remediation_1718701551140.js

Domain: cdn.userway.org
URL: https://cdn.userway.org/remediations/consolidated/2055530/IXD25a7qYzAOaBBz.json

Verdicts & Comments Add Verdict or Comment

117 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 21:32:15	Name: X-AB Value: 6ebb24332aa9400f8a329ba49f8e267c
.liadm.com/j	1970-01-21 07:06:49	Name: lidid Value: 899b6c64-1b1a-4ea0-8246-744e4779eb67
.liadm.com/p	1970-01-21 07:06:49	Name: lidid Value: 899b6c64-1b1a-4ea0-8246-744e4779eb67
www.biltrewards.com/	1970-01-21 06:16:25	Name: theme Value: light
.mgln.ai/	1970-01-20 22:57:13	Name: arc_id Value: eyJfcmFpbHMiOnsibWVzc2FnZSI6IklqRXpabUpoWWpjNUxUVmpNbU10TkRnMU5pMDVZemczTFdVMVptRXhZMkk1WTJZeU5DST0iLCJleHAiOiIyMDI0LTA4LTIxVDA5OjM4OjUzLjI2NloiLCJwdXIiOiJjb29raWUuYXJjX2lkIn19--0d88e7efed62022b94952901e74f34c31b7773e5
.biltrewards.com/	1970-01-20 23:40:25	Name: _gcl_au Value: 1.1.430553092.1719049133
tags.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id Value: s%3A0-84b5be83-e66f-5bf9-42a5-61d6097496e1.BoC1xr%2BePVZXCPAw9LgphswV6a8dqLfCP7mSR%2FBnJLM
.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id Value: s%3A0-84b5be83-e66f-5bf9-42a5-61d6097496e1.BoC1xr%2BePVZXCPAw9LgphswV6a8dqLfCP7mSR%2FBnJLM
tags.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id-v2 Value: s%3AhLW-g-ZvW_lCpWHWCXSW4VD_B2Q.3%2FKLeTqdmpXqYoQDze6yRdtyHbxq591lVL38FvBaUzU
.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id-v2 Value: s%3AhLW-g-ZvW_lCpWHWCXSW4VD_B2Q.3%2FKLeTqdmpXqYoQDze6yRdtyHbxq591lVL38FvBaUzU
tags.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id-v3 Value: s%3AAQAKIKrwxJMwEc-o56xp8vU6hQdRzR9-gyuuQbHJQBs3cHGXEHwYBCCtt9qzBjABOgRpr-VwQgQ0wuPo.SYRaiDR4Fedfl%2ByCG0p2a0N4OT%2BEahaR5Zoy8jjikS4
.srv.stackadapt.com/	1970-01-21 06:16:25	Name: sa-user-id-v3 Value: s%3AAQAKIKrwxJMwEc-o56xp8vU6hQdRzR9-gyuuQbHJQBs3cHGXEHwYBCCtt9qzBjABOgRpr-VwQgQ0wuPo.SYRaiDR4Fedfl%2ByCG0p2a0N4OT%2BEahaR5Zoy8jjikS4
.tiktok.com/	1970-01-21 06:52:25	Name: _ttp Value: 2iEI6TCJpaHvM3bv0ty5Z0pFSE0
.tapad.com/	1970-01-20 22:57:13	Name: TapAd_TS Value: 1719049134342
.tapad.com/	1970-01-20 22:57:13	Name: TapAd_DID Value: 869de732-780f-4b7b-a00b-e6a5553f7a73
.tapad.com/	1970-01-20 22:57:13	Name: TapAd_3WAY_SYNCS Value:
.biltrewards.com/	1970-01-21 07:06:49	Name: _ga_QLSYZKSM0E Value: GS1.1.1719049134.1.0.1719049134.0.0.0
.biltrewards.com/	1970-01-21 07:06:49	Name: _ga Value: GA1.1.260883237.1719049135
.biltrewards.com/	1970-01-20 23:40:25	Name: _rdt_uuid Value: 1719049134757.c8ea2545-0dce-49bf-9ec1-42a1bc51664a
www.biltrewards.com/	1970-01-21 06:16:25	Name: sa-user-id Value: s%253A0-84b5be83-e66f-5bf9-42a5-61d6097496e1.BoC1xr%252BePVZXCPAw9LgphswV6a8dqLfCP7mSR%252FBnJLM
www.biltrewards.com/	1970-01-21 06:16:25	Name: sa-user-id-v2 Value: s%253AhLW-g-ZvW_lCpWHWCXSW4VD_B2Q.3%252FKLeTqdmpXqYoQDze6yRdtyHbxq591lVL38FvBaUzU
www.biltrewards.com/	1970-01-21 06:16:25	Name: sa-user-id-v3 Value: s%253AAQAKIKrwxJMwEc-o56xp8vU6hQdRzR9-gyuuQbHJQBs3cHGXEHwYBCCtt9qzBjABOgRpr-VwQgQ0wuPo.SYRaiDR4Fedfl%252ByCG0p2a0N4OT%252BEahaR5Zoy8jjikS4
.biltrewards.com/	1970-01-21 07:00:35	Name: _scid Value: 4c7411b9-64ba-485b-8549-da653cd5d2d4
.biltrewards.com/	1970-01-21 07:00:35	Name: _scid_r Value: 4c7411b9-64ba-485b-8549-da653cd5d2d4
.biltrewards.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .biltrewards.com
.biltrewards.com/	1970-01-21 07:06:49	Name: _lc2_fpi Value: 05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg
.biltrewards.com/	1970-01-21 07:06:49	Name: _lc2_fpi_meta Value: {%22w%22:1719049134807}
.snapchat.com/	1970-01-21 06:52:25	Name: sc_at Value: v2\|H4sIAAAAAAAAAAXBiQkAMAgEsImE+qE3ThU7hcM3MeAqXEgQTTZalClNdUdflMA6dzkYx8Dqez4bFN1zMgAAAA==
.liadm.com/	1970-01-21 07:06:49	Name: lidid Value: 899b6c64-1b1a-4ea0-8246-744e4779eb67
.biltrewards.com/	1970-01-21 06:16:25	Name: ajs_anonymous_id Value: cc72f83a-830e-4a9a-906a-f3225f8de2cd
.biltrewards.com/	1970-01-21 06:52:25	Name: _tt_enable_cookie Value: 1
.biltrewards.com/	1970-01-21 06:52:25	Name: _ttp Value: okR-mBNCjeUadZxP9mQwOh5JS2a
.biltrewards.com/	1970-01-21 07:00:35	Name: _sc_cspv Value: https%3A%2F%2Ftr6.snapchat.com%2Fp
id.biltrewards.com/	1970-01-21 06:16:25	Name: theme Value: light
.doubleclick.net/	1970-01-20 21:30:50	Name: test_cookie Value: CheckForPermission
.biltrewards.com/	1970-01-20 23:40:25	Name: _fbp Value: fb.1.1719049137040.696724214812339004

27 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.biltrewards.com/ Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 10) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 10) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 328) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 328) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/91cec475-5dce4e087a8c3674.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js(Line 58) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 10) Message: Refused to connect to 'https://pixel-config.reddit.com/pixels/t2_7lmxmkme/config' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 10) Message: Refused to connect to 'https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://www.biltrewards.com/_next/static/chunks/455-d14bbd4de2c4525f.js(Line 10) Message: Refused to connect to 'https://conversions-config.reddit.com/v1/pixel/error' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://sc-static.net/scevent.min.js(Line 1) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D&n3pc=true' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js(Line 41) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.gstatic.com/recaptcha/releases/KXX4ARWFlYTftefkdODAYWZh/recaptcha__de.js(Line 41) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://sc-static.net/scevent.min.js(Line 1) Message: Refused to connect to 'https://tr6.snapchat.com/p' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
network	error	URL: https://www.biltrewards.com/terms?_rsc=9hgrl Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
network	error	URL: https://www.biltrewards.com/terms/bilt-platform-terms-of-use?_rsc=9hgrl Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?dtstmp=1719049135071&aid=b-00ri&se=e30&duid=05e21e9a686e--01j0zn08pp1sdqqdyf3dz2epkg&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4&i6=MmEwMTo0YTA6MTMzODo5Mjo6OA%3D%3D' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://cdn.userway.org/widgetapp/2024-06-18-09-05-51/widget_app_base_1718701551140.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.tiktok.com
api.segment.io
api.userway.org
b-code.liadm.com
bilt.page
cdn.deviceinf.com
cdn.mgln.ai
cdn.plaid.com
cdn.segment.com
cdn.userway.org
connect.facebook.net
conversions-config.reddit.com
decagon.ai
eu.mgln.ai
events.framer.com
flags.biltrewards.com
framerusercontent.com
googleads.g.doubleclick.net
id.biltrewards.com
mgln.ai
o441793.ingest.sentry.io
pixel-config.reddit.com
pixel.tapad.com
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
sc-static.net
scripts.neuro-id.com
static.biltrewards.com
sync-transcend-cdn.com
tags.srv.stackadapt.com
tr.snapchat.com
transcend-cdn.com
tvspix.com
vitals.vercel-insights.com
www.biltrewards.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
www2.biltrewards.com
cdn.userway.org
conversions-config.reddit.com
pixel-config.reddit.com
rp4.liadm.com
www.redditstatic.com
104.81.60.131
108.138.7.78
13.33.187.112
142.250.184.196
142.250.184.232
142.250.186.67
142.250.186.98
143.204.207.250
151.101.1.140
156.146.33.138
172.217.16.194
172.66.43.60
172.67.136.129
2001:4860:4802:34::36
2600:1f14:5db:eb22:4a2a:1755:1e89:3db3
2600:1f18:730:b140:cf0b:aa48:ad16:3834
2600:9000:2490:800:d:ada1:a280:93a1
2600:9000:275b:aa00:19:2755:1280:93a1
2600:9000:275d:9a00:8:8845:1500:93a1
2606:4700:20::681a:2b4
2606:4700:20::681a:3b4
2606:4700::6812:6f8
2a00:1450:4001:82f::2003
2a00:1450:4001:831::2008
2a02:6ea0:c700::22
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42::396
3.160.150.114
34.110.183.245
34.111.113.62
34.117.79.164
34.120.195.249
34.160.241.76
35.157.157.150
35.190.43.134
35.241.5.91
35.81.90.104
52.202.134.190
52.223.52.2
54.70.128.238
76.76.21.123
76.76.21.21
99.81.186.60
99.86.8.175
011a15f100211230ccbf8ead1fdc3e7687018ad5eebb41e392282ad85adc371e
0313b0d078dfe6c7ab517c11404b0c01458469006fbf1a0d4d4c5e90517e54f8
03337e69f3ba0d92c0ee4e6336eab382bbb5ce99d425bc1c0092a9b8618df364
0514147a494bd526501ff2d456b64df556510ce233c49b900d8a7fad78db6417
0ca8160a692d2ede5ba928e6b91500ca2e3b41bce9f4da9ac974b7df22f03cfb
0d77c0ca71f84e8e1b82911c1c6e7ba7b5c192b1ce10bce9a8db97e08139e688
0ea53799d9235155729f269199568c5759ddd42d13bc9acd16d2d29fb4a6af7f
0feefca7e8ce6c3ebd31a7cfa3512c71c26cdefd210d2f74a5e89bbd839f622a
1195810cb67e308f37d3759ba7fbc7d8e298981d38a685f31c9c86ab2f7d8242
12ce72c5dd8a160d24d631751a8cac946705951d40e2138443784332c1fb4bc1
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
138491efc73fe612c6741a53f4d87034642453b09598bf4ed47e88c0a44d101c
14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7
14d839905fc43bb48e3a980a8567cb6a098ce4ff4f54e5f2f1119a8af19ab962
188768601044fa9d36f7e8318b53e650a64fb03b28c2b04eb8b99facdadce63e
193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4
1942035ce7ce741f7177c083ef254fd14a167a81020246d9d87a51377459fb5c
1a3491a27f8281f439af6dba39251dfcd1f056100e629c9a428265df9109f033
1ad5cbd82e3a7cf3ccd6a845dfc3553a53387f6fc00226442c468d9099a9ec71
1d6ec88f567df6145ff31cc4f634d8c576965b5572838f97f9de77af6c3d3239
202acd59e03fcb77117dc9236c520e2d05a94970cba9c7b5cb9a5b59b3044f31
20f77cc806e9b12931909006e7b7c0f3ef604448553127fb4840befb83e3dbdf
2169716ae730dc18571dd721fd342e5f82888b913b33a718cfc55f202d465db2
21c9cafe5eb7345319ef7da290e10b069ee08649da4caa285a8ece3059b10616
21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710
2326d7a2489ae158a664495981e4cec214da8fb4e6d6aa093fadc433486af3c2
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
298f8b36f4d49fc2be74afcdfc1672d55624fac2ba2d49b1c46071ca9a0ea2a5
29d3c8286a91c62982c3587e45983704c16c24f51271fda2dd69c3741b6b1b1d
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b2889d19a0ef33459e32d35e846a30a47d0f5b0c7ec34af17b166762140c30e
2b8064de6299cde596d64084ddb147c3a043b408abd56340c2a8256b495ec9d5
3355a88d5b25f2bae7bcfccdbdd05c6691cb2aee244c72d3410fc24d8fb484b6
36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585
37b0e3adcb423c67bf49bdd6d3dd0648efefa8d9e20480b0b29d46a19e4ba219
3975c47fff967119b9775089525647f5d497ea7257e51714513f6f256d3625fb
3a61375e44fd14535935364ba62f844371eb9fb77ad0e4437720086719fa0da7
3aa00d1215ad4c9fb018146aea862a2afd490de48a6639d084a1311f1fd0e036
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342
3deb77a8538750f753e001a34ab1d984ffcfa2431143e19e35b48407c31264f3
3e12cb695307b2703bce81c01aaeaf24cf0aa0602c8307458ea4f117719fb6ac
421cb37fc0471ba86d5bda3a10ef331d19e9bba1fb75ebf0a95d75d68086ae7c
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc
475a55edce361bad240a6408fa6267076a2d2b73dcef041aa280ec5c9467a286
484c4ee9d29985b8253fc7a491ccfd062160585ce79280d088e9877fb969bf15
494a146ffec032558a2c89bca94c444f5bd0ea6970b068b7448cc32de2dc9683
49b343928b1ecfd853bbabd42279e84443b766a99c97888e3cd1441944381023
4aaab72b09c5c1d7b90357e2b2dc8900b1fc21ba5cb318c82234310651538067
4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538
4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a
4b45f70cbcd6394f27df04bee4c1aca056efc2eee825131d1e377dc096e7ee14
4e0ea1029eab3b7c0bb3183eaa684b29064f2de371720317b8a35519fe26589e
4e1ef43961b370b7ea88ab88036ded79a35f8809fc3b92c1801c8420b4d81a31
4e5584b694243b45281227880c7fcf1bd876b4c9642e909fffdf5678e2e1b66b
4fd7bdd78f1e54f45a4a21f57679cb6fdf3aee47a8d71dd8852a4193eb9c4b60
4fe2c28d8627936146b3409c924fde52d8992d7899f9c13c2a10d10b922edffe
500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3
500ee0fc9dcd17ca71b3709172a4dddd674597fae73bc448e7fa1c49c337e33e
51b136f6f84fedaeb07360a1e92942da0ebe5ec5384541b530f86e42d19551f2
52960b56e4d4fbf39e5cae2833367131bb2354c69ab5d9eb296d82733f62923d
52ea1136d79c3a7ebe4f345fdec565e4bac855aeb6ae4dafb54b7b7f29edb881
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
573bfc190a504a69f04a584c5defa190fed41db4eba930b41007c47b0d8dba3f
5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427
5d9df2764c7d56ded13faf14e7235e19ae3232be0f54e8ddd60ed76e6339f3af
5e1c5b6167bc4b4c9ddd0424ac6d398d6bdee7da37d0f24dd0327b38d99023ef
5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312
6089ff6068ba58f811c9bd97012b755c5481801e4dede1cc0dc871967959ca1c
60d36b92039d0fe2ed213c99dada4ca575c5895e7110b4b2660aa4968fe293c2
610ac12bb1be1f6e8060140872b103525aadd80c221812bcabd554bc2f2e34b7
612ad04469fba362238294e47106a2e6061ef90c111851c0cdcae2e3ee27a6bb
6162a259efcc903ece88a8301a46b44e3a77c220b3752c01eb02caa0af358870
6266e044e9d67f5e08c39dec30aeb2c9ffc3dbf6c837a6f60da52b050b474794
62c08a47b9c1ea92ff71f00169d06efb448ca8776fcb802eec4cabbfa2330b7b
62fdba95c5081c72a84ddf4c46866cddd20bcde4c65e2514eb6dc0ab6dbb811c
63caa836b6ba19a09dc60ac7db5373c9d23009aeb364e296abbda94909e02395
64a682d09e22f72c124f301d043a75f56b14238959bb1f06853663a3e570119f
650d19b695e2f03bf1e362abecf36f676ee56550db3f41185d356ce838a5902b
6711527fd25adcf240b3ec1d760630d37024a90f9e0ce86fdcfe954ea6d40308
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
683b6674782995c6728baee97f4d2cbc8a5c3e816eb3fbcf1688c349dfc139d1
69a7b7578b8179a9e3ca7501a0f078204fa83e03d7611a427a612c884a257e6f
6aaebe577c186a50a1a101fc8b8d3717037e9e06b04411aaa1ab6181ca7820bb
6c6973b84c78083006d4f2167ed3cbc6f6469cdf819a0474abfa40b91a3699c8
6c8c90b357504a1f42080e1d72b9bf9a74cf7ebf2e6b5b56472be2d1ca73cff0
6e0f94a2636f15c141ede374e49a58605533f10ba382fb187145bfa14d747fd0
6e7cf16d4cf4ae924a5effe760d503d3dfe27fd40196dc3dd1da25aa35e6463d
6fce5a0604a6267ad769dd5e7afbfcf8bd0390897f682aec71f6307999a5b67e
703d80f8e6118ff0777dd678b1569301fd30596d7e1bd97ed883c24d242b96a5
757b912d4f48aaaf2053af5f00cd45e1ad23de29249de67f7a96cc9b6ac70a0d
7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
789440ff83f880c051a7291e2144aaea7bbcd22b6e48b8c802bbba42b925f33f
7a6e79744a7d6d2fcff9e47bba4e54a54ad1a6b3a7da29bebcc38055b48a6555
7b2faec4335de81abbf1ebf794f91a4f2b870b317093448b84082b5f411c741c
7b54954f42c244b6469b41796790bf3a73ef8dea90df796de72700e338510b7a
7be741b4a7fd270fceaeef9ab0eacb2f2388768640f57fa6d73a45a38442a20d
7c09dc696c210431b85a1336a790bee42caba2a82b0562193019460a9cd0511f
7c3f289c3c7e8243b778f2a5dbd0019295ed9735bc7f177fdc614456f4efd442
7d46554b1ec9ba44cd027945b42335477ad77025ec30b7f303e11a89f9cb0bfe
8350d4a28c626745a84ef55f886aed54bd77fc6b6b997ea9af7d2b45c64c47f0
83aabe649060a7e2ae2d90805d2e69bfcb75b54156056654bea6e44ef5487d72
84db3bb8b28d58bd9f6221bc2f6803b15dc6cf67d995fd72646bf6afa91e7782
8580df1ebad232b889f390a02b08a578e186116c464b93fd8e9156cd9333091c
8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee
89d7ac5e70c89011e4f6624ede8f1b6f71065286e6964fccff6bd8210c7aef3e
9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2
95305ed6d32b63aa16209f1b84efbf350fe190e94ffeaef272b9e66712d72844
963f38b2c0afc634b8f7464bb1205b99bb927e3de192ecd9bbc7950ed544d0ab
990fba98068c77b0616f1d04a1df3ae1e0b6a0fe19809beb34864ab99044ba78
9ce46acefa37fdb6c3e82848ca0d9df1ab1c3e0ebaa9e13333bea9cc06a0417a
9d447bee8eb8d321fe2e3f829e2124e5787c3bac7296b177403874ae0a299292
9dd316606967a03abedcf35c83300f9763241b13a2066f67dabff0573def70e5
9e16d83a2c1724e2cbfd819c46e35e26b7911de8678342fc0d6a00e277764306
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c
9f2de267caf2c16b77c75714244dca82f24cbad55ac1ebe2a521478f0f80d96c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a24e1d533fa7898b393c136b75936b4e48878326fa67a1924ea38991a6a0171b
a3d3b82848a897cca8674d4bc3068c3ce45a2becbf4998cbc9515664c34a322e
a458efbeb06b8b8de77ef153bf6b16620faef28fad8c0d73bef6d7ae3360d72f
a500071897a30f33c4e6e6cf948cab97235367df9e558963285fbf58eab7e248
a6bb9b1ce179bb2b03d1d257e893aadf01dd3880872f7b63cc9c78c9440a644f
aa3a40b1584de88702a437e11601cbc67d35701f29139d86dbf7b620657a8888
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab32bc58349446cd3c8761af45640b13ed01073a6553e5779a9b03852d591ca4
ac7c3dd84f3cd7cafadf1b5e77814c98d0439c1fe96f5eaf81f2370d2d155d4e
addfa40b0e2d8f0492a9b1d8ff3e8e68c3f154fbf166cef3225fdebdbc38f9a9
ae3cd625206f3b22398ce3e5ffcc22c2a6ff95a535e7c4addbfb7e7e2d146ace
aeae3d036279fd7de7b67823163592b50baa4c5ed642cd187013b3dc1977d8b7
af53dde1fe93925a0b70f4fc9501ccc97ea5b888ef6c746d94185f2ed739e5f0
af579449c699ae38f8549823d30a2431f10ff142d8b8a7b020c3c3fa657afb04
b02546b57554da630a4827a7755b1f72d22374513f811dc0590ebe942758cbfa
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac
b23080a581fce2c39cc64439ea784226a4a6e2ed79736690f5af9ea5226f9b60
b27e2ff6dcd76549f2f66acf69dbcc8a5dcc53af127a14ac4e5d33adcd18cde7
b44fba50cfe4f65d7064ea44d718ca944a543a21523a1199f54b51267b382aaa
b6f4991669d6ea1940677643d7de78a35d53b2eb8c7857d4596071f83b08a287
b758c20d70f6b20fa85f31c23b9dea1ad5551a1cfd9ed56485c63cc592b2a15b
b7b48e76ac20a8506f11556b83cbbc3da9ed6d26be2b200c37395efc4acb54da
b7b8ac25904dcb445701b5d1efa127727723d8d9e7f440457f12ca5d3b26c9b5
bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733
be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8
c2d083746b9291aec11159af347860a04ca0126eda5bf63ec5404ccd797f9e03
c3041035d4df7dabf7fc7f0f2751666758cabfa9cba703be2a3763b213bfaecf
c4364793c025ac994a20ca914390c6149d96d04d49e899c1f2841b86403085d5
c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c
c5b3b178dc8df3767511096744a36ee3edcee7ed62be5f8504244e6b70cf7398
c9ea60675037dce0df08f2176c1aae4a77109ebbde2731de6a1c2877cf25d385
ca764b5867087d3c5ffc2bb0497a50b2ecf18ae7252169951ec97e18a592973d
cab6ffebb60ef24afad18a44f8a883f8de24b2adc5105f34ec74123721d7e200
cb4e961da6f8de98af0cb8f8c45675b0afab26bcd6e7d81bb5879bb06f370d9a
cb827af49284733662d398bf4818138a436923da9ba38393931ac0ac53e013ee
cc57203ea0b8a86aba51ea18bb78f7a9e511c2dc24dd2a7b689f29b9df7242a9
ce4c7c19ed3cd34764cbb45b14076b5abccba41cc04082ef4da748693431f77e
ce5ba9175b06a09cbcf8a19a531d9b73387910d84102e3f1f2485b9174bc4387
d2086fef391221a13d759836370ef5bae70c15e1389eb6504dc3a31c987e0a88
d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c
d376c9595e16045188b228567a68bec78396ca47faecc5f04c3495ab7a5ab59b
d3ef83f7563159fa039d4607edcc39c0b0e1387a9788675395070023dcbe520d
d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb
d5b50801dc641fb1e2b950c09696a2aa30adc1551b5dbc274b99bd365e57cdd8
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
d9420833dd5b3eb3c599e0c280e827fe95cc9110f019096fa10c0ecc13afcd1c
da70c773cd3a8d489bad7c03fb89b63053843aa52c0545749df089a08e64f78f
dae52125e7587a0e2bd0cd579b739afb5489f1eb9c28e2fd7e1ab1e18c1424d9
db8dee9ad499fb9b623de94c004b284d5529c842c2822340d4ad2f2f8f44968c
db9c28d70f03728ad94c11d34cea446ed992aaa6167344d3eb362379f7fdaaf0
dbf408b4b3dfd2f8d8eb0aeb6b7edbd058145baef0e6a6f66c5cdfae60ea6129
dd1279a52d09db441ebf5dc664fb7f6a3c2eb560d12090f18eecdb47bba9258e
e2628607af9160831d1be050c423b5d540cee1998baffcc7db73d6c7f9fed3c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e498946ef2d00f12cbf3c4f8c8be6bb8fb9ffa990944630f6d259acde57cf999
e53275f385e2028b72ff5befb16d9c572ce15af0acbdad0b6a883727eea7fe7c
e602b9865a51d84c8e4c24b7e6c45c6b68b429fd4b9a1a520a2a43a13b80a81a
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99
e89e060a5fbaf33c2384ec566de329536cb538cf6aa813f307976510270cd92f
ea9ed2f612e41fcd700060fad5eff94165c56fb549e6334173177b4a540a5a9d
ecb6a4d933a00cfe52f85667db28eda1780e587a99b82356d51da319d6393b1a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efea5bf59f773b24358d170be8bbce8d89be5fd91e3ca7b857fe40cf0cc2786d
eff87b0205e1ebe55ca731239b15df7b48583b9015ce78cb50a886a97e8b1be8
f055a73d3fe13b7d925ba16aafa34752b4eb2d189e090582bafe9175201a300c
f0757d938e68130aee5b0839ac25d02f21f5432dd5759e3cbe25bb94949c42c6
f0e937e654fc07b9187dfc8650d2cf9bc3f9f595ceddba60e26733e9bec02a48
f1cb3329ff7fd33266cf9cccb78db005f7debfb81c04064dc99027e70ae802b1
f3c4632be2409cc3e97373cd22fbef8e443e86360c18c6e8117a95da6575b30e
f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1
f5c11b2faacb090663dba1dbdd9ac247f815004deb2c0fb69748b1f596631651
f785d914fb2dd3f484f2a7fc7fc0a50642ea90be14325b4ac8b644b184c924a2
f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98
fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47
fa7e514331c85e2bff2ab629fc901146eaec70a8fbfd84ee6dc9242dbb9d0030
fac6af60a4c6c2e8f540ae939737994e3202aa41767ed368ce43824a80ac5fc4
fbae4ca2b9bfa35c988e17cda52739ebb5fccae54aadcbd3bd60ea685d8f7db3
fd438b7b60f7bc26c93c1f85ee28415519bfc6ead5b02c08cbfe51ffc8bea846
ff54e9b2209db7e90df95ee8523a1176d4c14d06b413cc817dfbbda6d64a03e1
ff65c7581b6b14184d2d6ab9ebe9416b06fcbb86c3a7a32ca30b3bc7871256a4

www.biltrewards.com Open in urlscan Pro 76.76.21.123 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

261 Requests

95 %HTTPS

33 %IPv6

34 Domains

45 Subdomains

43 IPs

4 Countries

4943 kBTransfer

16011 kBSize

36 Cookies

12 Outgoing links

Page URL History

Redirected requests

261 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.biltrewards.com Open in urlscan Pro
76.76.21.123 Public Scan

Screenshot
Live screenshot

Full Image

261
Requests

95 %
HTTPS

33 %
IPv6

34
Domains

45
Subdomains

43
IPs

4
Countries

4943 kB
Transfer

16011 kB
Size

36
Cookies

261 HTTP transactions
16 data transactions