www.biltrewards.com Open in urlscan Pro
76.76.21.22 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.biltrewards.com/
Effective URL:
https://www.biltrewards.com/
Submission: On May 04 via api (May 4th 2024, 5:39:02 am UTC) from US — Scanned from DE

Summary HTTP 226 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 31 domains to perform 226 HTTP transactions. The main IP is 76.76.21.22, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is www.biltrewards.com. The Cisco Umbrella rank of the primary domain is 124603.
TLS certificate: Issued by R3 on March 22nd 2024. Valid for: 3 months.

This is the only time www.biltrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
36	76.76.21.22 76.76.21.22	16509 (AMAZON-02) (AMAZON-02)
2	172.67.136.129 172.67.136.129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.42 13.33.187.42	16509 (AMAZON-02) (AMAZON-02)
1 5	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
9	172.66.43.60 172.66.43.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 20	34.110.183.245 34.110.183.245	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1 8	2606:4700:20:... 2606:4700:20::681a:2b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
1	44.239.238.248 44.239.238.248	16509 (AMAZON-02) (AMAZON-02)
1	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
1	35.71.142.77 35.71.142.77	16509 (AMAZON-02) (AMAZON-02)
5	35.241.5.91 35.241.5.91	15169 (GOOGLE) (GOOGLE)
2	34.160.241.76 34.160.241.76	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
12	2a02:6ea0:c70... 2a02:6ea0:c700::21	60068 (CDN77 _) (CDN77 _)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	63.35.74.145 63.35.74.145	16509 (AMAZON-02) (AMAZON-02)
25	2600:9000:249... 2600:9000:2490:1200:d:ada1:a280:93a1	16509 (AMAZON-02) (AMAZON-02)
3	3.160.150.112 3.160.150.112	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
5	104.90.205.74 104.90.205.74	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	3.121.4.172 3.121.4.172	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:275... 2600:9000:275d:2c00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
2	108.138.7.11 108.138.7.11	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
5	2600:1f14:5db... 2600:1f14:5db:eb11:11e:cd7:8931:11bf	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2600:9000:275... 2600:9000:275b:7800:19:2755:1280:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.12.47.65 52.12.47.65	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:7f8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
1	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
2 2	2600:1f18:730... 2600:1f18:730:b140:47a5:73d7:3529:3e20	14618 (AMAZON-AES) (AMAZON-AES)
2	3.222.51.241 3.222.51.241	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2a02:6ea0:c70... 2a02:6ea0:c700::18	60068 (CDN77 _) (CDN77 _)
226	40

36 76.76.21.22 (Walnut, United States)

ASN16509 (AMAZON-02, US)

www.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.136.129 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.deviceinf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-42.fra60.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.68 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.66.43.60 (United States)

ASN13335 (CLOUDFLARENET, US)

transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 34.110.183.245 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 245.183.110.34.bc.googleusercontent.com

id.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o441793.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:2b4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.239.238.248 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-238-248.us-west-2.compute.amazonaws.com

tvspix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

decagon.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.142.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0b1d980e1f2226c6.awsglobalaccelerator.com

www2.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.241.5.91 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 91.5.241.35.bc.googleusercontent.com

static.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.160.241.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.241.160.34.bc.googleusercontent.com

flags.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:6ea0:c700::21 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.35.74.145 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-74-145.eu-west-1.compute.amazonaws.com

vitals.vercel-insights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2600:9000:2490:1200:d:ada1:a280:93a1 (United States)

ASN16509 (AMAZON-02, US)

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.160.150.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-112.fra60.r.cloudfront.net

events.framer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.90.205.74 (Barcelona, Spain)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-90-205-74.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.121.4.172 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275d:2c00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.7.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-11.fra56.r.cloudfront.net

framerusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f14:5db:eb11:11e:cd7:8931:11bf (Boardman, United States)

ASN16509 (AMAZON-02, US)

api.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:275b:7800:19:2755:1280:93a1 (United States)

ASN16509 (AMAZON-02, US)

scripts.neuro-id.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.12.47.65 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-47-65.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f8 (United States)

ASN13335 (CLOUDFLARENET, US)

sync-transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.195 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:730:b140:47a5:73d7:3529:3e20 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.222.51.241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-51-241.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:c700::18 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn77.api.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
64	biltrewards.com 1 redirects www.biltrewards.com — Cisco Umbrella Rank: 124603 id.biltrewards.com — Cisco Umbrella Rank: 160987 www2.biltrewards.com — Cisco Umbrella Rank: 618697 static.biltrewards.com — Cisco Umbrella Rank: 187738 flags.biltrewards.com — Cisco Umbrella Rank: 166094	2 MB
27	framerusercontent.com framerusercontent.com — Cisco Umbrella Rank: 48904	1 MB
21	userway.org cdn.userway.org — Cisco Umbrella Rank: 3155 api.userway.org — Cisco Umbrella Rank: 3077 cdn77.api.userway.org — Cisco Umbrella Rank: 6160	218 KB
9	transcend-cdn.com transcend-cdn.com — Cisco Umbrella Rank: 14041	145 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 1845	64 KB
8	mgln.ai 1 redirects cdn.mgln.ai — Cisco Umbrella Rank: 40655 mgln.ai — Cisco Umbrella Rank: 19858 eu.mgln.ai — Cisco Umbrella Rank: 69158	5 KB
5	liadm.com 2 redirects b-code.liadm.com — Cisco Umbrella Rank: 3700 rp4.liadm.com — Cisco Umbrella Rank: 6119 Failed rp.liadm.com — Cisco Umbrella Rank: 1319	38 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 712	156 KB
5	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	951 B
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2777	9 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	377 KB
3	framer.com events.framer.com — Cisco Umbrella Rank: 57202	16 KB
2	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	85 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 126	19 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	72 KB
2	neuro-id.com scripts.neuro-id.com — Cisco Umbrella Rank: 118169	48 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 493	1 KB
2	gstatic.com www.gstatic.com	203 KB
2	sentry.io o441793.ingest.sentry.io — Cisco Umbrella Rank: 165127	373 B
2	deviceinf.com cdn.deviceinf.com — Cisco Umbrella Rank: 232915	99 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	273 B
1	google.de www.google.de — Cisco Umbrella Rank: 7810	64 B
1	sync-transcend-cdn.com sync-transcend-cdn.com — Cisco Umbrella Rank: 32177
1	segment.io api.segment.io — Cisco Umbrella Rank: 1425	177 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2533	257 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1376 conversions-config.reddit.com Failed	637 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1160	12 KB
1	vercel-insights.com vitals.vercel-insights.com — Cisco Umbrella Rank: 13185	166 B
1	decagon.ai decagon.ai — Cisco Umbrella Rank: 46101	1 KB
1	tvspix.com tvspix.com — Cisco Umbrella Rank: 14862	194 B
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 14323	43 KB
226	31

	Domain	Requested by
36	www.biltrewards.com	www.biltrewards.com
27	framerusercontent.com	www2.biltrewards.com
20	id.biltrewards.com	1 redirects www.biltrewards.com www2.biltrewards.com id.biltrewards.com
12	cdn.userway.org	www.biltrewards.com cdn.userway.org www2.biltrewards.com
9	transcend-cdn.com	www.biltrewards.com transcend-cdn.com id.biltrewards.com
8	cdn.segment.com	www.biltrewards.com cdn.segment.com
6	mgln.ai	1 redirects www.biltrewards.com
5	api.userway.org	www.biltrewards.com cdn.userway.org
5	analytics.tiktok.com	www.biltrewards.com analytics.tiktok.com
5	static.biltrewards.com	www.biltrewards.com id.biltrewards.com
5	www.google.com	1 redirects www.biltrewards.com id.biltrewards.com www.gstatic.com
4	cdn77.api.userway.org	www.biltrewards.com
4	tags.srv.stackadapt.com	www.biltrewards.com tags.srv.stackadapt.com
4	www.googletagmanager.com	www.biltrewards.com www.googletagmanager.com cdn.segment.com
3	events.framer.com	www2.biltrewards.com
2	rp.liadm.com	2 redirects
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	cdn.segment.com www.googleadservices.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	scripts.neuro-id.com	www.biltrewards.com scripts.neuro-id.com
2	rp4.liadm.com	www.biltrewards.com
2	pixel.tapad.com	2 redirects
2	www.gstatic.com	www.google.com
2	flags.biltrewards.com	www.biltrewards.com
2	o441793.ingest.sentry.io	www.biltrewards.com id.biltrewards.com
2	cdn.deviceinf.com	www.biltrewards.com id.biltrewards.com
1	www.facebook.com	www.biltrewards.com
1	www.google.de	www.biltrewards.com
1	sync-transcend-cdn.com	transcend-cdn.com
1	api.segment.io	www.biltrewards.com
1	region1.google-analytics.com	www.googletagmanager.com
1	alb.reddit.com	www.biltrewards.com
1	eu.mgln.ai	www.biltrewards.com
1	b-code.liadm.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com www.biltrewards.com
1	vitals.vercel-insights.com	www.biltrewards.com
1	www2.biltrewards.com	www.biltrewards.com
1	decagon.ai	www.biltrewards.com
1	tvspix.com	www.biltrewards.com
1	cdn.mgln.ai	www.biltrewards.com
1	cdn.plaid.com	www.biltrewards.com
0	conversions-config.reddit.com Failed	www.biltrewards.com
226	42

This site contains links to these domains. Also see Links.

Domain
instagram.com
twitter.com
facebook.com
youtube.com
www.linkedin.com
legal.biltrewards.com
biltrewards.zendesk.com
bilt.page.link
biltrewards.com
www.biltalliance.com
newsroom.biltrewards.com
allyant.com

Subject Issuer	Validity	Valid
www.biltrewards.com R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh
deviceinf.com Cloudflare Inc ECC CA-3	`2024-01-08` - `2024-12-31`	a year	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
transcend-cdn.com GTS CA 1P5	`2024-03-20` - `2024-06-18`	3 months	crt.sh
id.biltrewards.com GTS CA 1D4	`2024-03-07` - `2024-06-05`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
mgln.ai E1	`2024-04-07` - `2024-07-06`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
tvspix.com Amazon RSA 2048 M03	`2024-03-25` - `2025-04-24`	a year	crt.sh
decagon.ai R3	`2024-04-27` - `2024-07-26`	3 months	crt.sh
www2.biltrewards.com R3	`2024-03-16` - `2024-06-14`	3 months	crt.sh
static.biltrewards.com GTS CA 1D4	`2024-03-13` - `2024-06-11`	3 months	crt.sh
flags.biltrewards.com GTS CA 1D4	`2024-04-18` - `2024-07-17`	3 months	crt.sh
1667503734.rsc.cdn77.org R3	`2024-02-27` - `2024-05-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
vercel-insights.com Amazon RSA 2048 M03	`2023-08-23` - `2024-09-19`	a year	crt.sh
framerusercontent.com Amazon RSA 2048 M02	`2023-12-18` - `2025-01-14`	a year	crt.sh
events.framer.com Amazon RSA 2048 M03	`2024-04-09` - `2025-05-07`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.liadm.com Amazon RSA 2048 M03	`2023-12-02` - `2024-12-29`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
api.userway.org Amazon RSA 2048 M03	`2023-09-02` - `2024-09-30`	a year	crt.sh
*.neuro-id.com Amazon RSA 2048 M01	`2023-06-27` - `2024-07-25`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
sync-transcend-cdn.com E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-11` - `2024-05-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
1784939676.rsc.cdn77.org R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.biltrewards.com/
Frame ID: F7702FC511C7E4653E756062375362EB
Requests: 118 HTTP requests in this frame

Frame: https://www2.biltrewards.com/
Frame ID: EA8977E4B8FAEFE52A891B8415E34D68
Requests: 89 HTTP requests in this frame

Frame: https://id.biltrewards.com/login/iframe/userdata/
Frame ID: 322B97EB90AA4A7C7F2943539D5A178E
Requests: 26 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=zexs09iysqu2
Frame ID: 312901EB0A1F78D2C39F53E24E7928D0
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly9pZC5iaWx0cmV3YXJkcy5jb206NDQz&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=4i0j4tm6ap2i
Frame ID: 906F39E135B27718CD965E9D367A3655
Requests: 1 HTTP requests in this frame

Frame: https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
Frame ID: 765C02365F5C0A55208AC79E48FEE421
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bilt Rewards

Page URL History Show full URLs

http://www.biltrewards.com/ HTTP 307
https://www.biltrewards.com/ Page URL

Detected technologies

DatoCMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+https://www\.datocms-assets\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

UserWay (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.userway\.org/widget.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+recaptcha

Page Statistics

226
Requests

79 %
HTTPS

37 %
IPv6

31
Domains

42
Subdomains

40
IPs

4
Countries

4249 kB
Transfer

15750 kB
Size

30
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://instagram.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://twitter.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://facebook.com/biltrewards

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCCJoaLWfOJeBx6fD8K58nuQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/biltrewards

Search URL Search Domain Scan URL

URL: https://legal.biltrewards.com/policies
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://biltrewards.zendesk.com/hc/en-us
Title: Help Center

Search URL Search Domain Scan URL

URL: https://bilt.page.link/app
Title: App

Search URL Search Domain Scan URL

URL: https://biltrewards.com/p/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.biltalliance.com/
Title: Bilt for Real Estate Partners

Search URL Search Domain Scan URL

URL: https://newsroom.biltrewards.com/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://allyant.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.biltrewards.com/ HTTP 307
https://www.biltrewards.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://id.biltrewards.com/login/iframe/userdata HTTP 308
https://id.biltrewards.com/login/iframe/userdata/

Request Chain 128

https://mgln.ai/pixel/sync.gif HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=3c624bc6-b160-4f46-bc58-b5bb3976170e&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=3c624bc6-b160-4f46-bc58-b5bb3976170e&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://eu.mgln.ai/pixel?tapad_id=d3c02cd4-f86c-44ad-b309-f0d1b72e6a76

Request Chain 190

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Request Chain 216

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Request Chain 221

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI3KTqhKTzhQMVYZn9Bx3ZRwU_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8 HTTP 302
https://www.google.com/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI3KTqhKTzhQMVYZn9Bx3ZRwU_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqUd60_EkCEjhpwmcgsWkU5wTyqj_htA&random=4183092879&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI3KTqhKTzhQMVYZn9Bx3ZRwU_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqUd60_EkCEjhpwmcgsWkU5wTyqj_htA&random=4183092879&resp=GooglemKTybQhCsO&ipr=y

Request Chain 222

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Request Chain 224

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Request Chain 225

https://rp.liadm.com/p?dtstmp=1714801136748&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 302
https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136748&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Request Chain 226

https://rp.liadm.com/p?dtstmp=1714801136751&aid=b-00ri&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ4MDExMzYxNjUmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgxMXNtLi4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0ODAxMTM2MTY1JmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4 HTTP 302
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ4MDExMzYxNjUmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgxMXNtLi4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0ODAxMTM2MTY1JmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136751&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

226 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.biltrewards.com/
Redirect Chain

http://www.biltrewards.com/
https://www.biltrewards.com/

75 KB
12 KB

305ms
269ms

Document
text/html

76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

c1554e4093c2f321c2fc93d0bc5dcad3f1ff5a3c7031e45917443854b72274bb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-type: text/html; charset=utf-8
date: Sat, 04 May 2024 05:38:54 GMT
referrer-policy: origin
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-content-type-options: nosniff
x-matched-path: /p/homepage
x-powered-by: Next.js
x-vercel-cache: MISS
x-vercel-execution-region: cle1
x-vercel-id: fra1::cle1::v4ddx-1714801134675-81419232be1c
x-xss-protection: 1; mode=block

Redirect headers

Location: https://www.biltrewards.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 webpack-eaff5b43bb74cbbd.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 11ms
11ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/webpack-eaff5b43bb74cbbd.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c2b94cfc4eef447336e5dfa65487b6920554809090d4ffb57dd3c8a0b4663634

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="webpack-eaff5b43bb74cbbd.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::27sbz-1714801134962-9a8c6f4ea070
x-matched-path: /_next/static/chunks/webpack-eaff5b43bb74cbbd.js
etag: W/"4a0e0b5f6bf30296433f60de3024ee37"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 0a08d48a-2ea4280064791d1b.js Show response
www.biltrewards.com/_next/static/chunks/ 168 KB
57 KB 13ms
12ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

f20718ca51aea7b5bd511449b7a3ffc49978f7f57999dd7c6a0408e807f00d01

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33128
content-disposition: inline; filename="0a08d48a-2ea4280064791d1b.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::2zf7s-1714801134962-9b5904f1bad8
x-matched-path: /_next/static/chunks/0a08d48a-2ea4280064791d1b.js
etag: W/"85b86442bce54e0325c3860f9ae03d04"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 773-7b29dafc6951bbfe.js Show response
www.biltrewards.com/_next/static/chunks/ 136 KB
42 KB 35ms
31ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

70e96ea74dd811ed8f8d7fe473ec308bbdb8b19553127dcb83311541c4130dae

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 8999
content-disposition: inline; filename="773-7b29dafc6951bbfe.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::grt7f-1714801134969-e66199a6be48
x-matched-path: /_next/static/chunks/773-7b29dafc6951bbfe.js
etag: W/"b3237ac6013887110d439378c23b131d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 main-app-9b513725bcf27319.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 55ms
51ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/main-app-9b513725bcf27319.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5d44bbfdb856118b71f8bad2814cc93683ae7316dbf5feb54946bd4e1f15d024

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33487
content-disposition: inline; filename="main-app-9b513725bcf27319.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::z24tg-1714801134969-13bdc59a71be
x-matched-path: /_next/static/chunks/main-app-9b513725bcf27319.js
etag: W/"c34c46195dbcb08c7f6b16055f192da7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 2708-e727d10e5aa82995.js Show response
www.biltrewards.com/_next/static/chunks/ 40 KB
16 KB 36ms
33ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/2708-e727d10e5aa82995.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

08a3938cb627d9c510cb612fa8183cc339b4efc1f11d141c86561d481d16bbed

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 10520
content-disposition: inline; filename="2708-e727d10e5aa82995.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::zzmcm-1714801134969-dcd9b66e1bf2
x-matched-path: /_next/static/chunks/2708-e727d10e5aa82995.js
etag: W/"ea813893e68373e0ad22bb12ac6f9623"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 global-error.page-ac930ba7bffc21f9.js Show response
www.biltrewards.com/_next/static/chunks/app/ 6 KB
5 KB 39ms
35ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/global-error.page-ac930ba7bffc21f9.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

23a5f5ef3e68c6e8584a806ba3c1276eb4e49a36de52d9c21303d2b1435ad13b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 14531
content-disposition: inline; filename="global-error.page-ac930ba7bffc21f9.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::twslk-1714801134969-5d3d099be061
x-matched-path: /_next/static/chunks/app/global-error.page-ac930ba7bffc21f9.js
etag: W/"da720141022d43b525764507c373e65b"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 a1377a71-a61eaf683f67cca3.js Show response
www.biltrewards.com/_next/static/chunks/ 120 KB
41 KB 17ms
13ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/a1377a71-a61eaf683f67cca3.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

14ce4e2c8340c041c53de976a7b371785493e98fa84f57957f9a92e7a8046e67

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="a1377a71-a61eaf683f67cca3.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::2lnfs-1714801134969-38e1d1011265
x-matched-path: /_next/static/chunks/a1377a71-a61eaf683f67cca3.js
etag: W/"276a4e4db7ff1fb0f1993b7c9c0e56ac"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 6851-dde6b02ebd6f186e.js Show response
www.biltrewards.com/_next/static/chunks/ 37 KB
17 KB 46ms
43ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/6851-dde6b02ebd6f186e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dee84f70b223c706aee2e8509f8a16a3c99d5a3dcd1fa440d0417db8d6ee1792

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="6851-dde6b02ebd6f186e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gm5kn-1714801134969-7437db3e2175
x-matched-path: /_next/static/chunks/6851-dde6b02ebd6f186e.js
etag: W/"68066f16d7c922eb69f3540940f9175a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7883-869763b70811cfae.js Show response
www.biltrewards.com/_next/static/chunks/ 15 KB
8 KB 17ms
14ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7883-869763b70811cfae.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5b4fdc71b907c8b40b093cffa977415257b82282d0fb32448e1306f030d64345

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 5410
content-disposition: inline; filename="7883-869763b70811cfae.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::grt7f-1714801134969-7ba234d95a98
x-matched-path: /_next/static/chunks/7883-869763b70811cfae.js
etag: W/"29fefa3f14456612136fef0048904c51"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8648-ff2c18640162f9ed.js Show response
www.biltrewards.com/_next/static/chunks/ 8 KB
6 KB 50ms
47ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8648-ff2c18640162f9ed.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

6ffe2bffedc44cab8178c5bc51fcce8b301a69d70ed8542cfb21bc7b307af60f

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 20309
content-disposition: inline; filename="8648-ff2c18640162f9ed.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gprc8-1714801134969-59a67a5b46cf
x-matched-path: /_next/static/chunks/8648-ff2c18640162f9ed.js
etag: W/"d1eb2c5e5f8c671321abf32d5ec8f5f5"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8609-8109a9ec75940849.js Show response
www.biltrewards.com/_next/static/chunks/ 268 KB
88 KB 43ms
40ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

faf2bc4a9d3e932166c102a727ca4aa42e7c95b67ec8dd424523da14089cfef2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="8609-8109a9ec75940849.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::z24tg-1714801134969-cb443f36e0fd
x-matched-path: /_next/static/chunks/8609-8109a9ec75940849.js
etag: W/"c2c223dd9bdd1dd4ee8a7276aa3120a2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7279-f60712c7e75d327a.js Show response
www.biltrewards.com/_next/static/chunks/ 94 KB
35 KB 17ms
14ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7279-f60712c7e75d327a.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8a61f145dffddc6b27774d52e30904da844103ae0d0e635c3ee3c3807907c07b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="7279-f60712c7e75d327a.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::2zf7s-1714801134971-d7f237daddc1
x-matched-path: /_next/static/chunks/7279-f60712c7e75d327a.js
etag: W/"284d18e87be809a19f10832ba30ce598"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 5211-102eb2c74eeee23d.js Show response
www.biltrewards.com/_next/static/chunks/ 172 KB
60 KB 56ms
53ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/5211-102eb2c74eeee23d.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

229c48f80c1ccba052790eaa4caa79743c358eae69adb9e06e75b3653bd9176a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="5211-102eb2c74eeee23d.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::xzx8p-1714801134974-f2ea2a492150
x-matched-path: /_next/static/chunks/5211-102eb2c74eeee23d.js
etag: W/"aff124bb8b1040387ee3226427b9d110"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 5935-2bec4673ee277813.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 55ms
52ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/5935-2bec4673ee277813.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4f0723c4f61bf24d6caa0f3c88c0ff696d701fdcc002882e75d3849b147c36eb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="5935-2bec4673ee277813.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::xzx8p-1714801134973-117b970f5d90
x-matched-path: /_next/static/chunks/5935-2bec4673ee277813.js
etag: W/"3d2f780e38c5982f02299428ebf9f3d2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1199-d8354150ba2301a7.js Show response
www.biltrewards.com/_next/static/chunks/ 44 KB
19 KB 23ms
21ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1199-d8354150ba2301a7.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7746ece790029046b24f2a25796fcaa152efe875c7a8641358088ba857e53157

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="1199-d8354150ba2301a7.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::8b64z-1714801134971-7a9b1f053d0b
x-matched-path: /_next/static/chunks/1199-d8354150ba2301a7.js
etag: W/"6e47846cd7dc32ecdb9fd9cee0a25dec"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7423-eea4e0fb8c785eab.js Show response
www.biltrewards.com/_next/static/chunks/ 17 KB
9 KB 30ms
28ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7423-eea4e0fb8c785eab.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

dc2039eaa8cdec894f2d425e26ac4233e0bc86f4591185097efb4b79a659f083

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 31089
content-disposition: inline; filename="7423-eea4e0fb8c785eab.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::lnqbz-1714801134971-c63217fa209f
x-matched-path: /_next/static/chunks/7423-eea4e0fb8c785eab.js
etag: W/"648baa226f034526c6004bb818fa0c75"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8663-089373e8d4fb293d.js Show response
www.biltrewards.com/_next/static/chunks/ 8 KB
6 KB 35ms
33ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8663-089373e8d4fb293d.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

01f0e7ce17811d478287a5fd73ca4f82c24c94410b1b5df90537d395ff4cf41b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 8999
content-disposition: inline; filename="8663-089373e8d4fb293d.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::4ltr8-1714801134971-a9e122f879f9
x-matched-path: /_next/static/chunks/8663-089373e8d4fb293d.js
etag: W/"ea977c6d269180c7020c12d6acded3c3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 6418-1c0d2e03f7711547.js Show response
www.biltrewards.com/_next/static/chunks/ 28 KB
12 KB 28ms
26ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/6418-1c0d2e03f7711547.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

1c5e56aecce66d242f6dd521d8e4eb60495e9f3ebfe476532ac0675d5e0821ba

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="6418-1c0d2e03f7711547.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bm7d7-1714801134971-480cc9f78226
x-matched-path: /_next/static/chunks/6418-1c0d2e03f7711547.js
etag: W/"697706671478611984f5d320b763786a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 4193-6601da46266226d6.js Show response
www.biltrewards.com/_next/static/chunks/ 252 KB
84 KB 36ms
34ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/4193-6601da46266226d6.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c26c4fb4f58b0aa3012ecc8d8cd44381ec9dbbb687691231da5f18165168ca1b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="4193-6601da46266226d6.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::7q29p-1714801134971-e2087f5b9261
x-matched-path: /_next/static/chunks/4193-6601da46266226d6.js
etag: W/"c8cf53d51f589b89f90332cfd84554f1"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 460-c3babd6999035e1c.js Show response
www.biltrewards.com/_next/static/chunks/ 351 KB
87 KB 124ms
122ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/460-c3babd6999035e1c.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

92d32ee9ef0c6a0a3f914e9483c3a0ee98f4d99d39ab36110ab74ed0814c62d2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 33423
content-disposition: inline; filename="460-c3babd6999035e1c.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::2h2bl-1714801135003-8412b8e9f073
x-matched-path: /_next/static/chunks/460-c3babd6999035e1c.js
etag: W/"fd736396d7c9b12f8fcf62dd73f0f939"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1768-51bf34deaeddb409.js Show response
www.biltrewards.com/_next/static/chunks/ 10 KB
6 KB 40ms
39ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1768-51bf34deaeddb409.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

9f75860a0ed695951d068580c66fc85ea549c924d7829279f759de5b261d96e7

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 22895
content-disposition: inline; filename="1768-51bf34deaeddb409.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::z2nh8-1714801134971-a003cdef8e12
x-matched-path: /_next/static/chunks/1768-51bf34deaeddb409.js
etag: W/"4a4cc683c5964782493711c58cd687f4"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 7008-5a200fd92aa061b0.js Show response
www.biltrewards.com/_next/static/chunks/ 76 KB
27 KB 28ms
27ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/7008-5a200fd92aa061b0.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a6719d408c68a76e7ecc129a8ca95660269e04939e056d23abbddded90bf8e3a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 22424
content-disposition: inline; filename="7008-5a200fd92aa061b0.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::4npm2-1714801134971-dd76bbf3269e
x-matched-path: /_next/static/chunks/7008-5a200fd92aa061b0.js
etag: W/"17d88fa459cf631372b9bec563d832d1"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 layout.page-e13c289b2f9160b5.js Show response
www.biltrewards.com/_next/static/chunks/app/(root)/ 90 KB
29 KB 21ms
20ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-e13c289b2f9160b5.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

76f0314087a72b40304a3e1bab6132c27f582a7e1815c2ef6d3e9d78b2cc3f9c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 31933
content-disposition: inline; filename="layout.page-e13c289b2f9160b5.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::49dm9-1714801134971-1524b9ba25be
x-matched-path: /_next/static/chunks/app/(root)/layout.page-e13c289b2f9160b5.js
etag: W/"53ba7b546d99e1b34557397f795c335d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 ada-compliance.js Show response
www.biltrewards.com/assets/vendor/ 2 KB
3 KB 19ms
17ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/assets/vendor/ada-compliance.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:54 GMT
strict-transport-security: max-age=63072000
age: 33484
content-disposition: inline; filename="ada-compliance.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::4zjm2-1714801134965-fed94966759f
x-matched-path: /assets/vendor/ada-compliance.js
etag: W/"d2b0d05ef1d0990b8dd364cf4b0461b6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H3 200 agent.js Show response
cdn.deviceinf.com/js/v4/ 310 KB
99 KB 54ms
26ms Script
application/javascript 172.67.136.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.deviceinf.com/js/v4/agent.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.136.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P1
age: 2287
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
server: cloudflare
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=najjIB3%2Bz9ArPgIw3RPaPmyj9DTGGqdKceE%2Fm8EYPIoQcCBd5SxFgnUphiLUOXdTtmDbLeWnYuqduShF7pPDyUtwUtv5kJok32z40GZzcZwqPXIQBY4YlCgv0bdUv%2BJRtTAm2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 87e625b5ba8f3639-FRA
x-amz-cf-id: u3Ao2P3ngcgNDPnsHsCe0emyZkFT5eZGqaGJ2lXBFKt0Xj7TGUlTJQ==

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 156 KB
43 KB 68ms
31ms Script
text/javascript 13.33.187.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-42.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fee988d0a4b149a9ce3c30d63733d83d3c257368af50883bc9027fe0614dd522

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Z7GeVqqfJdx39lnO1DYeFIFqbuv5g4L4
content-encoding: br
via: 1.1 af1c2193a818b5824fd85ddd651620a8.cloudfront.net (CloudFront)
date: Sat, 04 May 2024 04:39:06 GMT
x-amz-request-id: 280NNR8J0YS5TBP8
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
age: 5793
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: wQc0VZ5+QkdHSy1sSlpgiITAMtonN5C/ncgx47EkUX139vrqtCp8OdFSWMGHI6j1242W0wWts0w=
last-modified: Thu, 02 May 2024 22:23:48 GMT
server: AmazonS3
etag: W/"fb1152b407f358b0c91a2c5cb2d8cdbc"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: UpXrF5HWqn2gYfa0Ojt7r7WLcQGSO59X00akETL9715IZY9RR0IVvw==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
927 B 43ms
22ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

25bec41e9f6dbc851e40687dc3aca88eb7f24515b8c04113e0a8bce69aefc57f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 04 May 2024 05:38:54 GMT

GET
H3 200 airgap.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 105 KB
43 KB 56ms
29ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58274
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"f40739130aa0cc889c7fc63c2ffe78ae"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625b5bad41e20-FRA
expires: Sat, 04 May 2024 05:39:55 GMT

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ 270 KB
73 KB 67ms
25ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:02:05 GMT
content-encoding: br
via: 1.1 google
age: 2210
x-guploader-uploadid: ABPtcPpxGYijfwqt1_0MQ_-ORW3iSNmxnd_yN9xaWuG7ZC5_swih-nwM6ZdBArllLry2-R2-1-I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74572
last-modified: Wed, 01 May 2024 18:59:38 GMT
server: UploadServer
etag: "9568c49933648165a4b57d6134954fb0"
vary: Accept-Encoding
x-goog-generation: 1714589978252932
x-goog-hash: crc32c=TIbhRA==, md5=lWjEmTNkgWWktX1hNJVPsA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 74572
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 May 2024 06:02:05 GMT

GET
H2 200 9ffa21ba-993efbed269ed6c8.js Show response
www.biltrewards.com/_next/static/chunks/ 68 KB
28 KB 14ms
10ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9ffa21ba-993efbed269ed6c8.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-eaff5b43bb74cbbd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

4d30600a865d49c31ee9a2f18bbd955840b72f3d5eee2d3394fda371e9ee270e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 33364
content-disposition: inline; filename="9ffa21ba-993efbed269ed6c8.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::xzx8p-1714801135049-b88e0aa713e6
x-matched-path: /_next/static/chunks/9ffa21ba-993efbed269ed6c8.js
etag: W/"36b13590fca40418ab5cd26689c9b879"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 page.page-2cceae5db4a8e855.js Show response
www.biltrewards.com/_next/static/chunks/app/(root)/p/homepage/ 5 KB
5 KB 14ms
14ms Script
application/javascript 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/app/(root)/p/homepage/page.page-2cceae5db4a8e855.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-eaff5b43bb74cbbd.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3dc4e28176a731679dfee5c89158b5183530ebda5323cba7d5ed6d6c752c5a4c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 17993
content-disposition: inline; filename="page.page-2cceae5db4a8e855.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::mr2p9-1714801135050-bba385a5ac72
x-matched-path: /_next/static/chunks/app/(root)/p/homepage/page.page-2cceae5db4a8e855.js
etag: W/"803ae879cdfdaa7a3f67862e61f39d1a"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

POST
H2 200 / Show response
o441793.ingest.sentry.io/api/5823479/envelope/ 2 B
308 B 52ms
19ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o441793.ingest.sentry.io/api/5823479/envelope/?sentry_key=50f039ff934e419597bde8e7652fc3d8&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.112.2

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 282 KB
95 KB 57ms
25ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-e13c289b2f9160b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9462e8b6b1c68de8085317e681667189fb8e8b6af5c28cf4b857dd267842189f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97350
x-xss-protection: 0
last-modified: Sat, 04 May 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 May 2024 05:38:55 GMT

GET
H2 200 pixel.min.js Show response
cdn.mgln.ai/ 4 KB
2 KB 57ms
16ms Script
application/javascript 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mgln.ai/pixel.min.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-e13c289b2f9160b5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
x-amz-version-id: Qluw.Dmpsqk5N8uDOhUTz5or_W6D3CxC
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 836EM2028RT493DZ
age: 3964
x-amz-server-side-encryption: AES256
x-amz-id-2: J4kQQQVSxr7tmSzl5mUkc+IQqtcQEXrewczLTzgjWWYJGwNiK2qZFkGVErlI43wdK8PWdm5tOhA=
last-modified: Thu, 08 Dec 2022 20:53:16 GMT
server: cloudflare
etag: W/"37bf51efaf3af89068b080c2d9635113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3K7nkUOOpAatYU5QokO272JnxhHlt78LOQlIpSX9H7NRsFtvaw4ghOkiLCm4HRf%2FWTVC%2F1CwaB%2FsSgtCFDIO7QDWdHkZ0n4qQBgnwoSNBKmM1k7XEI3qL%2BcNQ3mGGqKchWkQtViMOAk"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 87e625b72c8bbb41-FRA

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 103 KB
28 KB 643ms
605ms Script
text/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/app/(root)/layout.page-e13c289b2f9160b5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43ce35def7558be28d30002de7984ab770ebc989155fe2c504b39cf00c9798d2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: ae9tTaCQsftD7OUK1p_lw9fULTYnIDR4
content-encoding: br
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
date: Sat, 04 May 2024 05:38:56 GMT
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 25 Apr 2024 19:48:18 GMT
server: AmazonS3
etag: W/"da00d4407118f62fd911cbfc6ad4782f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: KZzPGskkp0O8dkcosnCpaG7gnDTM_K9FwxX5fiYwmw8J9irX3VnQjw==

GET
H2 200 t.png
tvspix.com/ 68 B
194 B 849ms
179ms Image
image/png 44.239.238.248
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tvspix.com/t.png?&t=1714801135179&l=tvscientific-pix-o-946859a1-af7d-49da-bef5-a1dcf030077a&u3=https%3A%2F%2Fwww.biltrewards.com%2F
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.239.238.248 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-239-238-248.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
pragma: no-cache
date: Sat, 04 May 2024 05:38:55 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 68
expires: 0

GET
H2 200 bilt.js Show response
decagon.ai/loaders/ 3 KB
1 KB 40ms
11ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://decagon.ai/loaders/bilt.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::hphcx-1714801135270-42e66e986678
age: 10872
x-matched-path: /loaders/bilt.js
etag: W/"653cacd6241644d8457a997c6cf05e54"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bilt.js"

GET
H2 200 / Show response
www2.biltrewards.com/ Frame EA89 1 MB
79 KB 143ms
33ms Document
text/html 35.71.142.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www2.biltrewards.com/

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.71.142.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a0b1d980e1f2226c6.awsglobalaccelerator.com

Software

Framer/cc220ce /

Resource Hash

5cfedefb95154ab787f29ec754d293534271a0fb6cb774a8557c85e738765098

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-encoding: br
content-length: 80270
content-type: text/html
date: Sat, 04 May 2024 05:38:54 GMT
etag: "da5b6ba89e62fb105aceb4bbc083d0cd"
last-modified: Tue, 16 Apr 2024 19:09:32 GMT
link: <https://framerusercontent.com>; rel="preconnect", <https://framerusercontent.com>; rel="preconnect"; crossorigin=""
server: Framer/cc220ce
server-timing: region;desc="eu-west-1", cache;desc="cached", ssg-status;desc="optimized", version;desc="cc220ce"
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H3

200

/ Show response
id.biltrewards.com/login/iframe/userdata/ Frame 322B
Redirect Chain

https://id.biltrewards.com/login/iframe/userdata
https://id.biltrewards.com/login/iframe/userdata/

36 KB
9 KB

186ms
186ms

Document
text/html

34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/login/iframe/userdata/

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel / Next.js

Resource Hash

8059da41d48e0a03b2f7ff592025d74585a5574458558d9e95ad00474d04d466

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-type: text/html; charset=utf-8
date: Sat, 04 May 2024 05:38:55 GMT
referrer-policy: origin
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
via: 1.1 google
x-content-type-options: nosniff
x-matched-path: /login/iframe/userdata/
x-powered-by: Next.js
x-vercel-cache: MISS
x-vercel-execution-region: iad1
x-vercel-id: fra1::iad1::skxrx-1714801135324-06eec8dbbae4
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=0, must-revalidate
content-type: text/html
date: Sat, 04 May 2024 05:38:55 GMT
location: /login/iframe/userdata/
refresh: 0;url=/login/iframe/userdata/
server: Vercel
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 google
x-vercel-id: fra1::zncxm-1714801135281-7a84ce02c8f2

GET
H3 200 GT-America-Standard-Medium.woff2
static.biltrewards.com/fonts/ 56 KB
56 KB 47ms
28ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Medium.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:19:57 GMT
age: 1138
x-guploader-uploadid: ABPtcPpeSasKeBBA2hAPf28GCkIjbhfrFl-pKdK71DgIHIeyiDC7JbO3EE7gER21UF2jNl3q7MCAezAb_Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57076
last-modified: Wed, 24 May 2023 18:38:03 GMT
server: UploadServer
etag: "63dc66a0acb63f7b9c52d3a1996896dc"
vary: Origin
x-goog-generation: 1684953483763390
x-goog-hash: crc32c=rAUnxg==, md5=Y9xmoKy2P3ucUtOhmWiW3A==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 57076
accept-ranges: bytes
content-type: application/octet-stream

GET
H3 200 GT-America-Standard-Regular.woff2
static.biltrewards.com/fonts/ 57 KB
57 KB 43ms
25ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Regular.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:19:57 GMT
age: 1138
x-guploader-uploadid: ABPtcPoS41UUosHP0UpglZjDQwl7pwFhhrgf1wM4wKFaFjQ9ZBx2H3zR9hREFUo7f-WQNgVHS9HQTmH6qA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523730209285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58164
last-modified: Mon, 20 Mar 2023 23:30:32 GMT
server: UploadServer
etag: "34faea2a319852842506af0b1871af2f"
vary: Origin
x-goog-generation: 1679355032260337
x-goog-hash: crc32c=3JtdcA==, md5=NPrqKjGYUoQlBq8LGHGvLw==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 58164
accept-ranges: bytes
content-type: application/octet-stream

OPTIONS
H2 200 frontend
flags.biltrewards.com/api/ Frame 0
0 167ms
125ms Preflight 34.160.241.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=951748381&appName=bilt-rewards&environment=default
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: DELETE, CONNECT, TRACE, POST, OPTIONS, PATCH, HEAD, GET, PUT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 04 May 2024 05:38:55 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google

GET
H2 200 Allyant_Accessibility_Badge.svg
static.biltrewards.com/assets/footer/ 9 KB
9 KB 55ms
8ms Image
image/svg+xml 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/footer/Allyant_Accessibility_Badge.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 04:55:01 GMT
age: 2634
x-guploader-uploadid: ABPtcPqczasS7_STxrq7qoKwfwjammDo-PbS835xKkQZ06PM4U43fVdUm3YgWiqGnS26sT8qZWo
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8902
last-modified: Mon, 22 Apr 2024 14:38:56 GMT
server: UploadServer
etag: "ec60b6278480c91cc0bdf8f7b2891638"
vary: Origin
x-goog-generation: 1713796736912798
x-goog-hash: crc32c=PEyyKw==, md5=7GC2J4SAyRzAvfj3sokWOA==
content-type: image/svg+xml
cache-control: public,max-age=3600
x-goog-stored-content-length: 8902
accept-ranges: bytes

GET
H2 200 rent-day Show response
www.biltrewards.com/api/ 161 B
3 KB 10ms
10ms XHR
application/json 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/api/rent-day

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0d8341b02410fb68aead0790359b385e911c473854d4ab7f0eeefe45f465d7b5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
baggage: sentry-environment=production,sentry-release=401aa281d078c4ad4f305df9464f599516f8f085,sentry-public_key=50f039ff934e419597bde8e7652fc3d8,sentry-trace_id=5f2a06b5e8a341899b2108d282698500,sentry-sample_rate=0.025,sentry-sampled=false
sentry-trace: 5f2a06b5e8a341899b2108d282698500-a09ec04fce800b9b-0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Sat, 04 May 2024 05:37:02 GMT
referrer-policy: origin
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::cle1::mr2p9-1714801135286-8f9a7595028d
age: 112
x-content-type-options: nosniff
etag: "pvqu032x884h"
x-vercel-cache: STALE
x-matched-path: /api/rent-day
content-type: application/json; charset=utf-8
cache-control: public
content-length: 161
x-xss-protection: 1; mode=block

GET
H3 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
184 B 157ms
156ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 71495b89624749d6bc836881598788e579cfc8d0c4034bd5eb28db8d6b517a09

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: f4a7a89775c048e7ef63514cfafd2f73
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 162

GET
H2 200 frontend Show response
flags.biltrewards.com/api/ 5 KB
974 B 128ms
122ms Fetch
application/json 34.160.241.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=951748381&appName=bilt-rewards&environment=default
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 10a33099eb26008ad5bd6cbc5a1637bb63482dc2463589d1f3eb1264696f7ae4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bilt-frontend:production.4ecbf2972c41cd20e95e223a3a8f1be63d54d659b61391749811b96e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.biltrewards.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
via: 1.1 google
etag: W/"1515-GzfmrjWJnKJT9Zb03PsbRw=="
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 web Show response
id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/ 6 KB
7 KB 138ms
138ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/web
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: /
Resource Hash: bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google, 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json; charset=utf-8

GET
H2 200 widget.js Show response
cdn.userway.org/ 2 KB
2 KB 38ms
7ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/assets/vendor/ada-compliance.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66a9737875a0f5a00048fb2ed685946f0abd0649d44735b8460bf99821664c54

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 758
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 315
x-accel-date: 1714800820
x-77-nzt: EgwB1GY4sQH3OwEAAAwBJRPCNAH3DQAAAA
x-accel-expires: @1714804420
x-77-age: 315
last-modified: Tue, 30 Apr 2024 12:17:00 GMT
server: CDN77-Turbo
etag: W/"2de2d3a4fa8cc3535ca51bf797159fd8"
x-77-nzt-ray: 1cb09c0e4730523cefc93566debdbe15
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
content-type: application/javascript
x-amz-cf-id: FjLLrJblqV2AH6bGM9C3i_P1fjBMP88bVQ9tDbiFlAWwq8LozJrkhg==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/ 509 KB
203 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 15:23:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207268
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 May 2025 15:23:52 GMT

GET
H3 200 ui.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 295 KB
83 KB 45ms
31ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1918
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"2ff4fae52b8ac954d5874b92987806e9"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625b86e803618-FRA
expires: Sat, 04 May 2024 05:39:55 GMT

GET
H2 404 / Show response
www.biltrewards.com/ 6 KB
4 KB 19ms
18ms Fetch
text/html 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

725277a8c72dd1cc55fc502e9456b84fae84a692b7b0cf9ebd8f760be39b2300

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 33495
content-disposition: inline; filename="404"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bzh58-1714801135419-fa275598b275
x-matched-path: /404
etag: W/"beeb3b2228f5a4329279070693ad14db"
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 rewards Show response
www.biltrewards.com/ 155 B
3 KB 131ms
130ms Fetch
text/x-component 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

02924ca4217771edb42e679d95c06dbdd53bbdf81634bda9f519c429556bc779

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::xzx8p-1714801135420-3793936d8a6b
x-matched-path: /rewards.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 rent Show response
www.biltrewards.com/account/ 231 B
3 KB 132ms
131ms Fetch
text/x-component 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/account/rent?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

ecd2c17a041e41d9a7ee92a6e44d322c2c8f83b11117b9eec196abefa41fc110

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::z24tg-1714801135422-c6345e1182c9
x-matched-path: /account/rent.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 dining Show response
www.biltrewards.com/rewards/ 179 B
3 KB 137ms
137ms Fetch
text/x-component 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards/dining?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

a08597993ec5ca2b8cb7119e9d2d3da7878c69526cd0521d410fb6b8670d49de

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::gprc8-1714801135423-71c72d7f0b9c
x-matched-path: /rewards/dining.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

GET
H2 200 travel Show response
www.biltrewards.com/rewards/ 179 B
3 KB 134ms
134ms Fetch
text/x-component 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/rewards/travel?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

9315ecc2d6e6627f1e4a0b9d2b62c4b69bfd309913e545715d695e38191e60e9

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=63072000
age: 0
x-powered-by: Next.js
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::cle1::z24tg-1714801135425-70a3bdc7e2b6
x-matched-path: /rewards/travel.rsc
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-vercel-execution-region: cle1
content-type: text/x-component
cache-control: private, no-cache, no-store, max-age=0, must-revalidate

POST
H2 200 vitals
vitals.vercel-insights.com/v1/ 2 B
166 B 114ms
33ms Ping
text/plain 63.35.74.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vitals.vercel-insights.com/v1/vitals
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.35.74.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-35-74-145.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
x-ratelimit-reset: 60
x-ratelimit-limit: 1000
cross-origin-resource-policy: cross-origin
content-length: 2
x-ratelimit-remaining: 999
content-type: text/plain; charset=utf-8

GET
H2 200 chunk-IVGDQOPF.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 563 KB
166 KB 49ms
14ms Script
text/javascript 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-IVGDQOPF.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

eb1ffeccaf95fde9ecf145e4ea93852a46e7d42b04d38ec858b891c5f6dfd8fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Apr 2024 19:26:22 GMT
x-amz-version-id: 8oKJtm.34dMQ_1Z743w8KeFclSocvgYK
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
age: 1505554
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="IX91T9pn6a50YBugexYSVXX00be1GUHxy6vq2dEGTfpkAvcqZ4YVQw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 16 Apr 2024 19:09:30 GMT
server: CloudFront
etag: W/"afe18f4837ff901db978e3860b5b8f04"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Accept-Encoding,Origin
timing-allow-origin: *
x-amz-cf-id: IX91T9pn6a50YBugexYSVXX00be1GUHxy6vq2dEGTfpkAvcqZ4YVQw==

GET
H2 200 chunk-ELYU6EKT.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 447 B
1 KB 49ms
15ms Script
text/javascript 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-ELYU6EKT.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4e0ea1029eab3b7c0bb3183eaa684b29064f2de371720317b8a35519fe26589e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Jan 2024 02:31:13 GMT
x-amz-version-id: KBor7BFQn_pp2zxPGsA.bi5b6hyTs2yW
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 9428863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="6pn_q24x1GfE6VwnuHDIGr7XVbCBxVhQs3WDcn6XZwzURn0q-W6JqA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
content-length: 447
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Jan 2024 18:18:07 GMT
server: CloudFront
etag: "bac0d5b5f6a61029b51079932ccda746"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 6pn_q24x1GfE6VwnuHDIGr7XVbCBxVhQs3WDcn6XZwzURn0q-W6JqA==

GET
H2 200 o5nx0y8gL9Q5XpEnTWw73jqlBv_82EBxcsRZtTau1_8.UVF2TTJC.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 723 KB
103 KB 45ms
15ms Script
text/javascript 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/o5nx0y8gL9Q5XpEnTWw73jqlBv_82EBxcsRZtTau1_8.UVF2TTJC.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

e310d272bb05b8caa31f4ec6de5437bfbd04800535c9069fa58550a911612ec8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 16 Apr 2024 19:15:38 GMT
x-amz-version-id: _y1dlbWA1QfAM03AVP9Kw3OtIPLPr5Ay
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
x-amz-server-side-encryption: AES256
age: 1506197
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="V31oqJV3uWpr9SG36LZNXF19SjjQwPdHBVFZMOWUvi8qlTwHDEbhdA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 16 Apr 2024 19:09:30 GMT
server: CloudFront
etag: W/"0ad570e3afd63a4d636754544e6c7b9f"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Accept-Encoding,Origin
timing-allow-origin: *
x-amz-cf-id: V31oqJV3uWpr9SG36LZNXF19SjjQwPdHBVFZMOWUvi8qlTwHDEbhdA==

GET
H2 200 chunk-YMXEJLDD.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 700 B
2 KB 45ms
15ms Script
text/javascript 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-YMXEJLDD.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

1d6ec88f567df6145ff31cc4f634d8c576965b5572838f97f9de77af6c3d3239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 07 Feb 2024 07:46:54 GMT
x-amz-version-id: kqrsrKuANINZi08S3mJ7cUCGizvoSq7Y
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 7509122
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="HhoZZmpwrU_0uPLcu3vLLJeCnvGbu4Z9sNIHZ_nmzOUioFAEZyRoNw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
content-length: 700
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Feb 2024 17:06:44 GMT
server: CloudFront
etag: "f2a1f09b1f23f395f4d6d7dd9f39d37b"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: HhoZZmpwrU_0uPLcu3vLLJeCnvGbu4Z9sNIHZ_nmzOUioFAEZyRoNw==

GET
H2 200 chunk-42U43NKG.mjs Show response
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 44 B
957 B 26ms
25ms Script
text/javascript 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/chunk-42U43NKG.mjs

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

7b2faec4335de81abbf1ebf794f91a4f2b870b317093448b84082b5f411c741c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 30 Nov 2023 16:55:56 GMT
x-amz-version-id: evlVAxy7o1HEHfkTxbxNsM7i9okrmm0E
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7b20af4202adb6ef25a7920ed74908dc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 13437780
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="w8BodV2XzwJRm7cndY4yTL5WxiHgMLFO7JZieBxe1k6edf9yjXHfww==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
content-length: 44
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Nov 2023 16:29:22 GMT
server: CloudFront
etag: "f5fe0cab78140e0e5aa29f68ce8c2888"
access-control-max-age: 0
access-control-allow-methods: GET
content-type: text/javascript
access-control-allow-origin: *
x-frame-options: deny
cache-control: public, max-age=31536000, immutable
vary: Origin
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: w8BodV2XzwJRm7cndY4yTL5WxiHgMLFO7JZieBxe1k6edf9yjXHfww==

GET
H2 200 script Show response
events.framer.com/ Frame EA89 16 KB
16 KB 414ms
373ms Script
text/javascript 3.160.150.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/script
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-112.fra60.r.cloudfront.net
Software: /
Resource Hash: 03337e69f3ba0d92c0ee4e6336eab382bbb5ce99d425bc1c0092a9b8618df364

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 cce339e34372cea758a4181fcf4e7c14.cloudfront.net (CloudFront)
x-amzn-remapped-content-length: 15882
x-amz-cf-pop: FRA60-P7
x-amzn-trace-id: Root=1-6635c9ef-0a69103a28838d644042fcde
x-amzn-requestid: 774a2cb1-6209-49f8-bbd4-2d5b65d7a32d
x-cache: Miss from cloudfront
content-type: text/javascript
timestamp: Sat, 04 May 2024 05:37:28 GMT
x-amz-apigw-id: XOx9gF58oAMEj_g=
content-length: 15882
x-amz-cf-id: 68M-p9B9-dGKNtSbnIRoo17o6cnxf5Up6CVuMyYQiGf_nSpTSxVLXg==

GET
H2 200 QjUw3jJCmMzYz9c4QnfbBW9f90.png
framerusercontent.com/images/ Frame EA89 176 KB
177 KB 43ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/QjUw3jJCmMzYz9c4QnfbBW9f90.png?scale-down-to=2048

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

0f21a3f784c0a180951483e44e8878606dd7e74c330a40afdcabfd998bd9ed9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 07:16:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 10880525
x-amzn-requestid: 93163bec-85c6-4ed1-8290-c1f9df2c9dac
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="6tp4mCl18y_Nz2SBK0qPoHjmGf5nIVXkYXpOO8ROwiqvbmVby76CWA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-658fc3e1-57315a206d7a02da7190c7b6;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 6tp4mCl18y_Nz2SBK0qPoHjmGf5nIVXkYXpOO8ROwiqvbmVby76CWA==

GET
H2 200 OJrwICelx547sU9TUfsOWWw2XU.png
framerusercontent.com/images/ Frame EA89 74 KB
75 KB 43ms
8ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OJrwICelx547sU9TUfsOWWw2XU.png?scale-down-to=512

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

cf864361a24b9afe094f76d502d804e878318535e9479c428babec04f792bb76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 30 Dec 2023 21:01:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 10831025
x-amzn-requestid: 6bd86dc0-47a2-4c16-a0c3-51f3b79bd10b
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="aLmq0aHIbIzdUbWQhCtGN5dR6UN7PC_pKvne8T5itdzExwzHdAJEtg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6590853d-6cbbd6e16a26746a51f173da;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: aLmq0aHIbIzdUbWQhCtGN5dR6UN7PC_pKvne8T5itdzExwzHdAJEtg==

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ Frame EA89 270 KB
0 1ms
1ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:02:05 GMT
content-encoding: br
via: 1.1 google
age: 2210
x-guploader-uploadid: ABPtcPpxGYijfwqt1_0MQ_-ORW3iSNmxnd_yN9xaWuG7ZC5_swih-nwM6ZdBArllLry2-R2-1-I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74572
last-modified: Wed, 01 May 2024 18:59:38 GMT
server: UploadServer
etag: "9568c49933648165a4b57d6134954fb0"
vary: Accept-Encoding
x-goog-generation: 1714589978252932
x-goog-hash: crc32c=TIbhRA==, md5=lWjEmTNkgWWktX1hNJVPsA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 74572
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 May 2024 06:02:05 GMT

GET
H2 204 init Show response
mgln.ai/ 0
1 KB 119ms
107ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/init

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D
x-request-id: 402164e1-80bb-452d-848c-12bcaeae49b8
x-runtime: 0.001626
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e625b8adaabb41-FRA

GET
H2 200 card Show response
www.biltrewards.com/ 2 B
3 KB 15ms
11ms Fetch
application/json 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/card?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Sat, 04 May 2024 05:38:55 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
age: 33486
content-disposition: inline; filename="card.rsc"
content-length: 2
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bzh58-1714801135455-96b52c52dc98
x-matched-path: /card.rsc
etag: "99914b932bd37a50b983c5e7c90ae93b"
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
H3 200 GT-America-Extended-Bold.woff2
static.biltrewards.com/fonts/ 63 KB
63 KB 12ms
9ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Extended-Bold.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 04:56:24 GMT
age: 2551
x-guploader-uploadid: ABPtcPoPPpS5adiN6otJPyX0ISbfxRNQHELgPgfKax0zia-JKGhdUoothD9y9ZpUj4KBS_yLLeyhPr85Lw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523728054486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64096
last-modified: Mon, 20 Mar 2023 23:30:33 GMT
server: UploadServer
etag: "62d21cb9a8474aa65c284dc0af48bc30"
vary: Origin
x-goog-generation: 1679355033778551
x-goog-hash: crc32c=ri+bug==, md5=YtIcuahHSqZcKE3Ar0i8MA==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 64096
accept-ranges: bytes
content-type: application/octet-stream

GET LqDnnljXEwgpUOKntxS1EWW6Rg.woff2
framerusercontent.com/assets/ Frame EA89 0
0

GET ZOQnZ28bo7qibfKtLjS7lnsO4~aPaqOZNJkxYT2qc_-WAEnT8sEAw10p7tnZdSX4PzEH4.woff2
framerusercontent.com/modules/assets/ Frame EA89 0
0

GET s15i8VNMBMOyVBn9RdA2jtEVxk.woff2
framerusercontent.com/assets/ Frame EA89 0
0

GET 9vZ4CFUb3rKQR5PiFoCAG4XK9ds~OMnLjX5KG42fbQ9CabmPYWfngmsLKfBkxrst4820Nz8.woff2
framerusercontent.com/modules/assets/ Frame EA89 0
0

GET
H2 200 Bxu6GY24oplllZd0X0beaOpeu1Y.png
framerusercontent.com/images/ Frame EA89 33 KB
34 KB 15ms
8ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Bxu6GY24oplllZd0X0beaOpeu1Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

85f5de4dc60ee136c7f141c4999ed8ab88b9bf0aed3a5806f9cbc4283a901b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Sep 2023 21:04:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 18866086
x-amzn-requestid: 47a703ad-c5a4-4663-a7ca-41b0215b5529
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="2Sk4hnyaUZasG-8zGpsO6B_jqN2FzmUqVvu1eQ4PQ6Js4xXHrQl50g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6515ea49-22781c72779d140e4acf41d7;sampled=0;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 2Sk4hnyaUZasG-8zGpsO6B_jqN2FzmUqVvu1eQ4PQ6Js4xXHrQl50g==

GET
H2 200 Yq0ObCqEE6wFZWZK5Dp54noE4.png
framerusercontent.com/images/ Frame EA89 39 KB
40 KB 15ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/Yq0ObCqEE6wFZWZK5Dp54noE4.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

64ee05b98a022eb8e7c5f531342a77e8265378f08c4665c90e0b0ca953373b10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293455
x-amzn-requestid: ac6a76f4-935a-4fe5-8b35-27cf98ada30c
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="LBXEDGNU1ba5u4VLKhjbudfUr6sGDuS4Z5J5mFgthdMojdqSBdO5zQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a0-5adfee7741d945b93610ede9;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: LBXEDGNU1ba5u4VLKhjbudfUr6sGDuS4Z5J5mFgthdMojdqSBdO5zQ==

GET
H2 200 kPxJM4tLgnLH1CadICtjXQIzHyU.png
framerusercontent.com/images/ Frame EA89 14 KB
14 KB 15ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/kPxJM4tLgnLH1CadICtjXQIzHyU.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

6ba51e661ea99d73f18d67c0759bdfa54b3c409cab8308cccb0b4e94e6750ce5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293455
x-amzn-requestid: 2e4005e3-d4f1-4223-8f10-ce4e29194f95
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ons0Psf6VmK-dxahNUVh4Lnzey3y2DLhOks6gJDDY9EBry5sCKvGiQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a0-166d1a7913e3bf6f4caff6ea;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: ons0Psf6VmK-dxahNUVh4Lnzey3y2DLhOks6gJDDY9EBry5sCKvGiQ==

GET
H2 200 kZedshteNKwEnTSThLDeUR8Dvg.png
framerusercontent.com/images/ Frame EA89 3 KB
3 KB 16ms
10ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/kZedshteNKwEnTSThLDeUR8Dvg.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

2b6ffa1fda482766ba9db7607cf480fea2d6e045ea6d629cb1006b1384f43d3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:47:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293465
x-amzn-requestid: 955dccb4-047a-403f-864a-55cccbf57bbd
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="FMVyEtxsRULwY221roHuXjCmG1NzyVwjdyNQ8_4eZa3djhwRS1uWPg==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a3495-4028c3652793ae1569eb83fd;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: FMVyEtxsRULwY221roHuXjCmG1NzyVwjdyNQ8_4eZa3djhwRS1uWPg==

GET
H2 200 PpmuiGEDXM3kHtBp5icQtJnddr8.png
framerusercontent.com/images/ Frame EA89 36 KB
36 KB 15ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/PpmuiGEDXM3kHtBp5icQtJnddr8.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c2f14ac6aa2d1007f23dbc8cd5535ae456550e6b6cec1114a60d56610e526861

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293454
x-amzn-requestid: 570231b1-76ce-4948-b9d1-87e54e335dd5
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="dUdwEe-skHoP7_zeKbOvoBrfTpKv1a4PA8CDIICF_ckrV1TKFv7U2Q==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a0-441c7c2c01bc6a640ffabe9c;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: dUdwEe-skHoP7_zeKbOvoBrfTpKv1a4PA8CDIICF_ckrV1TKFv7U2Q==

GET
H2 200 u3YgOCmum1dUpL43rOc7L0t2pTE.png
framerusercontent.com/images/ Frame EA89 37 KB
38 KB 14ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/u3YgOCmum1dUpL43rOc7L0t2pTE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

8fac5963cf08bccb52ed83675b4ab217e5c9dcf28d37f50f9b0f023fc0a9b783

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 09 Dec 2023 19:51:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12649660
x-amzn-requestid: 8de716e5-6484-465d-9b98-bf5b719b5ddf
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="2bkZrKaVwSPrtBvcOGjLnpKinbegXwFSh2d2PNAioSno9jK0aIZ9iA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6574c533-40ada02066e2ce3903f68f4f;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 2bkZrKaVwSPrtBvcOGjLnpKinbegXwFSh2d2PNAioSno9jK0aIZ9iA==

GET
H2 200 q2ZbwDh95WKyNtMuZKqIZa0Y.png
framerusercontent.com/images/ Frame EA89 69 KB
70 KB 14ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/q2ZbwDh95WKyNtMuZKqIZa0Y.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f72d0a5af37884e1b1b98c1d843591b5618a80cab198ce8e85cf4131dfde5524

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 09 Dec 2023 19:51:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12649660
x-amzn-requestid: 95e9b69a-0251-436a-88f6-acfa14840b49
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="J5GfohkeDB79TauzayUOiS6qcY8FoWsgLQAJssXWy0w8OcaeFvxd-w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6574c533-62a3a44b33d91cba46c2e0b4;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: J5GfohkeDB79TauzayUOiS6qcY8FoWsgLQAJssXWy0w8OcaeFvxd-w==

GET
H2 200 VyL41pOzjpyf0ifC7GjerSeo3E.png
framerusercontent.com/images/ Frame EA89 45 KB
45 KB 18ms
13ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/VyL41pOzjpyf0ifC7GjerSeo3E.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

12eb90ba365f5499e5dcca6dfa9e11e5e451e601f20c46d05cacfa45bbe0fa68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293454
x-amzn-requestid: 7a18f60e-5932-47f5-875d-17f2793f98fd
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="uD2WHelSntJ1xCulGZTWr_-oosddcdMrVSpTrYI2EDTntrzBjJYA1g==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=6
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a1-73b0f6ff3b15cf5703eadbaf;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: uD2WHelSntJ1xCulGZTWr_-oosddcdMrVSpTrYI2EDTntrzBjJYA1g==

GET
H2 200 ly7hsGndYyaskNI1AqcxaAt6I.png
framerusercontent.com/images/ Frame EA89 24 KB
25 KB 14ms
10ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/ly7hsGndYyaskNI1AqcxaAt6I.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4f452334c46c15d7198eb2155a3ec0d93ee81b7d1dfaaee86fe67532299b4f7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293454
x-amzn-requestid: 26ed4e78-6421-49aa-8b87-e1be9f6ffb6f
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="tuDOF7YmoTjZc5QY2IPimJzgiMZytIbXp2h_bGEU8ZBb_Ya1L_sHMQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a1-319c6f954b10e76e02e15a89;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: tuDOF7YmoTjZc5QY2IPimJzgiMZytIbXp2h_bGEU8ZBb_Ya1L_sHMQ==

GET
H2 200 RVFtmFp0chpaTRBkxXKss5HkWuI.png
framerusercontent.com/images/ Frame EA89 25 KB
26 KB 14ms
9ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/RVFtmFp0chpaTRBkxXKss5HkWuI.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

dc9d99b4069719085cc1a67a93350f47b0d97185bc95c4afc509b917ca2a5ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 09 Dec 2023 19:51:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12649660
x-amzn-requestid: c054beb9-a99a-44c8-b6e4-8efd99661635
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="P0oN-PtAbsMPeLfdPiAw1rcUmoxxNkobinU8e3cFH4y9SKk3Tppasw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6574c533-689e8b4f72eef1440beb86f3;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: P0oN-PtAbsMPeLfdPiAw1rcUmoxxNkobinU8e3cFH4y9SKk3Tppasw==

GET
H2 200 wkMxGLA0wVGsaSgWt2doW86Zic.png
framerusercontent.com/images/ Frame EA89 31 KB
32 KB 19ms
15ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/wkMxGLA0wVGsaSgWt2doW86Zic.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

5ac1c77c992ddf5093ee99f3128e769ce4e854e31d63a45a5c229fa012f3d27b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293454
x-amzn-requestid: ba6827ad-aabc-411e-9dc2-dfa723dd0780
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="1MeDM4JcVdt-2WAa6X2QJnWYJI00-RxNSnWnLW3bt16y-YdpF4PZqQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a1-644b15642b1ea7fc78e9b405;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 1MeDM4JcVdt-2WAa6X2QJnWYJI00-RxNSnWnLW3bt16y-YdpF4PZqQ==

GET
H2 200 UPxnowvsa2Fbt3lp5oDDFXRjROc.png
framerusercontent.com/images/ Frame EA89 32 KB
33 KB 19ms
15ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/UPxnowvsa2Fbt3lp5oDDFXRjROc.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

af6eba57bf2517abf6514c8efc984691780db40d0468f1bf9e4d1f8687d0f3ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 07 Dec 2023 21:14:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12817490
x-amzn-requestid: e03300e0-9cad-43fc-8ab6-de726d6b5f30
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="pRM3D4Oy4nMP8gNuCmLvpINsXDYkgkpJk1hQNcseiA6Gv4Tuzl8ifw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6572359c-765ffb934b7dbe1f748e348d;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: pRM3D4Oy4nMP8gNuCmLvpINsXDYkgkpJk1hQNcseiA6Gv4Tuzl8ifw==

GET
H2 200 2Zx97veGwo826dqlIbR2hMKiY.png
framerusercontent.com/images/ Frame EA89 85 KB
86 KB 19ms
16ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/2Zx97veGwo826dqlIbR2hMKiY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4dd34f61aca89d6bc803b2bd3feb6a97b9be91c52dc7cfb6bf64971b08b3f83a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 05 Dec 2023 23:57:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12980477
x-amzn-requestid: c6578a5d-2b8c-483a-ac9d-b78066b234a7
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="4OA9hrrKIxz4l1Gu5yIpn4WA6y59zZRPDdHK-s_HGUaHGlouP2wa_A==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-656fb8f2-1a3284985a17b98d6b56e9b6;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 4OA9hrrKIxz4l1Gu5yIpn4WA6y59zZRPDdHK-s_HGUaHGlouP2wa_A==

GET
H2 200 i6iRuC8inkOu49dyb2cMx7KLX9o.png
framerusercontent.com/images/ Frame EA89 32 KB
32 KB 20ms
17ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/i6iRuC8inkOu49dyb2cMx7KLX9o.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c04daf4d84b602e33cd55244de90765807629d32b9bec66402b61bbc9666995c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 07 Dec 2023 21:14:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12817491
x-amzn-requestid: d1276dde-ce3c-43b3-bdf2-19fb56353b67
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="ZSiWGHZs_MfRiBMY6hJVppEwNDwrFMlpuhhJuf-8szXhQH0blrKWpw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6572359c-6d94249e4d78cc9c47e01d91;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: ZSiWGHZs_MfRiBMY6hJVppEwNDwrFMlpuhhJuf-8szXhQH0blrKWpw==

GET
H2 200 4Um58dLygSHRrlUbzVAaCiPfHeE.png
framerusercontent.com/images/ Frame EA89 61 KB
62 KB 21ms
18ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/4Um58dLygSHRrlUbzVAaCiPfHeE.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

d065eff191539c5a5e24a3a4f1bb8ff55a32c7701e34d57ae8b49ca555bdeb31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 15 Dec 2023 02:47:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12192674
x-amzn-requestid: 76e437ee-349e-4296-8605-83da030eb99b
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="2X0XzNtYVGB3peAYMxYL2u-K_LBAx9TONsvETFzzgu7VpPRWtEK7mw==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657bbe4d-6fba888c030366654cd8e9e2;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 2X0XzNtYVGB3peAYMxYL2u-K_LBAx9TONsvETFzzgu7VpPRWtEK7mw==

GET
H2 200 OwD5vj1mJJkrw8fQ4TLBsZu7VY.png
framerusercontent.com/images/ Frame EA89 67 KB
68 KB 20ms
17ms Image
image/webp 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/OwD5vj1mJJkrw8fQ4TLBsZu7VY.png

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

76d2ff093e6915059cf45b5a51b88ccd5e79c038e42ecd2cf5817403b6c52cd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 13 Dec 2023 22:48:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 12293453
x-amzn-requestid: 78b339dd-e4b5-456c-bb1c-74370a5115ab
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="8GMaFgEbyA3LBsOEXToxaCC0kbP7dLkHN5elrSFzBPr_MzbmWxaEHA==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=5
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-657a34a1-47094d6076a345a112379c31;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: 8GMaFgEbyA3LBsOEXToxaCC0kbP7dLkHN5elrSFzBPr_MzbmWxaEHA==

GET
H2 200 6tTbkXggWgQCAJ4DO2QEdXXmgM.svg
framerusercontent.com/images/ Frame EA89 214 B
987 B 19ms
16ms Image
image/svg+xml 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/6tTbkXggWgQCAJ4DO2QEdXXmgM.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

ca764b5867087d3c5ffc2bb0497a50b2ecf18ae7252169951ec97e18a592973d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 09 Jul 2023 10:01:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 25904275
x-amzn-requestid: cd6fe516-7186-49ea-8583-2bab5f74ff2a
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="s9a3aZd_kUXlcZtZ-DUTALtj88qwVuoFX7xiZwLDO9uqmZXgcQgciQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-64aa855c-0af01ff92e851a665abb74ce;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: s9a3aZd_kUXlcZtZ-DUTALtj88qwVuoFX7xiZwLDO9uqmZXgcQgciQ==

GET
H2 200 11KSGbIZoRSg4pjdnUoif6MKHI.svg
framerusercontent.com/images/ Frame EA89 215 B
989 B 19ms
16ms Image
image/svg+xml 2600:9000:2490:1200:d:ada1:a280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/11KSGbIZoRSg4pjdnUoif6MKHI.svg

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2490:1200:d:ada1:a280:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

6fce5a0604a6267ad769dd5e7afbfcf8bd0390897f682aec71f6307999a5b67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 01 Dec 2023 12:09:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 13368560
x-amzn-requestid: f927c207-5d43-4a31-84ec-0d06d0c63c6a
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-rid;desc="GQOmtO_BD29brLXjrcg4HDi8G4y5K0Wv_NJJrfrONy053eCZCByQ8w==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=4
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6569ccff-42414f1e2713071463b83623;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: GQOmtO_BD29brLXjrcg4HDi8G4y5K0Wv_NJJrfrONy053eCZCByQ8w==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 256 KB
88 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10874839969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2cf0d22aa7498e95b770dcaee27f828a57946c466b6fa4062a318f3d86a3e4c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89768
x-xss-protection: 0
last-modified: Sat, 04 May 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 May 2024 05:38:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 288 KB
98 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QLSYZKSM0E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

75c43224db7967fac75bbb8ddbde3ea2b151177b820af1e246039a4f2e135698

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 100420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 04 May 2024 05:38:55 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 38 KB
12 KB 42ms
7ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 57bd3463acfad02c222f7beac208f69df5507f7de42fa38b18a1e1e48df2a44a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 24 Apr 2024 17:35:49 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "c4d61fbb6e730a840c7f140cbb9bcd06"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 11214

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 267ms
148ms Script
application/javascript 104.90.205.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.205.74 Barcelona, Spain, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-90-205-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6b303bfca9f8eb88aed4acf74b6af893130f596c58bc12301285853756982a0c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 1ff76340.c463592.33fa6f09
date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240504053855146ABE972FFB5C60FE64-4563C658D92376AF-00
x-cache: TCP_MISS from a104-90-205-70.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
x-parent-response-time: 71,23.206.170.39, 98,104.90.205.70
server-timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=4, inner; dur=2
content-length: 2125
pragma: no-cache
server: nginx
x-tt-logid: 20240504053855146ABE972FFB5C60FE64
x-cache-remote: TCP_MISS from a23-206-170-39.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 4,23.218.222.74
x-tt-trace-host: 01df6a9976b24b1b4c9e3efb9e8a5e18d8fa6474bff259e35ad01f12ff2c3f8f3ffff1f09010f5de1cd6067d83715d812e497336a21d75fc1f3389f0acaeba5812a12e947114a465d6c80315af80b5340639b3a678c639aa39f55c2983a519c5a4624e737f6defe9ff3eb254c6dedc4fd5234ce60b351fb2789436ce550af352a0
expires: Sat, 04 May 2024 05:38:55 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 128ms
98ms Script
text/javascript 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0abe423cefe0485642482ae97e213dae0c29d47efae7e74ff6eda26de589f803

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 04 May 2024 05:38:55 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 b-00ri.min.js Show response
b-code.liadm.com/ 101 KB
36 KB 40ms
7ms Script
application/javascript 2600:9000:275d:2c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/b-00ri.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:2c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 16:47:23 GMT
content-encoding: gzip
via: 1.1 e4f83d72be7853fbcceb590827a5b68a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P11
age: 46292
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public,max-age=86400
x-amz-cf-id: By90uH48Bj8Nr-tmhOF-zKlhb2SlVqYcrnCjSZOM8XnBbrGJsBLQzQ==

GET
H2 200 widget_app_base_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/ 153 KB
44 KB 33ms
8ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7b4cdce57f8fddd34bfda991ea0073b28e5440c8406149a721db6542135c319c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 762
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320865
x-accel-date: 1714480270
x-77-nzt: EgwB1GY4sQH3YeUEAAwB1GY4EQH3CQAAAA
x-accel-expires: @1740400261
x-77-age: 320865
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"de02da26b05523fea66308b0c5dccf8e"
x-77-nzt-ray: 1cb09c0e3b1b5f3fefc93566ee2d5521
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: PIY8DBMQcK17QVsuw40AljZHyfCxYacybGngBJ3weKYURUiowfc0aQ==

GET
DATA 200
OK truncated
/ Frame EA89 16 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6162a259efcc903ece88a8301a46b44e3a77c220b3752c01eb02caa0af358870

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 16 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab32bc58349446cd3c8761af45640b13ed01073a6553e5779a9b03852d591ca4

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 536 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea9ed2f612e41fcd700060fad5eff94165c56fb549e6334173177b4a540a5a9d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5b3b178dc8df3767511096744a36ee3edcee7ed62be5f8504244e6b70cf7398

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 406 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 990fba98068c77b0616f1d04a1df3ae1e0b6a0fe19809beb34864ab99044ba78

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET 8qn5SJXAslrGaAAxdWjJDc6gng.woff2
framerusercontent.com/assets/ Frame EA89 0
0

GET 0iJMoAt43UHHN4iZwJ9BRySDSfM.woff2
framerusercontent.com/assets/ Frame EA89 0
0

GET ZIA17DG79ouXlfoQjamRRhk3cc4.woff2
framerusercontent.com/assets/ Frame EA89 0
0

GET
H3 206 ysCNtc4urbg6XoahxtFjQ5iM.mp4
framerusercontent.com/assets/ Frame EA89 636 B
0 10ms
9ms Media
video/mp4 108.138.7.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://framerusercontent.com/assets/ysCNtc4urbg6XoahxtFjQ5iM.mp4

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-11.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www2.biltrewards.com/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 21 Feb 2024 19:18:05 GMT
x-amz-version-id: ZGpzvVL52zWME_U_sZUF.yLajT1DjUei
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 6258051
x-amz-server-side-encryption: aws:kms
x-cache: Hit from cloudfront
Content-Range: bytes 0-7171940/7171941
x-amz-replication-status: COMPLETED
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="Xa2U0MQVy78ZBVlhUaSNQDHqHT9vF9Xr3VYTggXI0IOk7CSObKRSrQ==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
Content-Length: 7171941
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 21 Feb 2024 19:00:48 GMT
server: CloudFront
x-amz-server-side-encryption-aws-kms-key-id: arn:aws:kms:us-east-1:946663360620:key/73540960-f9f6-40d6-b02a-3aa22f5f7459
etag: "007bb0d7a6f76537bc66283ea97c56f3"
x-frame-options: deny
content-type: video/mp4
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Xa2U0MQVy78ZBVlhUaSNQDHqHT9vF9Xr3VYTggXI0IOk7CSObKRSrQ==

GET
H2 200 Allyant_Accessibility_Badge.svg
static.biltrewards.com/assets/footer/ Frame 322B 9 KB
0 0ms
0ms Image
image/svg+xml 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/footer/Allyant_Accessibility_Badge.svg
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 04:55:01 GMT
age: 2634
x-guploader-uploadid: ABPtcPqczasS7_STxrq7qoKwfwjammDo-PbS835xKkQZ06PM4U43fVdUm3YgWiqGnS26sT8qZWo
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8902
last-modified: Mon, 22 Apr 2024 14:38:56 GMT
server: UploadServer
etag: "ec60b6278480c91cc0bdf8f7b2891638"
vary: Origin
x-goog-generation: 1713796736912798
x-goog-hash: crc32c=PEyyKw==, md5=7GC2J4SAyRzAvfj3sokWOA==
content-type: image/svg+xml
cache-control: public,max-age=3600
x-goog-stored-content-length: 8902
accept-ranges: bytes

GET
H3 200 webpack-d5db23ac6cae3a9a.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 4 KB
2 KB 21ms
20ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/webpack-d5db23ac6cae3a9a.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

7007e6e756437d5ac0a2a1fda6bb03e50fe2f5c45c7185b4382286514ee211a2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="webpack-d5db23ac6cae3a9a.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::c5mmr-1714801135614-fa500f7f9815
x-matched-path: /_next/static/chunks/webpack-d5db23ac6cae3a9a.js
etag: W/"ba32c752e8f3c366c2a38286a67af736"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 0a08d48a-4dbd3104a60c9a9c.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 168 KB
54 KB 29ms
28ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/0a08d48a-4dbd3104a60c9a9c.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

0d77c0ca71f84e8e1b82911c1c6e7ba7b5c192b1ce10bce9a8db97e08139e688

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="0a08d48a-4dbd3104a60c9a9c.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::b7wdm-1714801135737-a1f235fb5c9b
x-matched-path: /_next/static/chunks/0a08d48a-4dbd3104a60c9a9c.js
etag: W/"02995431b62df8b1c8b38a1e08ba3f2e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 229-b73ce4ace404a953.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 223 KB
66 KB 47ms
45ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

83aabe649060a7e2ae2d90805d2e69bfcb75b54156056654bea6e44ef5487d72

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="229-b73ce4ace404a953.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::b7wdm-1714801135745-45e0d5db6bdf
x-matched-path: /_next/static/chunks/229-b73ce4ace404a953.js
etag: W/"0dc8b8f8e79454fae0001b8f92bf3d69"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 main-app-e909ea78e06e722f.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 4 KB
2 KB 25ms
24ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/main-app-e909ea78e06e722f.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

11d91afe8139a90bc87333ede3e114cf6234b68c7e1e8722fa2906fe13509fb5

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 33912
content-disposition: inline; filename="main-app-e909ea78e06e722f.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::jj462-1714801135743-7cf43936a2fa
x-matched-path: /_next/static/chunks/main-app-e909ea78e06e722f.js
etag: W/"5fda287e86d2b8732060822e62c6a00f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 page-2b4a9881169091ff.js Show response
id.biltrewards.com/_next/static/chunks/app/login/iframe/userdata/ Frame 322B 757 B
785 B 23ms
22ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/app/login/iframe/userdata/page-2b4a9881169091ff.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

01370600c09521d44c87e30260f125293b93832187285dd385fbe204484c1167

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Sat, 04 May 2024 05:38:55 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 google
age: 48428
content-disposition: inline; filename="page-2b4a9881169091ff.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 757
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::4zjm2-1714801135744-741d5e28aec6
x-matched-path: /_next/static/chunks/app/login/iframe/userdata/page-2b4a9881169091ff.js
etag: "9f2b7f38b44cfd5e1b816ea9a3de573f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H3 200 a1377a71-fd6e3887691d8424.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 117 KB
38 KB 42ms
41ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/a1377a71-fd6e3887691d8424.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

12ce72c5dd8a160d24d631751a8cac946705951d40e2138443784332c1fb4bc1

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48287
content-disposition: inline; filename="a1377a71-fd6e3887691d8424.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gm5kn-1714801135744-556036b61f01
x-matched-path: /_next/static/chunks/a1377a71-fd6e3887691d8424.js
etag: W/"c7cb8d8f3220b324d05f9afcde0465e2"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 920f9719-b6306853ec5fcb52.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 80 KB
21 KB 24ms
22ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/920f9719-b6306853ec5fcb52.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

bcf6db8e2b32f2b799eea191434b4090cbb642ee936fd8c169ac7979d69b7b51

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="920f9719-b6306853ec5fcb52.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::zncxm-1714801135744-c3c6ebc7ac45
x-matched-path: /_next/static/chunks/920f9719-b6306853ec5fcb52.js
etag: W/"8c5cb699c5140564e032053d653282cf"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 343-84caca4bd2a2b10c.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 422 KB
138 KB 25ms
24ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/343-84caca4bd2a2b10c.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

cf211ca1ff61bad1d99f1ac684aa359f7022f7fad48da18fde2d69d51556cc06

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="343-84caca4bd2a2b10c.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::p6scb-1714801135745-72c0c825e4da
x-matched-path: /_next/static/chunks/343-84caca4bd2a2b10c.js
etag: W/"546164b5bdd6b484857c2fc240684fe9"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 956-979c1c6573794c8a.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 49 KB
18 KB 44ms
43ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/956-979c1c6573794c8a.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

6266e044e9d67f5e08c39dec30aeb2c9ffc3dbf6c837a6f60da52b050b474794

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 24161
content-disposition: inline; filename="956-979c1c6573794c8a.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::n8hft-1714801135745-8c5c1128478d
x-matched-path: /_next/static/chunks/956-979c1c6573794c8a.js
etag: W/"5e532490d718659e463dda126fa78820"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 534-1810f0dd1ab4b5da.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 25 KB
9 KB 74ms
73ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/534-1810f0dd1ab4b5da.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

cabadde351faaef576e9bea2b85cb40594e63eada1640633c7cc8c75a1b4c3fb

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 20802
content-disposition: inline; filename="534-1810f0dd1ab4b5da.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::9wkpw-1714801135745-5afcfa6be0c0
x-matched-path: /_next/static/chunks/534-1810f0dd1ab4b5da.js
etag: W/"322563aed3c168134be3d063c6352335"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 923-476dfe7b843938d0.js Show response
id.biltrewards.com/_next/static/chunks/ Frame 322B 297 KB
94 KB 109ms
109ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/923-476dfe7b843938d0.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

41edd150c77b8a89ebccf236458559af580f7271303c86541d069c4976caa36e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 48428
content-disposition: inline; filename="923-476dfe7b843938d0.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gl8gz-1714801135812-02f3621c011b
x-matched-path: /_next/static/chunks/923-476dfe7b843938d0.js
etag: W/"bd3e11cb5cbf123aaef6dd6d08c65d77"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 layout-8545ae386a0d7d44.js Show response
id.biltrewards.com/_next/static/chunks/app/ Frame 322B 62 KB
16 KB 29ms
28ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/_next/static/chunks/app/layout-8545ae386a0d7d44.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Vercel /

Resource Hash

206741e6b109bb35edb1e532a9a077cf8f8d59df9c0750045a9af563a1f9de0b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: .biltrewards.com .deviceinfresolver.com .sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' .biltrewards.com ; font-src 'self' .biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .biltrewards.com biltrewards.com .lvh.me:3000 .henridev.com .henrihome.com ; frame-src 'self' .biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' .biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltrewards.com *.deviceinfresolver.com *.sentry.io biltrewards.zendesk.com telemetry.transcend.io transcend-cdn.com vitals.vercel-insights.com advanced.neuro-id.com receiver.neuroid.cloud logs.neuro-id.com ; default-src 'self' *.biltrewards.com ; font-src 'self' *.biltrewards.com fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.biltrewards.com biltrewards.com *.lvh.me:3000 *.henridev.com *.henrihome.com ; frame-src 'self' *.biltrewards.com biltrewards.ada.support sync-transcend-cdn.com vercel.live www.google.com ; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.biltrewards.com cdn.deviceinf.com transcend-cdn.com vercel.live www.google.com www.gstatic.com scripts.neuro-id.com advanced.neuro-id.com ; style-src 'self' 'unsafe-inline' *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 36633
content-disposition: inline; filename="layout-8545ae386a0d7d44.js"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::x6qlt-1714801135747-8d4549a04ef3
x-matched-path: /_next/static/chunks/app/layout-8545ae386a0d7d44.js
etag: W/"7e67c2ebc6402c5bce3902a74e7ba3b3"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H3 200 agent.js Show response
cdn.deviceinf.com/js/v4/ Frame 322B 310 KB
0 0ms
0ms Script
application/javascript 172.67.136.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.deviceinf.com/js/v4/agent.js
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.136.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P1
age: 2287
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
server: cloudflare
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=najjIB3%2Bz9ArPgIw3RPaPmyj9DTGGqdKceE%2Fm8EYPIoQcCBd5SxFgnUphiLUOXdTtmDbLeWnYuqduShF7pPDyUtwUtv5kJok32z40GZzcZwqPXIQBY4YlCgv0bdUv%2BJRtTAm2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 87e625b5ba8f3639-FRA
x-amz-cf-id: u3Ao2P3ngcgNDPnsHsCe0emyZkFT5eZGqaGJ2lXBFKt0Xj7TGUlTJQ==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ Frame 322B 1 KB
0 2ms
2ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

25bec41e9f6dbc851e40687dc3aca88eb7f24515b8c04113e0a8bce69aefc57f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sat, 04 May 2024 05:38:54 GMT

GET
H3 200 airgap.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 322B 105 KB
281 B 26ms
24ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58274
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"f40739130aa0cc889c7fc63c2ffe78ae"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625b99e2d1e20-FRA
expires: Sat, 04 May 2024 05:39:55 GMT

GET
H2 404 terms
www.biltrewards.com/ 29 B
0 249ms
249ms Fetch
text/html 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/terms?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
date: Sat, 04 May 2024 05:38:55 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 0
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 0353cb2707713973a9d19e86beb89d8e8836ce43
x-status: MISS
content-length: 29
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10075-SJC, cache-fra-eddf8230053-FRA
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::27sbz-1714801135622-13906aec3fcc
vary: Accept-Encoding
content-type: text/html,text/html
access-control-allow-origin: *
cache-control: no-store
accept-ranges: bytes
cf-ray: 87e625b9be162bf1-FRA
timing-allow-origin: *

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 3129 0
0 47ms
34ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=zexs09iysqu2

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZLi5pmk-DnpH72Uc1tN2uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ZLi5pmk-DnpH72Uc1tN2uQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 04 May 2024 05:38:55 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 125ms
103ms Preflight 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87e625ba6e55bbe6-FRA
content-length: 0
date: Sat, 04 May 2024 05:38:55 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D
server: cloudflare
via: 1.1 vegur

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 126ms
105ms Preflight 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87e625ba6e58bbe6-FRA
content-length: 0
date: Sat, 04 May 2024 05:38:55 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D
server: cloudflare
via: 1.1 vegur

POST
H2 204 view Show response
mgln.ai/ 0
111 B 48ms
48ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D
x-request-id: a263b815-fa72-42d0-89da-4c7c55decd4a
x-runtime: 0.003926
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e625bb0fb3bb41-FRA

POST
H2 204 view Show response
mgln.ai/ 0
88 B 95ms
95ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D
x-request-id: a541cbbd-1577-4265-b346-73bf62f106b1
x-runtime: 0.002561
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801135&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=5Cye%2BXh4Q07Zs4rQAS%2FD79LzhhMfW2gsPoppfftMSUY%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e625bb1fb8bb41-FRA

GET
H2

200

pixel
eu.mgln.ai/
Redirect Chain

https://mgln.ai/pixel/sync.gif
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=3c624bc6-b160-4f46-bc58-b5bb3976170e&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=3c624bc6-b160-4f46-bc58-b5bb3976170e&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://eu.mgln.ai/pixel?tapad_id=d3c02cd4-f86c-44ad-b309-f0d1b72e6a76

43 B
601 B

112ms
101ms

Image
image/gif

2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu.mgln.ai/pixel?tapad_id=d3c02cd4-f86c-44ad-b309-f0d1b72e6a76

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-transfer-encoding: binary
content-disposition: inline; filename="magellan_pixel.gif"; filename*=UTF-8''magellan_pixel.gif
content-length: 43
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714801136&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=g9AbNMOGIiUdaQaEk1UuJKVJDWMRhNm2eyoZKsMRJYw%3D
x-request-id: 88cb808a-450d-4f26-a467-b887806dd8e8
x-runtime: 0.001872
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a065920df8cc4016d67c3a464be90099"
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714801136&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=g9AbNMOGIiUdaQaEk1UuJKVJDWMRhNm2eyoZKsMRJYw%3D"}]}
content-type: image/gif
vary: Origin
cache-control: max-age=0, private, must-revalidate
cf-ray: 87e625bba86cbb41-FRA

Redirect headers

date: Sat, 04 May 2024 05:38:55 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://eu.mgln.ai/pixel?tapad_id=d3c02cd4-f86c-44ad-b309-f0d1b72e6a76
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 xCQC3Wupbo8m3lPpUkDhzX5YD4.png
framerusercontent.com/images/ Frame EA89 834 B
0 10ms
10ms Image
image/webp 108.138.7.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://framerusercontent.com/images/xCQC3Wupbo8m3lPpUkDhzX5YD4.png?scale-down-to=1024

Requested by

Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

108.138.7.11 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-7-11.fra56.r.cloudfront.net

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 Nov 2023 08:06:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
via: 1.1 61c90c70feca5f532bf48bc0dc85d516.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P6
age: 14679157
x-amzn-requestid: 9b6a1016-27a4-4c1c-bf6c-4dd5244f6e72
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache-hit,cdn-pop;desc="FRA56-P6",cdn-hit-layer;desc="EDGE",cdn-rid;desc="XTPs-Fu_X3QUCCpjjQGnHNHfoZscP6E5sEbrcBLfb8We3UWsezfX3Q==",cdn-downstream-fbl;dur=1
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: CloudFront
x-amzn-trace-id: root=1-6555cd7a-72716d0321980bee33a7f28e;sampled=1;lineage=f456f256:0
x-frame-options: deny
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
x-amz-cf-id: XTPs-Fu_X3QUCCpjjQGnHNHfoZscP6E5sEbrcBLfb8We3UWsezfX3Q==

GET 7dgusnBALjfsS0yucyysUvo9a8o.jpg
framerusercontent.com/images/ Frame EA89 0
0

GET NI61TIlpX6TJbklIpHSie2tEpGE.png
framerusercontent.com/images/ Frame EA89 0
0

GET emCFcnwNiMYScIxwr45IJOzQLg4.png
framerusercontent.com/images/ Frame EA89 0
0

GET B2j04d4DELSVPqW3pu2DeFzMZU.png
framerusercontent.com/images/ Frame EA89 0
0

GET f2fwl12tvW9YGosVlJxHf8yLgk.png
framerusercontent.com/images/ Frame EA89 0
0

GET XjelGy0AgZXWBtmYgQFM6So2cZU.png
framerusercontent.com/images/ Frame EA89 0
0

GET ViCoXi9FWxoh8GjbX1a14g7pZX0.png
framerusercontent.com/images/ Frame EA89 0
0

GET 8ibs6KgHYOJb6Y4lzhBQsszTRc.png
framerusercontent.com/images/ Frame EA89 0
0

GET MxRklazzy1Emai1IjUOn2ORYq8.png
framerusercontent.com/images/ Frame EA89 0
0

GET wiRNqk3Xr49CYkBPQk79io2TT1g.png
framerusercontent.com/images/ Frame EA89 0
0

GET 5JsrF9pUWaXrgy50k6xEWQpJoxA.png
framerusercontent.com/images/ Frame EA89 0
0

GET ftPWeWr9bdX4s1UGa0CgDGwo6Q.png
framerusercontent.com/images/ Frame EA89 0
0

GET aFXvQ8tvchAhSy28xtqLwAcc.png
framerusercontent.com/images/ Frame EA89 0
0

GET Fi5WiSlR8pQgUTvWiBx9llcchmY.png
framerusercontent.com/images/ Frame EA89 0
0

GET Ax6NHsTfN0grr4AHyWTy2Sz2RI.png
framerusercontent.com/images/ Frame EA89 0
0

GET 8WJAm6JhDhA9oa7JjDgElrhOiQ.png
framerusercontent.com/images/ Frame EA89 0
0

GET o5yryGY3RMxXyiyQyqeuPPxOz60.png
framerusercontent.com/images/ Frame EA89 0
0

GET 9ak0DxXbaVM1VoMTeIMa99JiKI.png
framerusercontent.com/images/ Frame EA89 0
0

GET hnIi4P7pdlJAXqbv27Bue7JEr2k.png
framerusercontent.com/images/ Frame EA89 0
0

GET wlTHpTUu4ykBMBG21EX0CERes.png
framerusercontent.com/images/ Frame EA89 0
0

GET pMOoQGEce2gdLvB4HZNfsf4sY.png
framerusercontent.com/images/ Frame EA89 0
0

GET GqxnFscgQXWBc0FTLQUcBVmIfV8.png
framerusercontent.com/images/ Frame EA89 0
0

GET eODr1NJCd9NMOsg3WpToY6znD0.png
framerusercontent.com/images/ Frame EA89 0
0

GET yhcjbBUdWKuI5ee25BmmDwVlQ.png
framerusercontent.com/images/ Frame EA89 0
0

GET uMy6gIwSwWrVGDsXDGVWHHKzYEE.png
framerusercontent.com/images/ Frame EA89 0
0

GET NRqZdfp0sRwRZ2mBC3XB3MGG4.png
framerusercontent.com/images/ Frame EA89 0
0

GET c8bJ9cJNZu0SSI90azRcdddA.png
framerusercontent.com/images/ Frame EA89 0
0

GET PJj4RY5yFu6gqPz485dMfCclbxQ.png
framerusercontent.com/images/ Frame EA89 0
0

GET gMGCZacBG9NmOgMr0vAlUWzMM.png
framerusercontent.com/images/ Frame EA89 0
0

GET
H3 200 cm.css
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 15 KB
4 KB 30ms
27ms Stylesheet
text/css 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/cm.css

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58273
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"58539a2b908f4e73e04d4f950b1b35a3"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625baaee71e20-FRA
expires: Sat, 04 May 2024 05:39:55 GMT

GET
H2 404 bilt-platform-terms-of-use
www.biltrewards.com/terms/ 29 B
0 1038ms
1038ms Fetch
text/html 76.76.21.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/terms/bilt-platform-terms-of-use?_rsc=1wlmf

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.22 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Next-Router-State-Tree: %5B%22%22%2C%7B%22children%22%3A%5B%22(root)%22%2C%7B%22children%22%3A%5B%22p%22%2C%7B%22children%22%3A%5B%22homepage%22%2C%7B%22children%22%3A%5B%22__PAGE__%22%2C%7B%7D%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D
Next-Router-Prefetch: 1
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Next-Url: /p/homepage
Referer: https://www.biltrewards.com/
RSC: 1
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
date: Sat, 04 May 2024 05:38:56 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 0
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 7cf6a76bbf5eb5af327c126c7ed36435dedc0612
x-status: MISS
content-length: 29
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10026-SJC, cache-fra-eddf8230061-FRA
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::xzx8p-1714801135825-090f457aca57
vary: Accept-Encoding
content-type: text/html,text/html
access-control-allow-origin: *
cache-control: no-store
accept-ranges: bytes
cf-ray: 87e625bb4aa62bd2-FRA
timing-allow-origin: *

POST
H3 202 page Show response
id.biltrewards.com/fsrelay/rec/ 87 B
109 B 136ms
136ms XHR
text/plain 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/fsrelay/rec/page

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Resource Hash

14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.biltrewards.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87

GET
DATA 200
OK truncated
/ Frame EA89 729 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da70c773cd3a8d489bad7c03fb89b63053843aa52c0545749df089a08e64f78f

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2086fef391221a13d759836370ef5bae70c15e1389eb6504dc3a31c987e0a88

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db9c28d70f03728ad94c11d34cea446ed992aaa6167344d3eb362379f7fdaaf0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 777 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff54e9b2209db7e90df95ee8523a1176d4c14d06b413cc817dfbbda6d64a03e1

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a61375e44fd14535935364ba62f844371eb9fb77ad0e4437720086719fa0da7

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 319 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5d9df2764c7d56ded13faf14e7235e19ae3232be0f54e8ddd60ed76e6339f3af

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 536 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52ea1136d79c3a7ebe4f345fdec565e4bac855aeb6ae4dafb54b7b7f29edb881

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 743 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e12cb695307b2703bce81c01aaeaf24cf0aa0602c8307458ea4f117719fb6ac

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 188768601044fa9d36f7e8318b53e650a64fb03b28c2b04eb8b99facdadce63e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa7e514331c85e2bff2ab629fc901146eaec70a8fbfd84ee6dc9242dbb9d0030

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame EA89 645 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db8dee9ad499fb9b623de94c004b284d5529c842c2822340d4ad2f2f8f44968c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET PeV1BiYkQUoBq9a4xHPOFZaIKs~OYvKke6pEo6tZJDWeo6LVWQ-3rkTs09Fc-ShUEf3Zww.ttf
framerusercontent.com/modules/assets/ Frame EA89 0
0

GET default_script0.E7H7JWSA.mjs
framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/ Frame EA89 0
0

GET
H2 200 widget.js Show response
cdn.userway.org/ Frame EA89 2 KB
0 0ms
0ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66a9737875a0f5a00048fb2ed685946f0abd0649d44735b8460bf99821664c54

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 758
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 315
x-accel-date: 1714800820
x-77-nzt: EgwB1GY4sQH3OwEAAAwBJRPCNAH3DQAAAA
x-accel-expires: @1714804420
x-77-age: 315
last-modified: Tue, 30 Apr 2024 12:17:00 GMT
server: CDN77-Turbo
etag: W/"2de2d3a4fa8cc3535ca51bf797159fd8"
x-77-nzt-ray: 1cb09c0e4730523cefc93566debdbe15
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
content-type: application/javascript
x-amz-cf-id: FjLLrJblqV2AH6bGM9C3i_P1fjBMP88bVQ9tDbiFlAWwq8LozJrkhg==

GET
H3 200 en.json Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/ 8 KB
2 KB 179ms
179ms Fetch
application/json 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/en.json

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"deeec53da2118f7d45f432e74ecef857"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
cf-ray: 87e625bb48953618-FRA

GET t2_7lmxmkme_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 0
0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 29ms
7ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1714801135926&id=t2_7lmxmkme&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=fcb73105-0282-49ee-8007-2ad02998a274&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3ba1cddf&dpm=&dpcc=&dprc=
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

POST
H2 200 TlbN1PqpZB Show response
api.userway.org/api/tunings/ 3 KB
3 KB 508ms
168ms XHR
application/json 2600:1f14:5db:eb11:11e:cd7:8931:11bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/TlbN1PqpZB
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:11e:cd7:8931:11bf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 49158eb40fa1df35097e314a4c2973c8fe19b97d82b6d91a4b4dce0bb8735c67

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
etag: W/"ad9-97OuNh89Jt7CGA48EX6pTdUcRq8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usr418b471c69084b7
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 2777
x-service-version: uw-pr

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 43ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QLSYZKSM0E&gtm=45je4510v874427215z8863411406za200&_p=1714801135177&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=131650129.1714801136&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714801135&sct=1&seg=0&dl=https%3A%2F%2Fwww.biltrewards.com%2F&dt=Bilt%20Rewards&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1359
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QLSYZKSM0E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 04 May 2024 05:38:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.biltrewards.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 97ms
97ms Stylesheet
text/css 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ddacc3618c70d111c0ad8ac3060fd21c36846929db812678ceea34fcb23dc9fe

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 04 May 2024 05:38:56 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 111ms
97ms Fetch
image/jpeg 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Sat, 04 May 2024 05:38:56 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

PUT error
conversions-config.reddit.com/v1/pixel/ 0
0

GET
H2 200 main.MTIyYzc3NzllMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 431 KB
114 KB 60ms
60ms Script
application/javascript 104.90.205.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.205.74 Barcelona, Spain, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-90-205-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 33fa7070
date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024041904100472046AC4401ABCB6F0E8
x-tt-trace-id: 00-24041904100472046AC4401ABCB6F0E8-3C7AC14780E437D4-00
vary: Accept-Encoding
x-cache: TCP_HIT from a104-90-205-70.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01073ca592de62cfcac55da1d26978bd1d31da92e4442786428947ea9bb57e91461ecbcf347b89006bdce46cf22cb99bddc00f76d394f7175c7ea6dfeeb4f33fcfa4deff4fd75296e0ba389771cbdd5ad4b4affc5409f3e59a375229e44c9500e2
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=22
content-length: 116260

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 3 KB
2 KB 23ms
8ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/settings
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 0J8FdXNAYV1z6ofZJjahVic3IXJOIsUZ
content-encoding: gzip
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
date: Sat, 04 May 2024 04:33:10 GMT
x-amz-cf-pop: FRA6-C1
age: 6287
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Apr 2024 17:43:55 GMT
server: AmazonS3
etag: W/"9c420e2783cc9b135277d88d374c741a"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: dgKo0MNCOSgsMmP0UrYxNMmP8XhJLeNiZFCpEKYyweRHEcvES5LWVA==

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ Frame 322B 270 KB
0 1ms
1ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: id.biltrewards.com
URL: https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:02:05 GMT
content-encoding: br
via: 1.1 google
age: 2210
x-guploader-uploadid: ABPtcPpxGYijfwqt1_0MQ_-ORW3iSNmxnd_yN9xaWuG7ZC5_swih-nwM6ZdBArllLry2-R2-1-I
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74572
last-modified: Wed, 01 May 2024 18:59:38 GMT
server: UploadServer
etag: "9568c49933648165a4b57d6134954fb0"
vary: Accept-Encoding
x-goog-generation: 1714589978252932
x-goog-hash: crc32c=TIbhRA==, md5=lWjEmTNkgWWktX1hNJVPsA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 74572
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 04 May 2024 06:02:05 GMT

POST
H2 200 / Show response
o441793.ingest.sentry.io/api/4505110879076352/envelope/ Frame 322B 2 B
65 B 11ms
10ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o441793.ingest.sentry.io/api/4505110879076352/envelope/?sentry_key=1bc00c0ad527487bb7700e3836d413e1&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.112.2

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/login/iframe/userdata/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H2 200 anonymous
events.framer.com/ Frame EA89 0
0 158ms
157ms Fetch
application/json 3.160.150.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Requested by: Host: www2.biltrewards.com
URL: https://www2.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-112.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P7
x-amzn-trace-id: Root=1-6635c9f0-593f1d007c86c9aa418bf8d0;Parent=321abe8a3c738db9;Sampled=0;lineage=c457ad49:0
x-amzn-requestid: 93d91689-55d0-4a0e-8a28-2ecafad75e05
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: XOx9nFiqIAMEHNQ=
content-length: 0
x-amz-cf-id: rNj2fUXppx-FQ11bOpNhFp_7K5_k6WQ-bj0yv_E0FYRHwrlZ8aqFqA==

OPTIONS
H2 200 anonymous
events.framer.com/ Frame 0
0 296ms
281ms Preflight
application/json 3.160.150.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events.framer.com/anonymous
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.160.150.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-160-150-112.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www2.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 6ca8e27dbbf453f10039db7154486394.cloudfront.net (CloudFront)
x-amz-apigw-id: XOx9mFoUoAMEWww=
x-amz-cf-id: oCSMVASbuc8nnMFdhWcK_6ThHuLyhzfQQ-Em0t-btYonILEKYwjqAA==
x-amz-cf-pop: FRA60-P7
x-amzn-requestid: 7acd21cb-496a-4b3b-b177-658bb29afe1d
x-cache: Miss from cloudfront

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=http...

0
0

GET
H2 200 widget_app_base_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/ Frame EA89 153 KB
0 0ms
0ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7b4cdce57f8fddd34bfda991ea0073b28e5440c8406149a721db6542135c319c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Origin: https://www2.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:55 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 762
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320865
x-accel-date: 1714480270
x-77-nzt: EgwB1GY4sQH3YeUEAAwB1GY4EQH3CQAAAA
x-accel-expires: @1740400261
x-77-age: 320865
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"de02da26b05523fea66308b0c5dccf8e"
x-77-nzt-ray: 1cb09c0e3b1b5f3fefc93566ee2d5521
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: PIY8DBMQcK17QVsuw40AljZHyfCxYacybGngBJ3weKYURUiowfc0aQ==

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 7ms
7ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 15:05:40 GMT
x-amz-version-id: 1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding: br
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 1607597
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Apr 2024 21:39:45 GMT
server: AmazonS3
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: O_754faFl8utQw3ff9ZnBcU0oTooSvVxd_RkFVNiRrb16hKDeOS98Q==

POST
H2 200 TlbN1PqpZB Show response
api.userway.org/api/tunings/ Frame EA89 63 B
446 B 196ms
178ms XHR
application/json 2600:1f14:5db:eb11:11e:cd7:8931:11bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/TlbN1PqpZB
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:11e:cd7:8931:11bf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 0ca8160a692d2ede5ba928e6b91500ca2e3b41bce9f4da9ac974b7df22f03cfb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
etag: W/"3f-PV0A++2rqOc4r1el3VJc1nugD2g"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usr52990b23bfab433
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 63
x-service-version: uw-pr

GET
H2 200 identify_c26a2.js Show response
analytics.tiktok.com/i18n/pixel/static/ 139 KB
37 KB 54ms
54ms Script
application/javascript 104.90.205.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c26a2.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.205.74 Barcelona, Spain, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-90-205-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 33fa7179
date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024041904100572046AC4401ABCB6F0F6
x-tt-trace-id: 00-24041904100572046AC4401ABCB6F0F6-37EBF8586D9F107C-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a104-90-205-70.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01073ca592de62cfcac55da1d26978bd1d31da92e4442786428947ea9bb57e91461ecbcf347b89006bdce46cf22cb99bdd77d3ba3588e204d3a29e833f689e866f6f80a845a4d4253ad5554d65e8caeff6a231aad2d95e3ffaad6fea33f8c9f74d
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=10
content-length: 37283

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
904 B 176ms
176ms Ping
text/plain 104.90.205.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.205.74 Barcelona, Spain, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-90-205-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 46b3e8d6.490f2985.33fa71a7
date: Sat, 04 May 2024 05:38:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24050405385640B059960E8FCD696008-15EFE2F4A1334D29-00
x-cache: TCP_MISS from a104-90-205-70.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
x-parent-response-time: 87,23.206.170.111, 123,104.90.205.70
server-timing: cdn-cache; desc=MISS, edge; dur=110, origin; dur=20, inner; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024050405385640B059960E8FCD696008
x-cache-remote: TCP_MISS from a23-206-170-111.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 20,23.218.222.69
x-tt-trace-host: 01df6a9976b24b1b4c9e3efb9e8a5e18d8fa6474bff259e35ad01f12ff2c3f8f3ff7adf00b239811e7d8e02a6d7ccd323c227e6e628d40a218ae72489cd74285b74979c4d689e3c3787025ecb96ecd97394e91f5f96599718161cf147c595d3f49d027da62a00ab5dc145c8e666e26cc4efa26ad889eeea552b078eadd3648b839
access-control-allow-headers: Authorization,*
expires: Sat, 04 May 2024 05:38:56 GMT

GET
H2 200 nid-pixel520.js Show response
scripts.neuro-id.com/c/ Frame 322B 1 KB
1 KB 60ms
7ms Script
application/json 2600:9000:275b:7800:19:2755:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.neuro-id.com/c/nid-pixel520.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:7800:19:2755:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b3c75117c4b6621b601ca349845c3cd5f55d09c44905cffaddc725dabb82e17d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: OczcvQuECZ1WfWNu06oYhHLAAX8tIojT
content-encoding: gzip
via: 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
date: Sat, 04 May 2024 05:38:53 GMT
x-amz-cf-pop: FRA60-P7
age: 4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 723
last-modified: Wed, 01 May 2024 16:10:05 GMT
server: AmazonS3
etag: "9e93e7a49e441bbf2fb28f0bb0597218"
content-type: application/json
cache-control: max-age=90
accept-ranges: bytes
x-amz-cf-id: VO52RFHW3c2i1M3KfbylFz0Ydcx0QmI-IjDx3dXmg271vtCTmlBFOQ==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/ Frame 322B 509 KB
0 0ms
0ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 15:23:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207268
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 03 May 2025 15:23:52 GMT

GET
H3 200 xdi.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 322B 26 KB
12 KB 30ms
29ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/xdi.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eff87b0205e1ebe55ca731239b15df7b48583b9015ce78cb50a886a97e8b1be8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1917
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"aa1a6c432a54ae84e0a582a0f4b77c78"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625be4b1c3618-FRA
expires: Sat, 04 May 2024 05:39:56 GMT

GET
H3 200 ui.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 322B 295 KB
281 B 27ms
27ms Script
text/javascript 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Origin: https://id.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1917
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"2ff4fae52b8ac954d5874b92987806e9"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625be4b1e3618-FRA
expires: Sat, 04 May 2024 05:39:56 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
313 B 98ms
97ms XHR
text/plain 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CLz8BddIbHunRwx9J6JGIQ&is_js=true&landing_url=https%3A%2F%2Fwww.biltrewards.com%2F&t=Bilt%20Rewards&tip=1gbe8UWU2yTN-oFSwtLwCsEI5nO6O-HTOkTAOUd-IzI&host=https%3A%2F%2Fwww.biltrewards.com&sa_conv_data_css_value=%270-2a3b3f42-d67b-53e2-7c07-614fc66f83cf%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd92a3b3f42d67b53e27c07614fc66f83cf50ff0acb&sa-user-id-v3=s%253AAQAKIOTojqAKskm9SwghyW7iS2kL7uOc0u-80B12XNCUFm0NEHwYBCDvk9exBjABOgS9M-cxQgRJfMty.ZklrVgpkMx8C5ftFSA2VR%252BJZe31gVa5Gi3BqDfQSiko&sa-user-id-v2=s%253AKjs_QtZ7U-J8B2FPxm-Dz1D_Css.d32xM%252BuluxMvp1Ve0kxZKY4lkjbg2Uj00JE8lapQnXo&sa-user-id=s%253A0-2a3b3f42-d67b-53e2-7c07-614fc66f83cf.hoyUdIpc5fa3ursQ%252FqlLKGA39ooPcyEnFT6ufYB6NLU
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 04 May 2024 05:38:56 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 7ms
7ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 13 Feb 2024 21:44:05 GMT
x-amz-version-id: GdbKd8UgUP5EXZpDaTRDFeJkJbyj8x6E
content-encoding: br
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 6940492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 13 Feb 2024 18:05:05 GMT
server: AmazonS3
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: BIO2ZQhqMOO5JTzUS72bANYCGsGRzSrsT2KCfbroonVCdkGMBGfAHw==

GET
H2 200 facebook-pixel.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 10 KB
4 KB 8ms
7ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 21:50:52 GMT
content-encoding: gzip
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-version-id: 73B4bUucoqQ.zop5Rb.39qMTDNo8ltid
x-amz-cf-pop: FRA6-C1
age: 3138485
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3273
last-modified: Fri, 08 Mar 2024 07:35:29 GMT
server: AmazonS3
etag: "4b03a476015c2ba9b9e74e895b97c12c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: mZJjs76Zkft4GPP3xlLA2qqPieLpymmdplaGV1oroUrFSBf_93iZEw==

GET
H2 200 adwords.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 4 KB
2 KB 8ms
8ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 23:59:28 GMT
content-encoding: gzip
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-version-id: .PFTD1mf4T6.cqCzCGDBaoXaZe77x4YA
x-amz-cf-pop: FRA6-C1
age: 8055569
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1356
last-modified: Wed, 18 Oct 2023 10:36:34 GMT
server: AmazonS3
etag: "257fe81df53dcd4819bc1a81e78fce58"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: -zyYfW1MMKONE_WGxmaEUlXwQvpHy7z2JsVSq0hxdEJr6KYKLiTRRQ==

GET
H2 200 google-tag-manager.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 3 KB
2 KB 8ms
8ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 09:56:24 GMT
content-encoding: gzip
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-version-id: iBgkeROQ82ipYgPNwFnoDehQ.U3dPJg.
x-amz-cf-pop: FRA6-C1
age: 8106153
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1342
last-modified: Wed, 18 Oct 2023 10:36:34 GMT
server: AmazonS3
etag: "a1bed0458702cf863f2d24fb1b9d39ae"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: wOBeriITkVu3EmtKkeXPbOy8LFi0XPx23tnROrGQrfmzv3ySzFE-TQ==

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
177 B 555ms
181ms Fetch
application/json 52.12.47.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.12.47.65 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-12-47-65.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Sat, 04 May 2024 05:38:56 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 906F 0
0 45ms
44ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly9pZC5iaWx0cmV3YXJkcy5jb206NDQz&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=4i0j4tm6ap2i

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qHqobm4nOIXxygDBFazBCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://id.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-qHqobm4nOIXxygDBFazBCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 04 May 2024 05:38:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 nid-adv-5.2.4.js Show response
scripts.neuro-id.com/ Frame 322B 149 KB
47 KB 8ms
7ms Script
application/javascript 2600:9000:275b:7800:19:2755:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.neuro-id.com/nid-adv-5.2.4.js
Requested by: Host: scripts.neuro-id.com
URL: https://scripts.neuro-id.com/c/nid-pixel520.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:7800:19:2755:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 83dc56b9cd11d2a8e9324a5985639b8a680378f43eb82e8d55a4260a7a58d3cc

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 17 Apr 2024 19:33:55 GMT
content-encoding: gzip
via: 1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
x-amz-version-id: ckf0kqhO7dnQLBhn3jQq8qrGQSzx.nwb
x-amz-cf-pop: FRA60-P7
age: 1418702
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 47349
last-modified: Mon, 15 Apr 2024 15:59:31 GMT
server: AmazonS3
etag: "5e8e731c3340640119ae72fcff355586"
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: -0lTQb_8ubafORVSBU3Bf5_pQoolsTQRvJqQ-RC9KqVuBIF-GtC6ow==

GET
H2 200 commons.c42222c4cb2f8913500f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 7ms
7ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 10:56:48 GMT
content-encoding: gzip
via: 1.1 df86e917220bc08caa68b0eb8ddabe90.cloudfront.net (CloudFront)
x-amz-version-id: HopHKmY9TBcR3b.zdj3KrkRozUW9hj.F
x-amz-cf-pop: FRA6-C1
age: 2659329
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22177
last-modified: Fri, 08 Mar 2024 07:35:27 GMT
server: AmazonS3
etag: "befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: -Lc9R875mVS5czdE-1ozO3reeAR9mU2RDe-mQSih2clxkrjmt2mcgQ==

GET
H3 200 cm.css
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ Frame 322B 15 KB
282 B 24ms
24ms Stylesheet
text/css 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/cm.css

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 58274
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"58539a2b908f4e73e04d4f950b1b35a3"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e625be99fc1e20-FRA
expires: Sat, 04 May 2024 05:39:56 GMT

GET
H2 200 de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
sync-transcend-cdn.com/consent-manager/ Frame 765C 0
0 58ms
27ms Document
application/xhtml+xml 2606:4700::6812:7f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7f8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://id.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET,HEAD,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
age: 1138
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 87e625bedf930857-FRA
content-disposition: inline
content-encoding: br
content-type: application/xhtml+xml
date: Sat, 04 May 2024 05:38:56 GMT
etag: W/"ecaabd46fc191f55321d2c2683697460"
expect-ct: max-age=86400, enforce
expires: Sat, 04 May 2024 05:39:56 GMT
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 32ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 04 May 2024 05:38:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1294, tbw=2764, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: A+wH3JoXRqujI/nzAcry1nenszkbVXF1XzbZINBDkBvd42/ZF8Wrg9O24C/FrzvauKuPagVwBVFgmJ4Zvr0LHw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 50 KB
18 KB 50ms
19ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

5d82e8c0c0c0c9bd98b9931a48d14ed6e53f00ac9199053f09f17c9e63e98cb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18442
x-xss-protection: 0
server: cafe
etag: 5230216553204923164
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 04 May 2024 05:38:56 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 282 KB
95 KB 27ms
27ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX&l=dataLayer&gtm_preview=gtm_auth=WonWorjHdmyZK4CuPVtRVg&gtm_preview=env-8

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

336bb715ee0374a2f77dfa190e56eb267cac37faab0d63ff69aad413d9183cd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97423
x-xss-protection: 0
last-modified: Sat, 04 May 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 May 2024 05:38:56 GMT

GET
H2 200 en-US.json Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/ 621 B
1007 B 8ms
6ms XHR
application/json 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/en-US.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 760
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320862
x-accel-date: 1714480274
x-77-nzt: EgwB1GY4sQH3XuUEAAwB1GY4EQH3DQAAAA
x-accel-expires: @1740400261
x-77-age: 320862
last-modified: Tue, 30 Apr 2024 12:16:53 GMT
server: CDN77-Turbo
etag: W/"85d8c40aac9c25bb0b993d4aa039a56f"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c93566bc4c051b
access-control-max-age: 3000
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/json
x-amz-cf-id: LtgS_L6WdgISTgSfdK0n6VRM1f4bOwVKeT6Ki2QWBqs3wPOcTcdayQ==

GET
H2 200 en-US.json Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/ Frame EA89 621 B
0 7ms
7ms XHR
application/json 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/en-US.json
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www2.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 760
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320862
x-accel-date: 1714480274
x-77-nzt: EgwB1GY4sQH3XuUEAAwB1GY4EQH3DQAAAA
x-accel-expires: @1740400261
x-77-age: 320862
last-modified: Tue, 30 Apr 2024 12:16:53 GMT
server: CDN77-Turbo
etag: W/"85d8c40aac9c25bb0b993d4aa039a56f"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c93566bc4c051b
access-control-max-age: 3000
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/json
x-amz-cf-id: LtgS_L6WdgISTgSfdK0n6VRM1f4bOwVKeT6Ki2QWBqs3wPOcTcdayQ==

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2F...

0
0

GET
H2 200 353467326379958 Show response
connect.facebook.net/signals/config/ 56 KB
13 KB 896ms
895ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/353467326379958?v=2.9.155&r=stable&domain=www.biltrewards.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

06b071402d78d223ed8054689e67798c07e8ccdccf911c189c654b29461bfc0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 04 May 2024 05:38:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=64, mss=1294, tbw=63288, tp=-1, tpl=-1, uplat=885, ullat=1
pragma: public
x-fb-debug: Yml/4asYdNFlwVaxI/iJxNI98AmlMz7HjsoSb9Q5PdJ0x5V/w4+IwfU288BP2LlnYfudg3b4VtZjSkGA4L0QSA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/10874839969/ 3 KB
1 KB 19ms
19ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10874839969/?random=1714801136526&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

7f1c25e4738bd4e3b74585bc56014d80f4bd0bebe2d9a2f88cd5081b735b3b75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1465
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/ 43 B
61 B 37ms
20ms Script
text/javascript 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=1714801136531&cv=9&fst=1714801136531&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=path%3D%2F%3Breferrer%3D%3Bsearch%3D%3Btitle%3DBilt%20Rewards%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2F&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 en.json Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/ Frame 322B 8 KB
0 0ms
0ms Fetch
application/json 172.66.43.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/en.json

Requested by

Host: id.biltrewards.com
URL: https://id.biltrewards.com/_next/static/chunks/229-b73ce4ace404a953.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://id.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:56 GMT
content-encoding: br
x-content-type-options: nosniff
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"deeec53da2118f7d45f432e74ecef857"
expect-ct: max-age=86400, enforce
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60,s-maxage=86400
vary: Accept-Encoding
cf-ray: 87e625bb48953618-FRA

GET
H3

200

/
www.google.de/pagead/1p-conversion/10874839969/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.com/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_h...
https://www.google.de/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_hi...

42 B
64 B

38ms
21ms

Image
image/gif

142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI3KTqhKTzhQMVYZn9Bx3ZRwU_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqUd60_EkCEjhpwmcgsWkU5wTyqj_htA&random=4183092879&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Server

142.250.74.195 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 May 2024 05:38:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 04 May 2024 05:38:56 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10874839969/?random=2110960045&cv=9&fst=1714801136526&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI3KTqhKTzhQMVYZn9Bx3ZRwU_MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqUd60_EkCEjhpwmcgsWkU5wTyqj_htA&random=4183092879&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2F...

0
0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
703 B 200ms
200ms Ping
text/plain 104.90.205.74
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.205.74 Barcelona, Spain, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-90-205-74.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 33fa7291
date: Sat, 04 May 2024 05:38:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24050405385612DFFBD43A2313583907-14AD74ADE532A83E-00
x-cache: TCP_MISS from a104-90-205-70.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=28, cdn-cache; desc=MISS, edge; dur=12, origin; dur=138
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024050405385612DFFBD43A2313583907
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 138,104.90.205.70
x-tt-trace-host: 01df6a9976b24b1b4c9e3efb9e8a5e18d8cc79517f935bbe45c9f0a8c2bbea09e0ae8b6573831a5e4b8e4cb84992787b775a4e005b303fb846421047443104258b0abbbbf9026341c53d4a492e02ba096b5006138111448f33236406cbfac6696a
access-control-allow-headers: Authorization,*
expires: Sat, 04 May 2024 05:38:56 GMT

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714801136165&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2F...

0
0

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1714801136748&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&wpn=lc-bundle&cd=.biltrewards.com&c=PH...
https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136748&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2F...

43 B
241 B

314ms
92ms

Image
image/gif

3.222.51.241
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136748&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Server: 3.222.51.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-222-51-241.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 04 May 2024 05:38:57 GMT
x-pixel-event-id: ae0e5e27-8dc3-408d-92c2-3db0a982e87b
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136748&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4
date: Sat, 04 May 2024 05:38:56 GMT
content-length: 0

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1714801136751&aid=b-00ri&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2F&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYW...
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ4MDExMzYxNjUmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaH...

43 B
241 B

315ms
93ms

Image
image/gif

3.222.51.241
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ4MDExMzYxNjUmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgxMXNtLi4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0ODAxMTM2MTY1JmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136751&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Server: 3.222.51.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-222-51-241.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 04 May 2024 05:38:57 GMT
x-pixel-event-id: ed5917d9-9343-4312-8a55-036f864b416f
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ4MDExMzYxNjUmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgxMXNtLi4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0ODAxMTM2MTY1JmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136751&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4
date: Sat, 04 May 2024 05:38:56 GMT
content-length: 0

GET
H2 200 remediation_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/ 105 KB
29 KB 7ms
7ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/remediation_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d85e3b3bf0efa46b38853dc507ba4292665037545075d1ceb94079fbe97c552f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 eca56eada7885f8195ee4db13cd72cc2.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 738
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320865
x-accel-date: 1714480271
x-77-nzt: EgwB1GY4sQH3YeUEAAwBnJIhHwH3BAAAAA
x-accel-expires: @1740400267
x-77-age: 320865
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"614544075b6e4e6ebbaec1a693536046"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c935668509d638
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: Yf3trm-_RzlijUU4NsCm8OxCnU3LNS40VMASUrDE_BdiJTg0_PJlKQ==

GET
H2 200 IXD25a7qYzAOaBBz.json Show response
cdn.userway.org/remediations/consolidated/2055530/ 864 KB
112 KB 10ms
9ms XHR
application/json 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediations/consolidated/2055530/IXD25a7qYzAOaBBz.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 85
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 316360
x-accel-date: 1714484776
x-77-nzt: EgwB1GY4sQH3yNMEAAwBnJIhHwH3CREAAA
x-accel-expires: @1746016415
x-77-age: 316360
last-modified: Thu, 25 Apr 2024 19:17:37 GMT
server: CDN77-Turbo
etag: W/"54787d57725833581fb3127dea55b4ac"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c935663597dc38
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: public, max-age=31536000
content-type: application/json
x-amz-cf-id: A76Mma_rzvqV147IDvHuStU5uHfew-cijpKvwsGJMmRNtGKmTa9cEw==

GET
H2 200 body_wh.svg
cdn.userway.org/widgetapp/images/ 4 KB
3 KB 10ms
9ms Image
image/svg+xml 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/body_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 47bf742fc3975367a1788e300150d028.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 404
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320865
x-accel-date: 1714480271
x-77-nzt: EgwB1GY4sQH3YeUEAAwBJRPCNAH3DwAAAA
x-accel-expires: @1740400256
x-77-age: 320865
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"1d8b1582fe82bd329041cc1982ad42e4"
x-77-nzt-ray: 1cb09c0e4730523cf0c93566e0651a3a
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: dTr04PFmTf8U_1m58hPaGZhiL3HK6OPN-Kymfje7-hLMKhbgJCdZzg==

GET
H2 200 spin_wh.svg
cdn.userway.org/widgetapp/images/ 2 KB
1 KB 10ms
10ms Image
image/svg+xml 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/spin_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 425
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320866
x-accel-date: 1714480270
x-77-nzt: EgwB1GY4sQH3YuUEAAwB1GY4EQH3CQAAAA
x-accel-expires: @1740400261
x-77-age: 320866
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"8e0a35946bf39d10f46a1f1653366a0a"
x-77-nzt-ray: 1cb09c0e4730523cf0c93566317d213a
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: OM1xIi8PbAJTQfjkznNDcDWzlAm3kxyhtuDtripUcqehC7yub_pCqg==

GET
H2 200 remediation-tool.js Show response
cdn.userway.org/remediation/2024-04-30-12-14-34/paid/ 57 KB
21 KB 7ms
7ms Script
application/javascript 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediation/2024-04-30-12-14-34/paid/remediation-tool.js?ts=1714479274721
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 245e82e79fc403ffc23f1b59217509f44f826fd360b7b0c3a7f19b13eec5aea4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 c114c55bb579a01518cf64c447d45272.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 726
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 320866
x-accel-date: 1714480270
x-77-nzt: EgwB1GY4sQH3YuUEAAwBisclwQH3DgAAAA
x-accel-expires: @1740400256
x-77-age: 320866
last-modified: Tue, 30 Apr 2024 12:16:59 GMT
server: CDN77-Turbo
etag: W/"d00f1a2dad09eb407473962a17d69117"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c935665a0e683b
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: Noye1b6dG9Op-IJ1Iii7YN_uOQX2K5eZSDvumGqrvOnkgUj06Bf4xg==

GET
H2 200 IXD25a7qYzAOaBBz.json Show response
cdn.userway.org/remediations/consolidated/2055530/ 864 KB
0 0ms
0ms Fetch
application/json 2a02:6ea0:c700::21
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediations/consolidated/2055530/IXD25a7qYzAOaBBz.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::21 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:56 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 85
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 316360
x-accel-date: 1714484776
x-77-nzt: EgwB1GY4sQH3yNMEAAwBnJIhHwH3CREAAA
x-accel-expires: @1746016415
x-77-age: 316360
last-modified: Thu, 25 Apr 2024 19:17:37 GMT
server: CDN77-Turbo
etag: W/"54787d57725833581fb3127dea55b4ac"
x-77-nzt-ray: 1cb09c0e3b1b5f3ff0c935663597dc38
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: public, max-age=31536000
content-type: application/json
x-amz-cf-id: A76Mma_rzvqV147IDvHuStU5uHfew-cijpKvwsGJMmRNtGKmTa9cEw==

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 31ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=353467326379958&ev=PageView&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1714801137449&sw=1600&sh=1200&ud[external_id]=2505e45b2b9ef0c7833b42609fabb6cf4b60331d4fbbc2ed597281a5f40a6f04&v=2.9.155&r=stable&a=seg&ec=0&o=4124&fbp=fb.1.1714801137446.1678679802&pm=1&hrl=f542a7&ler=empty&cdl=API_unavailable&it=1714801136502&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1714801136377-2ede570d-eb36-4c84-b5c6-43690c6759df&cs_cc=1&cas=7368986099863077%2C5027429843991248%2C5406700332768189%2C4118934621525755%2C4544091382281257%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=GET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1294, tbw=2756, tp=-1, tpl=-1, uplat=1, ullat=1
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 04 May 2024 05:38:57 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

OPTIONS
H2 200 alts.json
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ Frame 0
0 509ms
476ms Preflight 2a02:6ea0:c700::18
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Ftvspix.com%2Ft.png%22%2C%22alt%22%3A%22%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
date: Sat, 04 May 2024 05:38:58 GMT
server: CDN77-Turbo
x-77-cache: MISS
x-77-nzt: EggBnJIhiwAACAGckiEfAAA
x-77-nzt-ray: cf878727cd0993e9f1c9356673c04922
x-77-pop: frankfurtDE
x-service-version: img-dscr-srv-727604a1

GET
H2 200 2055530 Show response
api.userway.org/api/br-links/v0/contribute/ 51 B
429 B 172ms
171ms Fetch
application/json 2600:1f14:5db:eb11:11e:cd7:8931:11bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/br-links/v0/contribute/2055530
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:11e:cd7:8931:11bf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:57 GMT
etag: W/"33-H+KjAZZBE0PpJIInQTjCoPBRoaQ"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 51
x-service-version: apps-ddb67952

GET
H2 200 2055530 Show response
api.userway.org/api/br-links/v0/links/ 86 B
452 B 172ms
172ms Fetch
application/json 2600:1f14:5db:eb11:11e:cd7:8931:11bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/br-links/v0/links/2055530
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:11e:cd7:8931:11bf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3f7853bd4d6086be63374d96af8f4297718ae35b74698c30e362bf43a1d888a5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:38:57 GMT
etag: W/"56-Q78UpHasXJc4bkSkw+leqwZtTHI"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=300, public
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 86
x-service-version: apps-ddb67952

GET
H2 200 alts.json Show response
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ 203 B
758 B 8ms
7ms Fetch
application/json 2a02:6ea0:c700::18
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Ftvspix.com%2Ft.png%22%2C%22alt%22%3A%22%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 9eb94d0e2d04f7b70c7077d41fd696e37f907326f3a8da175cd2692f58a3b0b8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:58 GMT
content-encoding: gzip
x-77-cache: HIT
x-cache: HIT
x-age: 225621
x-accel-date: 1714575517
x-service-version: img-dscr-srv-8d5b377c
x-77-nzt: EgwBnJIhiwH3VXEDAAwBnJIhHwH3+28FAA
x-accel-expires: @1715179147
x-77-age: 225621
server: CDN77-Turbo
etag: W/"cb-VcEGOmjk6/aVZ+dPlTrcmCsXD2g"
x-77-nzt-ray: cf878727cd0993e9f2c935664e452703
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
access-control-allow-headers: *

GET
H2 200 alts.json Show response
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ 260 B
797 B 7ms
7ms Fetch
application/json 2a02:6ea0:c700::18
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fstatic.biltrewards.com%2Fassets%2Ffooter%2FAllyant_Accessibility_Badge.svg%22%2C%22alt%22%3A%22Reviewed%20by%20Allyant%20for%20accessibility%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 1a01aa66114101f1f59b9496a0fa58943400ed89a7471cd23ddd01cedf7d8d1e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-77-pop: frankfurtDE
date: Sat, 04 May 2024 05:38:58 GMT
content-encoding: gzip
x-77-cache: HIT
x-cache: HIT
x-age: 391054
x-accel-date: 1714410084
x-service-version: img-dscr-srv-406c249e
x-77-nzt: EgwBnJIhiwH3jvcFAAwBJRPCLgH3JSoBAA
x-accel-expires: @1715014863
x-77-age: 391054
server: CDN77-Turbo
etag: W/"104-DKfoT6MRwLRaBuyjwx6XcPzWB3o"
x-77-nzt-ray: cf878727cd0993e9f2c9356662746f2a
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
access-control-allow-headers: *

OPTIONS
H2 200 alts.json
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ Frame 0
0 168ms
168ms Preflight 2a02:6ea0:c700::18
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fstatic.biltrewards.com%2Fassets%2Ffooter%2FAllyant_Accessibility_Badge.svg%22%2C%22alt%22%3A%22Reviewed%20by%20Allyant%20for%20accessibility%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
date: Sat, 04 May 2024 05:38:58 GMT
server: CDN77-Turbo
x-77-cache: MISS
x-77-nzt: EggBnJIhiwAACAElE8IuAAA
x-77-nzt-ray: cf878727cd0993e9f2c9356693006720
x-77-pop: frankfurtDE
x-service-version: img-dscr-srv-727604a1

GET
H2 200 status Show response
api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2F/DESKTOP/WIDGET_ON/ 77 B
454 B 169ms
169ms Fetch
application/json 2600:1f14:5db:eb11:11e:cd7:8931:11bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2F/DESKTOP/WIDGET_ON/status
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/773-7b29dafc6951bbfe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:11e:cd7:8931:11bf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 04 May 2024 05:39:02 GMT
etag: W/"4d-wYLRLrbWidRwnfhEvoB+Y2U04NY"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 77
x-service-version: seo-w-fa0246c1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: framerusercontent.com
URL: https://framerusercontent.com/assets/LqDnnljXEwgpUOKntxS1EWW6Rg.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/modules/assets/ZOQnZ28bo7qibfKtLjS7lnsO4~aPaqOZNJkxYT2qc_-WAEnT8sEAw10p7tnZdSX4PzEH4.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/assets/s15i8VNMBMOyVBn9RdA2jtEVxk.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/modules/assets/9vZ4CFUb3rKQR5PiFoCAG4XK9ds~OMnLjX5KG42fbQ9CabmPYWfngmsLKfBkxrst4820Nz8.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/assets/8qn5SJXAslrGaAAxdWjJDc6gng.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/assets/0iJMoAt43UHHN4iZwJ9BRySDSfM.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/assets/ZIA17DG79ouXlfoQjamRRhk3cc4.woff2

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/7dgusnBALjfsS0yucyysUvo9a8o.jpg

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/NI61TIlpX6TJbklIpHSie2tEpGE.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/emCFcnwNiMYScIxwr45IJOzQLg4.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/B2j04d4DELSVPqW3pu2DeFzMZU.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/f2fwl12tvW9YGosVlJxHf8yLgk.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/XjelGy0AgZXWBtmYgQFM6So2cZU.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/ViCoXi9FWxoh8GjbX1a14g7pZX0.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/8ibs6KgHYOJb6Y4lzhBQsszTRc.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/MxRklazzy1Emai1IjUOn2ORYq8.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/wiRNqk3Xr49CYkBPQk79io2TT1g.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/5JsrF9pUWaXrgy50k6xEWQpJoxA.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/ftPWeWr9bdX4s1UGa0CgDGwo6Q.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/aFXvQ8tvchAhSy28xtqLwAcc.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/Fi5WiSlR8pQgUTvWiBx9llcchmY.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/Ax6NHsTfN0grr4AHyWTy2Sz2RI.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/8WJAm6JhDhA9oa7JjDgElrhOiQ.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/o5yryGY3RMxXyiyQyqeuPPxOz60.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/9ak0DxXbaVM1VoMTeIMa99JiKI.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/hnIi4P7pdlJAXqbv27Bue7JEr2k.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/wlTHpTUu4ykBMBG21EX0CERes.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/pMOoQGEce2gdLvB4HZNfsf4sY.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/GqxnFscgQXWBc0FTLQUcBVmIfV8.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/eODr1NJCd9NMOsg3WpToY6znD0.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/yhcjbBUdWKuI5ee25BmmDwVlQ.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/uMy6gIwSwWrVGDsXDGVWHHKzYEE.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/NRqZdfp0sRwRZ2mBC3XB3MGG4.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/c8bJ9cJNZu0SSI90azRcdddA.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/PJj4RY5yFu6gqPz485dMfCclbxQ.png?scale-down-to=512

Domain: framerusercontent.com
URL: https://framerusercontent.com/images/gMGCZacBG9NmOgMr0vAlUWzMM.png

Domain: framerusercontent.com
URL: https://framerusercontent.com/modules/assets/PeV1BiYkQUoBq9a4xHPOFZaIKs~OYvKke6pEo6tZJDWeo6LVWQ-3rkTs09Fc-ShUEf3Zww.ttf

Domain: framerusercontent.com
URL: https://framerusercontent.com/sites/1Cb499qb6fbDYOrLf1q7xd/default_script0.E7H7JWSA.mjs

Domain: www.redditstatic.com
URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry

Domain: conversions-config.reddit.com
URL: https://conversions-config.reddit.com/v1/pixel/error

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4

Verdicts & Comments Add Verdict or Comment

132 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.liadm.com/p	1970-01-21 05:56:01	Name: lidid Value: 0db877c1-3710-4265-89d9-ace4083be6a4
www.biltrewards.com/	1970-01-21 05:05:37	Name: theme Value: light
.biltrewards.com/	1970-01-20 22:29:37	Name: _gcl_au Value: 1.1.1931251386.1714801136
.mgln.ai/	1970-01-20 21:46:25	Name: arc_id Value: eyJfcmFpbHMiOnsibWVzc2FnZSI6IklqTmpOakkwWW1NMkxXSXhOakF0TkdZME5pMWlZelU0TFdJMVltSXpPVGMyTVRjd1pTST0iLCJleHAiOiIyMDI0LTA3LTAzVDA1OjM4OjU1LjU0NloiLCJwdXIiOiJjb29raWUuYXJjX2lkIn19--a57c2a2bdf66807feeb7d91b334d415dabdd3cd0
tags.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id Value: s%3A0-2a3b3f42-d67b-53e2-7c07-614fc66f83cf.hoyUdIpc5fa3ursQ%2FqlLKGA39ooPcyEnFT6ufYB6NLU
.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id Value: s%3A0-2a3b3f42-d67b-53e2-7c07-614fc66f83cf.hoyUdIpc5fa3ursQ%2FqlLKGA39ooPcyEnFT6ufYB6NLU
tags.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id-v2 Value: s%3AKjs_QtZ7U-J8B2FPxm-Dz1D_Css.d32xM%2BuluxMvp1Ve0kxZKY4lkjbg2Uj00JE8lapQnXo
.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id-v2 Value: s%3AKjs_QtZ7U-J8B2FPxm-Dz1D_Css.d32xM%2BuluxMvp1Ve0kxZKY4lkjbg2Uj00JE8lapQnXo
tags.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id-v3 Value: s%3AAQAKIOTojqAKskm9SwghyW7iS2kL7uOc0u-80B12XNCUFm0NEHwYBCDvk9exBjABOgS9M-cxQgRJfMty.ZklrVgpkMx8C5ftFSA2VR%2BJZe31gVa5Gi3BqDfQSiko
.srv.stackadapt.com/	1970-01-21 05:05:37	Name: sa-user-id-v3 Value: s%3AAQAKIOTojqAKskm9SwghyW7iS2kL7uOc0u-80B12XNCUFm0NEHwYBCDvk9exBjABOgS9M-cxQgRJfMty.ZklrVgpkMx8C5ftFSA2VR%2BJZe31gVa5Gi3BqDfQSiko
.tiktok.com/	1970-01-21 05:41:37	Name: _ttp Value: 2fzPrxjXG7CA8r1DMs06YsuR9fY
.tapad.com/	1970-01-20 21:46:25	Name: TapAd_TS Value: 1714801135879
.tapad.com/	1970-01-20 21:46:25	Name: TapAd_DID Value: d3c02cd4-f86c-44ad-b309-f0d1b72e6a76
.biltrewards.com/	1970-01-20 22:29:37	Name: _rdt_uuid Value: 1714801135924.fcb73105-0282-49ee-8007-2ad02998a274
.tapad.com/	1970-01-20 21:46:25	Name: TapAd_3WAY_SYNCS Value:
.biltrewards.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .biltrewards.com
.biltrewards.com/	1970-01-21 05:56:01	Name: _lc2_fpi Value: 05e21e9a686e--01hx11sma95g4pppppstz8jrsc
.biltrewards.com/	1970-01-21 05:56:01	Name: _lc2_fpi_meta Value: {%22w%22:1714801135945}
.biltrewards.com/	1970-01-21 05:56:01	Name: _ga_QLSYZKSM0E Value: GS1.1.1714801135.1.0.1714801135.0.0.0
.biltrewards.com/	1970-01-21 05:56:01	Name: _ga Value: GA1.1.131650129.1714801136
www.biltrewards.com/	1970-01-21 05:05:37	Name: sa-user-id Value: s%253A0-2a3b3f42-d67b-53e2-7c07-614fc66f83cf.hoyUdIpc5fa3ursQ%252FqlLKGA39ooPcyEnFT6ufYB6NLU
www.biltrewards.com/	1970-01-21 05:05:37	Name: sa-user-id-v2 Value: s%253AKjs_QtZ7U-J8B2FPxm-Dz1D_Css.d32xM%252BuluxMvp1Ve0kxZKY4lkjbg2Uj00JE8lapQnXo
www.biltrewards.com/	1970-01-21 05:05:37	Name: sa-user-id-v3 Value: s%253AAQAKIOTojqAKskm9SwghyW7iS2kL7uOc0u-80B12XNCUFm0NEHwYBCDvk9exBjABOgS9M-cxQgRJfMty.ZklrVgpkMx8C5ftFSA2VR%252BJZe31gVa5Gi3BqDfQSiko
.biltrewards.com/	1970-01-21 05:41:37	Name: _tt_enable_cookie Value: 1
.biltrewards.com/	1970-01-21 05:41:37	Name: _ttp Value: zD5C1QIPLwm1ixYZNLtEtXn-z5y
id.biltrewards.com/	1970-01-21 05:05:37	Name: theme Value: light
.biltrewards.com/	1970-01-21 05:05:37	Name: ajs_anonymous_id Value: de570deb-369c-4475-8643-690c6759df43
.liadm.com/	1970-01-21 05:56:01	Name: lidid Value: 0db877c1-3710-4265-89d9-ace4083be6a4
.doubleclick.net/	1970-01-20 20:20:02	Name: test_cookie Value: CheckForPermission
.biltrewards.com/	1970-01-20 22:29:37	Name: _fbp Value: fb.1.1714801137446.1678679802

82 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.biltrewards.com/ Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/0a08d48a-2ea4280064791d1b.js Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
network	error	URL: https://www.biltrewards.com/?_rsc=1wlmf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 345) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: Refused to connect to 'https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
network	error	URL: https://www.biltrewards.com/terms?_rsc=1wlmf Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 737) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 737) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/_next/static/chunks/8609-8109a9ec75940849.js Message: Refused to connect to 'https://conversions-config.reddit.com/v1/pixel/error' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTIyYzc3NzllMQ.js(Line 8) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/ Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx11sma95g4pppppstz8jrsc&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714801136165&tv=v2.14.3&wpn=lc-bundle&i6=MmEwMTo0YTA6NWE6Ojc%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2F&c=PHRpdGxlPkJpbHQgUmV3YXJkczwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlR1cm4gcmVudCBwYXltZW50cyBpbnRvIHJld2FyZHMuIEpvaW4gdGhlIG9ubHkgbG95YWx0eSBwcm9ncmFtIHRoYXQgcmV3YXJkcyB5b3UgZm9yIHBheWluZyByZW50IOKAlCBubyBtYXR0ZXIgd2hlcmUgeW91IGxpdmUuIj4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.biltrewards.com/terms/bilt-platform-terms-of-use?_rsc=1wlmf Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/353467326379958?v=2.9.155&r=stable&domain=www.biltrewards.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 82) Message: Unrecognized feature: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.tiktok.com
api.segment.io
api.userway.org
b-code.liadm.com
cdn.deviceinf.com
cdn.mgln.ai
cdn.plaid.com
cdn.segment.com
cdn.userway.org
cdn77.api.userway.org
connect.facebook.net
conversions-config.reddit.com
decagon.ai
eu.mgln.ai
events.framer.com
flags.biltrewards.com
framerusercontent.com
googleads.g.doubleclick.net
id.biltrewards.com
mgln.ai
o441793.ingest.sentry.io
pixel.tapad.com
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
scripts.neuro-id.com
static.biltrewards.com
sync-transcend-cdn.com
tags.srv.stackadapt.com
transcend-cdn.com
tvspix.com
vitals.vercel-insights.com
www.biltrewards.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
www2.biltrewards.com
conversions-config.reddit.com
framerusercontent.com
rp4.liadm.com
www.redditstatic.com
104.90.205.74
108.138.7.11
13.33.187.42
142.250.185.66
142.250.186.34
142.250.186.68
142.250.74.195
151.101.1.140
172.217.16.200
172.66.43.60
172.67.136.129
2001:4860:4802:34::36
2600:1f14:5db:eb11:11e:cd7:8931:11bf
2600:1f18:730:b140:47a5:73d7:3529:3e20
2600:9000:2490:1200:d:ada1:a280:93a1
2600:9000:275b:7800:19:2755:1280:93a1
2600:9000:275d:2c00:8:8845:1500:93a1
2606:4700:20::681a:2b4
2606:4700::6812:7f8
2a00:1450:4001:806::2008
2a00:1450:4001:813::2003
2a02:6ea0:c700::18
2a02:6ea0:c700::21
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42::396
3.121.4.172
3.160.150.112
3.222.51.241
34.110.183.245
34.111.113.62
34.120.195.249
34.160.241.76
35.241.5.91
35.71.142.77
44.239.238.248
52.12.47.65
63.35.74.145
76.76.21.21
76.76.21.22
99.86.8.175
01370600c09521d44c87e30260f125293b93832187285dd385fbe204484c1167
01f0e7ce17811d478287a5fd73ca4f82c24c94410b1b5df90537d395ff4cf41b
02924ca4217771edb42e679d95c06dbdd53bbdf81634bda9f519c429556bc779
03337e69f3ba0d92c0ee4e6336eab382bbb5ce99d425bc1c0092a9b8618df364
06b071402d78d223ed8054689e67798c07e8ccdccf911c189c654b29461bfc0f
08a3938cb627d9c510cb612fa8183cc339b4efc1f11d141c86561d481d16bbed
0abe423cefe0485642482ae97e213dae0c29d47efae7e74ff6eda26de589f803
0ca8160a692d2ede5ba928e6b91500ca2e3b41bce9f4da9ac974b7df22f03cfb
0d77c0ca71f84e8e1b82911c1c6e7ba7b5c192b1ce10bce9a8db97e08139e688
0d8341b02410fb68aead0790359b385e911c473854d4ab7f0eeefe45f465d7b5
0f21a3f784c0a180951483e44e8878606dd7e74c330a40afdcabfd998bd9ed9e
10a33099eb26008ad5bd6cbc5a1637bb63482dc2463589d1f3eb1264696f7ae4
11d91afe8139a90bc87333ede3e114cf6234b68c7e1e8722fa2906fe13509fb5
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12ce72c5dd8a160d24d631751a8cac946705951d40e2138443784332c1fb4bc1
12eb90ba365f5499e5dcca6dfa9e11e5e451e601f20c46d05cacfa45bbe0fa68
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7
14ce4e2c8340c041c53de976a7b371785493e98fa84f57957f9a92e7a8046e67
188768601044fa9d36f7e8318b53e650a64fb03b28c2b04eb8b99facdadce63e
193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4
19cc1cced30687035cb740cbbf86a4c2d7c5085ca95e3fdef76d7e28d35af57d
1a01aa66114101f1f59b9496a0fa58943400ed89a7471cd23ddd01cedf7d8d1e
1c5e56aecce66d242f6dd521d8e4eb60495e9f3ebfe476532ac0675d5e0821ba
1d6ec88f567df6145ff31cc4f634d8c576965b5572838f97f9de77af6c3d3239
206741e6b109bb35edb1e532a9a077cf8f8d59df9c0750045a9af563a1f9de0b
21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710
229c48f80c1ccba052790eaa4caa79743c358eae69adb9e06e75b3653bd9176a
23a5f5ef3e68c6e8584a806ba3c1276eb4e49a36de52d9c21303d2b1435ad13b
245e82e79fc403ffc23f1b59217509f44f826fd360b7b0c3a7f19b13eec5aea4
25bec41e9f6dbc851e40687dc3aca88eb7f24515b8c04113e0a8bce69aefc57f
2b6ffa1fda482766ba9db7607cf480fea2d6e045ea6d629cb1006b1384f43d3b
2cf0d22aa7498e95b770dcaee27f828a57946c466b6fa4062a318f3d86a3e4c1
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
336bb715ee0374a2f77dfa190e56eb267cac37faab0d63ff69aad413d9183cd0
352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824
36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585
3a61375e44fd14535935364ba62f844371eb9fb77ad0e4437720086719fa0da7
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342
3dc4e28176a731679dfee5c89158b5183530ebda5323cba7d5ed6d6c752c5a4c
3e12cb695307b2703bce81c01aaeaf24cf0aa0602c8307458ea4f117719fb6ac
3f7853bd4d6086be63374d96af8f4297718ae35b74698c30e362bf43a1d888a5
41edd150c77b8a89ebccf236458559af580f7271303c86541d069c4976caa36e
43ce35def7558be28d30002de7984ab770ebc989155fe2c504b39cf00c9798d2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc
49158eb40fa1df35097e314a4c2973c8fe19b97d82b6d91a4b4dce0bb8735c67
4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538
4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a
4d30600a865d49c31ee9a2f18bbd955840b72f3d5eee2d3394fda371e9ee270e
4dd34f61aca89d6bc803b2bd3feb6a97b9be91c52dc7cfb6bf64971b08b3f83a
4e0ea1029eab3b7c0bb3183eaa684b29064f2de371720317b8a35519fe26589e
4f0723c4f61bf24d6caa0f3c88c0ff696d701fdcc002882e75d3849b147c36eb
4f452334c46c15d7198eb2155a3ec0d93ee81b7d1dfaaee86fe67532299b4f7c
500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3
52ea1136d79c3a7ebe4f345fdec565e4bac855aeb6ae4dafb54b7b7f29edb881
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57bd3463acfad02c222f7beac208f69df5507f7de42fa38b18a1e1e48df2a44a
5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427
5ac1c77c992ddf5093ee99f3128e769ce4e854e31d63a45a5c229fa012f3d27b
5b4fdc71b907c8b40b093cffa977415257b82282d0fb32448e1306f030d64345
5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64
5cfedefb95154ab787f29ec754d293534271a0fb6cb774a8557c85e738765098
5d44bbfdb856118b71f8bad2814cc93683ae7316dbf5feb54946bd4e1f15d024
5d82e8c0c0c0c9bd98b9931a48d14ed6e53f00ac9199053f09f17c9e63e98cb1
5d9df2764c7d56ded13faf14e7235e19ae3232be0f54e8ddd60ed76e6339f3af
5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312
6162a259efcc903ece88a8301a46b44e3a77c220b3752c01eb02caa0af358870
6266e044e9d67f5e08c39dec30aeb2c9ffc3dbf6c837a6f60da52b050b474794
64ee05b98a022eb8e7c5f531342a77e8265378f08c4665c90e0b0ca953373b10
66a9737875a0f5a00048fb2ed685946f0abd0649d44735b8460bf99821664c54
6b303bfca9f8eb88aed4acf74b6af893130f596c58bc12301285853756982a0c
6ba51e661ea99d73f18d67c0759bdfa54b3c409cab8308cccb0b4e94e6750ce5
6fce5a0604a6267ad769dd5e7afbfcf8bd0390897f682aec71f6307999a5b67e
6ffe2bffedc44cab8178c5bc51fcce8b301a69d70ed8542cfb21bc7b307af60f
7007e6e756437d5ac0a2a1fda6bb03e50fe2f5c45c7185b4382286514ee211a2
70e96ea74dd811ed8f8d7fe473ec308bbdb8b19553127dcb83311541c4130dae
71495b89624749d6bc836881598788e579cfc8d0c4034bd5eb28db8d6b517a09
714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385
725277a8c72dd1cc55fc502e9456b84fae84a692b7b0cf9ebd8f760be39b2300
75c43224db7967fac75bbb8ddbde3ea2b151177b820af1e246039a4f2e135698
76d2ff093e6915059cf45b5a51b88ccd5e79c038e42ecd2cf5817403b6c52cd2
76f0314087a72b40304a3e1bab6132c27f582a7e1815c2ef6d3e9d78b2cc3f9c
7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa
7746ece790029046b24f2a25796fcaa152efe875c7a8641358088ba857e53157
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7b2faec4335de81abbf1ebf794f91a4f2b870b317093448b84082b5f411c741c
7b4cdce57f8fddd34bfda991ea0073b28e5440c8406149a721db6542135c319c
7f1c25e4738bd4e3b74585bc56014d80f4bd0bebe2d9a2f88cd5081b735b3b75
8059da41d48e0a03b2f7ff592025d74585a5574458558d9e95ad00474d04d466
83aabe649060a7e2ae2d90805d2e69bfcb75b54156056654bea6e44ef5487d72
83dc56b9cd11d2a8e9324a5985639b8a680378f43eb82e8d55a4260a7a58d3cc
85f5de4dc60ee136c7f141c4999ed8ab88b9bf0aed3a5806f9cbc4283a901b0f
8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee
8a61f145dffddc6b27774d52e30904da844103ae0d0e635c3ee3c3807907c07b
8fac5963cf08bccb52ed83675b4ab217e5c9dcf28d37f50f9b0f023fc0a9b783
9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2
92d32ee9ef0c6a0a3f914e9483c3a0ee98f4d99d39ab36110ab74ed0814c62d2
9315ecc2d6e6627f1e4a0b9d2b62c4b69bfd309913e545715d695e38191e60e9
9462e8b6b1c68de8085317e681667189fb8e8b6af5c28cf4b857dd267842189f
990fba98068c77b0616f1d04a1df3ae1e0b6a0fe19809beb34864ab99044ba78
9eb94d0e2d04f7b70c7077d41fd696e37f907326f3a8da175cd2692f58a3b0b8
9f75860a0ed695951d068580c66fc85ea549c924d7829279f759de5b261d96e7
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a08597993ec5ca2b8cb7119e9d2d3da7878c69526cd0521d410fb6b8670d49de
a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf
a6719d408c68a76e7ecc129a8ca95660269e04939e056d23abbddded90bf8e3a
a869fe8cddaf23f1ee50724c35748cefb30c697095b2cf4a231033cb8f43b4ab
ab32bc58349446cd3c8761af45640b13ed01073a6553e5779a9b03852d591ca4
af6eba57bf2517abf6514c8efc984691780db40d0468f1bf9e4d1f8687d0f3ec
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac
b3c75117c4b6621b601ca349845c3cd5f55d09c44905cffaddc725dabb82e17d
bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733
bcf6db8e2b32f2b799eea191434b4090cbb642ee936fd8c169ac7979d69b7b51
be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8
c04daf4d84b602e33cd55244de90765807629d32b9bec66402b61bbc9666995c
c1554e4093c2f321c2fc93d0bc5dcad3f1ff5a3c7031e45917443854b72274bb
c26c4fb4f58b0aa3012ecc8d8cd44381ec9dbbb687691231da5f18165168ca1b
c2b94cfc4eef447336e5dfa65487b6920554809090d4ffb57dd3c8a0b4663634
c2f14ac6aa2d1007f23dbc8cd5535ae456550e6b6cec1114a60d56610e526861
c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c
c5b3b178dc8df3767511096744a36ee3edcee7ed62be5f8504244e6b70cf7398
ca764b5867087d3c5ffc2bb0497a50b2ecf18ae7252169951ec97e18a592973d
cabadde351faaef576e9bea2b85cb40594e63eada1640633c7cc8c75a1b4c3fb
cf211ca1ff61bad1d99f1ac684aa359f7022f7fad48da18fde2d69d51556cc06
cf864361a24b9afe094f76d502d804e878318535e9479c428babec04f792bb76
d065eff191539c5a5e24a3a4f1bb8ff55a32c7701e34d57ae8b49ca555bdeb31
d2086fef391221a13d759836370ef5bae70c15e1389eb6504dc3a31c987e0a88
d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c
d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb
d85e3b3bf0efa46b38853dc507ba4292665037545075d1ceb94079fbe97c552f
da70c773cd3a8d489bad7c03fb89b63053843aa52c0545749df089a08e64f78f
db8dee9ad499fb9b623de94c004b284d5529c842c2822340d4ad2f2f8f44968c
db9c28d70f03728ad94c11d34cea446ed992aaa6167344d3eb362379f7fdaaf0
dc2039eaa8cdec894f2d425e26ac4233e0bc86f4591185097efb4b79a659f083
dc9d99b4069719085cc1a67a93350f47b0d97185bc95c4afc509b917ca2a5ee8
ddacc3618c70d111c0ad8ac3060fd21c36846929db812678ceea34fcb23dc9fe
dee84f70b223c706aee2e8509f8a16a3c99d5a3dcd1fa440d0417db8d6ee1792
e310d272bb05b8caa31f4ec6de5437bfbd04800535c9069fa58550a911612ec8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db
ea9ed2f612e41fcd700060fad5eff94165c56fb549e6334173177b4a540a5a9d
eb1ffeccaf95fde9ecf145e4ea93852a46e7d42b04d38ec858b891c5f6dfd8fd
ecd2c17a041e41d9a7ee92a6e44d322c2c8f83b11117b9eec196abefa41fc110
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff87b0205e1ebe55ca731239b15df7b48583b9015ce78cb50a886a97e8b1be8
f20718ca51aea7b5bd511449b7a3ffc49978f7f57999dd7c6a0408e807f00d01
f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f72d0a5af37884e1b1b98c1d843591b5618a80cab198ce8e85cf4131dfde5524
f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98
fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47
fa7e514331c85e2bff2ab629fc901146eaec70a8fbfd84ee6dc9242dbb9d0030
faf2bc4a9d3e932166c102a727ca4aa42e7c95b67ec8dd424523da14089cfef2
fee988d0a4b149a9ce3c30d63733d83d3c257368af50883bc9027fe0614dd522
ff54e9b2209db7e90df95ee8523a1176d4c14d06b413cc817dfbbda6d64a03e1

www.biltrewards.com Open in urlscan Pro 76.76.21.22 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

226 Requests

79 %HTTPS

37 %IPv6

31 Domains

42 Subdomains

40 IPs

4 Countries

4249 kBTransfer

15750 kBSize

30 Cookies

12 Outgoing links

Page URL History

Redirected requests

226 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.biltrewards.com Open in urlscan Pro
76.76.21.22 Public Scan

Screenshot
Live screenshot

Full Image

226
Requests

79 %
HTTPS

37 %
IPv6

31
Domains

42
Subdomains

40
IPs

4
Countries

4249 kB
Transfer

15750 kB
Size

30
Cookies

226 HTTP transactions
16 data transactions