www.biltrewards.com Open in urlscan Pro
76.76.21.93 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bilt.page.link/app
Effective URL:
https://www.biltrewards.com/app
Submission: On May 03 via api (May 3rd 2024, 10:37:36 pm UTC) from US — Scanned from DE

Summary HTTP 138 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 38 IPs in 3 countries across 30 domains to perform 138 HTTP transactions. The main IP is 76.76.21.93, located in Walnut, United States and belongs to AMAZON-02, US. The main domain is www.biltrewards.com. The Cisco Umbrella rank of the primary domain is 124603.
TLS certificate: Issued by R3 on March 22nd 2024. Valid for: 3 months.

This is the only time www.biltrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
35	76.76.21.93 76.76.21.93	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700:440... 2606:4700:4400::6812:297e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
9	35.241.5.91 35.241.5.91	15169 (GOOGLE) (GOOGLE)
1 6	2606:4700:20:... 2606:4700:20::681a:2b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
6	34.110.183.245 34.110.183.245	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.39.83.198 52.39.83.198	16509 (AMAZON-02) (AMAZON-02)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.67.136.129 172.67.136.129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.92 13.33.187.92	16509 (AMAZON-02) (AMAZON-02)
1 3	216.58.212.164 216.58.212.164	15169 (GOOGLE) (GOOGLE)
1	2606:4700:310... 2606:4700:3108::ac42:28c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	108.128.159.11 108.128.159.11	16509 (AMAZON-02) (AMAZON-02)
2	34.160.241.76 34.160.241.76	15169 (GOOGLE) (GOOGLE)
2	76.76.21.21 76.76.21.21	16509 (AMAZON-02) (AMAZON-02)
10	2a02:6ea0:c70... 2a02:6ea0:c700::11	60068 (CDN77 _) (CDN77 _)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
5	104.126.37.185 104.126.37.185	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	3.121.4.172 3.121.4.172	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:275... 2600:9000:275d:6c00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
3	172.66.40.196 172.66.40.196	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::ac43:484f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
3	2600:1f14:5db... 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156	16509 (AMAZON-02) (AMAZON-02)
1	54.69.251.6 54.69.251.6	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	172.217.16.200 172.217.16.200	15169 (GOOGLE) (GOOGLE)
1 2	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
2 2	2600:1f18:730... 2600:1f18:730:b150:3e92:a640:deed:8020	14618 (AMAZON-AES) (AMAZON-AES)
2	34.201.224.56 34.201.224.56	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:7f8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:6ea0:c70... 2a02:6ea0:c700::17	60068 (CDN77 _) (CDN77 _)
138	38

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

bilt.page.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 76.76.21.93 (Walnut, United States)

ASN16509 (AMAZON-02, US)

www.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:4400::6812:297e (United States)

ASN13335 (CLOUDFLARENET, US)

www.datocms-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.241.5.91 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 91.5.241.35.bc.googleusercontent.com

static.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:2b4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu.mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.110.183.245 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 245.183.110.34.bc.googleusercontent.com

id.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.39.83.198 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-39-83-198.us-west-2.compute.amazonaws.com

tvspix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o441793.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.136.129 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.deviceinf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-92.fra60.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.164 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3108::ac42:28c4 (United States)

ASN13335 (CLOUDFLARENET, US)

transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.128.159.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-159-11.eu-west-1.compute.amazonaws.com

vitals.vercel-insights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.160.241.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.241.160.34.bc.googleusercontent.com

flags.biltrewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.76.21.21 (Walnut, United States)

ASN16509 (AMAZON-02, US)

decagon.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.126.37.185 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-185.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.121.4.172 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275d:6c00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.66.40.196 (United States)

ASN13335 (CLOUDFLARENET, US)

transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:484f (United States)

ASN13335 (CLOUDFLARENET, US)

mgln.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156 (Boardman, United States)

ASN16509 (AMAZON-02, US)

api.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.251.6 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-251-6.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.98 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f98.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:730:b150:3e92:a640:deed:8020 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.201.224.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-224-56.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f8 (United States)

ASN13335 (CLOUDFLARENET, US)

sync-transcend-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:c700::17 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)

cdn77.api.userway.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	biltrewards.com www.biltrewards.com — Cisco Umbrella Rank: 124603 static.biltrewards.com — Cisco Umbrella Rank: 187738 id.biltrewards.com — Cisco Umbrella Rank: 160987 flags.biltrewards.com — Cisco Umbrella Rank: 166094	1 MB
17	userway.org cdn.userway.org — Cisco Umbrella Rank: 3155 api.userway.org — Cisco Umbrella Rank: 3077 cdn77.api.userway.org — Cisco Umbrella Rank: 6160	224 KB
8	segment.com cdn.segment.com — Cisco Umbrella Rank: 1845	64 KB
8	mgln.ai 1 redirects cdn.mgln.ai — Cisco Umbrella Rank: 40655 mgln.ai — Cisco Umbrella Rank: 19858 eu.mgln.ai — Cisco Umbrella Rank: 69158	5 KB
5	liadm.com 2 redirects b-code.liadm.com — Cisco Umbrella Rank: 3700 rp4.liadm.com — Cisco Umbrella Rank: 6119 Failed rp.liadm.com — Cisco Umbrella Rank: 1319	38 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 712	138 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	376 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2777	9 KB
4	transcend-cdn.com transcend-cdn.com — Cisco Umbrella Rank: 14041	132 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	951 B
3	datocms-assets.com www.datocms-assets.com — Cisco Umbrella Rank: 27266	121 KB
2	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	85 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 126	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 183	72 KB
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 493	1 KB
2	decagon.ai decagon.ai — Cisco Umbrella Rank: 46101	1 KB
2	vercel-insights.com vitals.vercel-insights.com — Cisco Umbrella Rank: 13185	331 B
1	sync-transcend-cdn.com sync-transcend-cdn.com — Cisco Umbrella Rank: 32177
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 101	274 B
1	google.de www.google.de — Cisco Umbrella Rank: 7810	64 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 1425	177 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1376 conversions-config.reddit.com Failed	637 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2533	257 B
1	gstatic.com www.gstatic.com	203 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1160	12 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 14323	43 KB
1	deviceinf.com cdn.deviceinf.com — Cisco Umbrella Rank: 232915	99 KB
1	sentry.io o441793.ingest.sentry.io — Cisco Umbrella Rank: 165127	308 B
1	tvspix.com tvspix.com — Cisco Umbrella Rank: 14862	194 B
1	page.link 1 redirects bilt.page.link	1 KB
138	30

	Domain	Requested by
35	www.biltrewards.com	www.biltrewards.com
10	cdn.userway.org	www.biltrewards.com cdn.userway.org
9	static.biltrewards.com	www.biltrewards.com
8	cdn.segment.com	www.biltrewards.com cdn.segment.com
6	mgln.ai	1 redirects www.biltrewards.com
6	id.biltrewards.com	www.biltrewards.com
5	analytics.tiktok.com	www.biltrewards.com analytics.tiktok.com
5	www.googletagmanager.com	www.biltrewards.com www.googletagmanager.com cdn.segment.com
4	cdn77.api.userway.org	www.biltrewards.com
4	tags.srv.stackadapt.com	www.biltrewards.com tags.srv.stackadapt.com
4	transcend-cdn.com	www.biltrewards.com transcend-cdn.com
3	api.userway.org	www.biltrewards.com
3	www.google.com	1 redirects www.biltrewards.com www.gstatic.com
3	www.datocms-assets.com	www.biltrewards.com
2	rp.liadm.com	2 redirects
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.googleadservices.com	cdn.segment.com www.googleadservices.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	rp4.liadm.com	www.biltrewards.com
2	pixel.tapad.com	2 redirects
2	decagon.ai	www.biltrewards.com decagon.ai
2	flags.biltrewards.com	www.biltrewards.com
2	vitals.vercel-insights.com	www.biltrewards.com
1	sync-transcend-cdn.com	transcend-cdn.com
1	www.facebook.com	www.biltrewards.com
1	www.google.de	www.biltrewards.com
1	api.segment.io	www.biltrewards.com
1	alb.reddit.com	www.biltrewards.com
1	eu.mgln.ai	www.biltrewards.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	b-code.liadm.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com www.biltrewards.com
1	cdn.plaid.com	www.biltrewards.com
1	cdn.deviceinf.com	www.biltrewards.com
1	o441793.ingest.sentry.io	www.biltrewards.com
1	tvspix.com	www.biltrewards.com
1	cdn.mgln.ai	www.biltrewards.com
1	bilt.page.link	1 redirects
0	conversions-config.reddit.com Failed	www.biltrewards.com
138	40

This site contains links to these domains. Also see Links.

Domain
apps.apple.com
play.google.com
instagram.com
twitter.com
facebook.com
youtube.com
www.linkedin.com
legal.biltrewards.com
biltrewards.zendesk.com
bilt.page.link
biltrewards.com
www.biltalliance.com
newsroom.biltrewards.com
allyant.com

Subject Issuer	Validity	Valid
www.biltrewards.com R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh
datocms-assets.com GTS CA 1P5	`2024-04-04` - `2024-07-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
static.biltrewards.com GTS CA 1D4	`2024-03-13` - `2024-06-11`	3 months	crt.sh
mgln.ai E1	`2024-04-07` - `2024-07-06`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
id.biltrewards.com GTS CA 1D4	`2024-03-07` - `2024-06-05`	3 months	crt.sh
tvspix.com Amazon RSA 2048 M03	`2024-03-25` - `2025-04-24`	a year	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
deviceinf.com Cloudflare Inc ECC CA-3	`2024-01-08` - `2024-12-31`	a year	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
transcend-cdn.com GTS CA 1P5	`2024-03-20` - `2024-06-18`	3 months	crt.sh
vercel-insights.com Amazon RSA 2048 M03	`2023-08-23` - `2024-09-19`	a year	crt.sh
flags.biltrewards.com GTS CA 1D4	`2024-04-18` - `2024-07-17`	3 months	crt.sh
decagon.ai R3	`2024-04-27` - `2024-07-26`	3 months	crt.sh
1667503734.rsc.cdn77.org R3	`2024-02-27` - `2024-05-27`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
*.tiktok.com RapidSSL ECC CA 2018	`2023-07-14` - `2024-08-13`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.liadm.com Amazon RSA 2048 M03	`2023-12-02` - `2024-12-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
api.userway.org Amazon RSA 2048 M03	`2023-09-02` - `2024-09-30`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-11` - `2024-05-11`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
sync-transcend-cdn.com E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh
1784939676.rsc.cdn77.org R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.biltrewards.com/app
Frame ID: 25012F5C760F52959762E48A20A91E9B
Requests: 129 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-5KZTNLX
Frame ID: 6A98CF0831117B09BB8970F4205909B1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=dijd38nrevcd
Frame ID: B0B2D622F85086FA314B957AE067FC11
Requests: 1 HTTP requests in this frame

Frame: https://decagon.ai/demo/bilt?defaultVisibility=hidden
Frame ID: BFD9216B0AC3AC0E6A7354AB1F227182
Requests: 1 HTTP requests in this frame

Frame: https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
Frame ID: AFB2921E4F871554AA94A2A4F0389767
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

To pay your rent and start earning points, download the Bilt Rewards mobile app.

Page URL History Show full URLs

https://bilt.page.link/app HTTP 302
https://www.biltrewards.com/app Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

UserWay (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.userway\.org/widget.*\.js

Page Statistics

138
Requests

92 %
HTTPS

43 %
IPv6

30
Domains

40
Subdomains

38
IPs

3
Countries

2776 kB
Transfer

9098 kB
Size

31
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.apple.com/us/app/bilt-rewards/id1565576987

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.biltrewards.bilt

Search URL Search Domain Scan URL

URL: https://instagram.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://twitter.com/BiltRewards

Search URL Search Domain Scan URL

URL: https://facebook.com/biltrewards

Search URL Search Domain Scan URL

URL: https://youtube.com/channel/UCCJoaLWfOJeBx6fD8K58nuQ

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/biltrewards

Search URL Search Domain Scan URL

URL: https://legal.biltrewards.com/policies
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://biltrewards.zendesk.com/hc/en-us
Title: Help Center

Search URL Search Domain Scan URL

URL: https://bilt.page.link/app
Title: App

Search URL Search Domain Scan URL

URL: https://biltrewards.com/p/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.biltalliance.com/
Title: Bilt for Real Estate Partners

Search URL Search Domain Scan URL

URL: https://newsroom.biltrewards.com/
Title: Newsroom

Search URL Search Domain Scan URL

URL: https://allyant.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bilt.page.link/app HTTP 302
https://www.biltrewards.com/app Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67

https://mgln.ai/pixel/sync.gif HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=6a24f95e-bfde-4c52-862a-986652133cde&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=6a24f95e-bfde-4c52-862a-986652133cde&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://eu.mgln.ai/pixel?tapad_id=85c46149-2fd1-49d8-b74a-35a916e85dc0

Request Chain 93

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 106

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 108

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 110

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 0
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 114

https://rp.liadm.com/p?dtstmp=1714775850623&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 302
https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 115

https://rp.liadm.com/p?dtstmp=1714775850623&aid=b-00ri&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ3NzU4NDk3NTMmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgwOW55Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0Nzc1ODQ5NzUzJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&wpn=lc-bundle&cd=.biltrewards.com&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4 HTTP 302
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ3NzU4NDk3NTMmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgwOW55Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0Nzc1ODQ5NzUzJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Request Chain 116

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyN3H68XyhQMVgIuDBx3Rrw33MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8 HTTP 302
https://www.google.com/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyN3H68XyhQMVgIuDBx3Rrw33MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqb1U01EC0oTSZR5PjH9CMoO7thzXMKA&random=3555833139&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyN3H68XyhQMVgIuDBx3Rrw33MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqb1U01EC0oTSZR5PjH9CMoO7thzXMKA&random=3555833139&resp=GooglemKTybQhCsO&ipr=y

138 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request app Show response
www.biltrewards.com/
Redirect Chain

https://bilt.page.link/app
https://www.biltrewards.com/app

72 KB
12 KB

468ms
394ms

Document
text/html

76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

eca9085356b42332f349139ffd7a0354b4d9ee3ebb035a9f1b3fd9fe0eb1eae9

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 8206
cache-control: public, max-age=0, must-revalidate
content-disposition: inline
content-encoding: br
content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 22:37:28 GMT
etag: W/"fbefdc4625c8fab9adcbc49cf6977c46"
referrer-policy: origin
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-content-type-options: nosniff
x-matched-path: /app
x-vercel-cache: HIT
x-vercel-id: fra1::n24x4-1714775847923-11116d5e7301
x-xss-protection: 1; mode=block

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
content-security-policy: require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport script-src 'report-sample' 'nonce-glF6-Xs2hV51-x_rUPdJaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist
content-type: application/binary
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: same-site
date: Fri, 03 May 2024 22:37:27 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
location: https://www.biltrewards.com/app
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 5222.9acf7a39d0f7e0c7.js Show response
www.biltrewards.com/_next/static/chunks/ 9 KB
6 KB 38ms
38ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/5222.9acf7a39d0f7e0c7.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

31caec1e4851b931c1df05ced2d2d2bfddc38a262b5969a62ddc20f629fa6aea

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 8103
content-disposition: inline; filename="5222.9acf7a39d0f7e0c7.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::n24x4-1714775848327-29eb9bbe8381
x-matched-path: /_next/static/chunks/5222.9acf7a39d0f7e0c7.js
etag: W/"fcb51e38d2f6568c38f95940dcfe2d6d"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 webpack-eaff5b43bb74cbbd.js Show response
www.biltrewards.com/_next/static/chunks/ 5 KB
5 KB 44ms
43ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/webpack-eaff5b43bb74cbbd.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c2b94cfc4eef447336e5dfa65487b6920554809090d4ffb57dd3c8a0b4663634

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 8137
content-disposition: inline; filename="webpack-eaff5b43bb74cbbd.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::q49jf-1714775848327-3d919ee87870
x-matched-path: /_next/static/chunks/webpack-eaff5b43bb74cbbd.js
etag: W/"4a0e0b5f6bf30296433f60de3024ee37"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 framework-1cb5eb31953a32ad.js Show response
www.biltrewards.com/_next/static/chunks/ 138 KB
49 KB 37ms
37ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/framework-1cb5eb31953a32ad.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c91c19ffccd38706c6253aa32770f0a4161d70c784c7ac9889c840b2e4cdd3af

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 7916
content-disposition: inline; filename="framework-1cb5eb31953a32ad.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::q49jf-1714775848337-ef64fbe531a3
x-matched-path: /_next/static/chunks/framework-1cb5eb31953a32ad.js
etag: W/"b232b1f759a22755a1027ae24f9477c0"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 main-3ca86c083e350b5d.js Show response
www.biltrewards.com/_next/static/chunks/ 125 KB
41 KB 70ms
70ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3df0ad29adc2dcb93fbdf4a0af7d67edf68ebf5e9a68cef09f93d28c51592ff0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 6689
content-disposition: inline; filename="main-3ca86c083e350b5d.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::nkb2t-1714775848337-fddc1a9f4768
x-matched-path: /_next/static/chunks/main-3ca86c083e350b5d.js
etag: W/"ed73c75c7504be3b841f1781471ada38"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 _app-b76a029f07f48e78.js Show response
www.biltrewards.com/_next/static/chunks/pages/ 2 MB
523 KB 111ms
111ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ea16fe5590dfb6972fe040ca1e726b8c53f5f940f7b187eb431eb3124ef9ecc3

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 8103
content-disposition: inline; filename="_app-b76a029f07f48e78.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::9zlx5-1714775848337-986f8a3748c3
x-matched-path: /_next/static/chunks/pages/_app-b76a029f07f48e78.js
etag: W/"b375e63a3a287de3d74e25b9b988878f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 app-3190794560fbbd16.js Show response
www.biltrewards.com/_next/static/chunks/pages/ 15 KB
8 KB 413ms
413ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/pages/app-3190794560fbbd16.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

db3a4c293163d6e0bc88dbd91c09fc2a855785cff3024c4d8e4ba11982137ced

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="app-3190794560fbbd16.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::62s59-1714775848339-3a171d0e93c9
x-matched-path: /_next/static/chunks/pages/app-3190794560fbbd16.js
etag: W/"a7acb078c399b11a5deb152d5eeb2141"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 _buildManifest.js Show response
www.biltrewards.com/_next/static/F8D1Ibu9gdxs_Pf2p2DHX/ 10 KB
5 KB 121ms
121ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/F8D1Ibu9gdxs_Pf2p2DHX/_buildManifest.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

ad04a2251ac76732b9c8fbb0810ca4017dc3519fa08449c6b898f1e9af6d29fa

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 8103
content-disposition: inline; filename="_buildManifest.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::99zbt-1714775848337-cece8da16dc1
x-matched-path: /_next/static/F8D1Ibu9gdxs_Pf2p2DHX/_buildManifest.js
etag: W/"5c10573175772019ff515ee6b8dcceb9"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 _ssgManifest.js Show response
www.biltrewards.com/_next/static/F8D1Ibu9gdxs_Pf2p2DHX/ 306 B
3 KB 222ms
222ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/F8D1Ibu9gdxs_Pf2p2DHX/_ssgManifest.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

c8ac815b5b86cd8b9184bc6184ee4ee23d88f7759e71b7cfe4b69b4093fa9a1c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Fri, 03 May 2024 22:37:28 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
age: 8103
content-disposition: inline; filename="_ssgManifest.js"
content-length: 306
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::m22s9-1714775848337-5b4b985cb1a5
x-matched-path: /_next/static/F8D1Ibu9gdxs_Pf2p2DHX/_ssgManifest.js
etag: "12f7029b42318d56261fc035872b7a9e"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 1657296459-app.png
www.datocms-assets.com/43819/ 39 KB
39 KB 129ms
61ms Image
image/avif 2606:4700:4400::6812:297e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.datocms-assets.com/43819/1657296459-app.png

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84baf114519f46a19ea21f24cefad7b47efa7f71cd3671e72cbf04911fec362b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 218009
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 8c03181168f105300cac35fa4752d7a1dc3ea510
x-status: HIT
content-length: 39834
x-xss-protection: 1; mode=block
x-served-by: cache-sjc1000087-SJC, cache-iad-kiad7000085-IAD
last-modified: Wed, 17 Apr 2024 19:47:03 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 87e3bc5c6ec40368-FRA
timing-allow-origin: *
expires: Sat, 03 May 2025 22:37:28 GMT

GET
H2 200 1657569961-redeem-points-app.png
www.datocms-assets.com/43819/ 37 KB
37 KB 134ms
66ms Image
image/avif 2606:4700:4400::6812:297e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.datocms-assets.com/43819/1657569961-redeem-points-app.png

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

143e1e74e5cc9c6083b8322248f0e552d0499178431c08287cb4fa41ae99cc58

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 601499
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: cce18e42eaa868183b5ea7382a6cb332778c4580
x-status: HIT
content-length: 37702
x-xss-protection: 1; mode=block
x-served-by: cache-sjc1000093-SJC, cache-iad-kiad7000063-IAD
last-modified: Wed, 17 Apr 2024 16:23:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 87e3bc5c6ec60368-FRA
timing-allow-origin: *
expires: Sat, 03 May 2025 22:37:28 GMT

GET
H2 200 ns.html
www.googletagmanager.com/ Frame 6A98 0
0 89ms
33ms Document
text/html 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/ns.html?id=GTM-5KZTNLX

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-encoding: br
content-length: 92
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 May 2024 22:37:28 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
vary: *
x-xss-protection: 0

GET
H2 200 haze5.jpg
static.biltrewards.com/assets/other/ 119 KB
119 KB 122ms
31ms Image
image/jpeg 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/other/haze5.jpg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ba5d21119b9f5b6e7961eb16778c3a33489ad3e9f820d12a7e957f811ebb8712

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:02:30 GMT
age: 2098
x-guploader-uploadid: ABPtcProy6xekKfDi3hAANsZ8Z6q96ytmylYm-06lEJPe4THB7__K3XeIPgRIThuqOZk-ssNLTQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121667
last-modified: Wed, 10 Apr 2024 17:52:26 GMT
server: UploadServer
etag: "ba898aee597d94b5eefa37fee1516662"
vary: Origin
x-goog-generation: 1712771546249561
x-goog-hash: crc32c=N+cFmA==, md5=uomK7ll9lLXu+jf+4VFmYg==
content-type: image/jpeg
cache-control: public,max-age=3600
x-goog-stored-content-length: 121667
accept-ranges: bytes

GET
H2 200 GT-America-Extended-Bold.woff2
static.biltrewards.com/fonts/ 63 KB
63 KB 160ms
77ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Extended-Bold.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:33:25 GMT
age: 243
x-guploader-uploadid: ABPtcPrecwDIgn-aXSjmxdlkawwvID0SHii0C-1pZo6Ox0oB6_TvwqLAKzSsAGQegjIDvlORqa62rkx4qg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523728054486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64096
last-modified: Mon, 20 Mar 2023 23:30:33 GMT
server: UploadServer
etag: "62d21cb9a8474aa65c284dc0af48bc30"
vary: Origin
x-goog-generation: 1679355033778551
x-goog-hash: crc32c=ri+bug==, md5=YtIcuahHSqZcKE3Ar0i8MA==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 64096
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 GT-America-Condensed-Light.woff2
static.biltrewards.com/fonts/ 61 KB
61 KB 180ms
98ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Condensed-Light.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 20:59:45 GMT
age: 5863
x-guploader-uploadid: ABPtcPp79J0TGJ0DhIYEAtz6OOAETWq0bhNwQqtWsqvwA_eZFMbOzW_nY-rOJyPPyIBrziQzSQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523727372600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62684
last-modified: Mon, 20 Mar 2023 23:30:33 GMT
server: UploadServer
etag: "6aa535284dd3ad74ea5e654866808275"
vary: Origin
x-goog-generation: 1679355033559918
x-goog-hash: crc32c=yOdKrw==, md5=aqU1KE3TrXTqXmVIZoCCdQ==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 62684
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 GT-America-Standard-Regular.woff2
static.biltrewards.com/fonts/ 57 KB
57 KB 113ms
31ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Regular.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 21:51:47 GMT
age: 2741
x-guploader-uploadid: ABPtcPr0vKMf4H2g7rPVdBQp_H7w4pTcI9jNPoVH7wpnQ2UI0eR0IyGWgSz3cl1WmZ9awQOkZfh6x3jcGA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523730209285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58164
last-modified: Mon, 20 Mar 2023 23:30:32 GMT
server: UploadServer
etag: "34faea2a319852842506af0b1871af2f"
vary: Origin
x-goog-generation: 1679355032260337
x-goog-hash: crc32c=3JtdcA==, md5=NPrqKjGYUoQlBq8LGHGvLw==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 58164
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 Button-AppStore.svg
www.biltrewards.com/assets/ 18 KB
10 KB 394ms
394ms Image
image/svg+xml 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.biltrewards.com/assets/Button-AppStore.svg

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d36581d12cf8cf9ba65fffd3c7c864e5b3dd472906fe2e203519b4fe0b13f7b4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="Button-AppStore.svg"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::nkb2t-1714775848352-1e4cf0046665
x-matched-path: /assets/Button-AppStore.svg
etag: W/"445654192ea9f0104036725c0cceea03"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 Button-GooglePlay.svg
www.biltrewards.com/assets/ 15 KB
9 KB 411ms
411ms Image
image/svg+xml 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.biltrewards.com/assets/Button-GooglePlay.svg

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

52d615829959af7f19081ab71b18ac06dfaa032d417653288b42210fb1afe6a4

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 0
content-disposition: inline; filename="Button-GooglePlay.svg"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::q49jf-1714775848352-bf777846cd04
x-matched-path: /assets/Button-GooglePlay.svg
etag: W/"a7a634c72faaec9c9a15ddaa8c1cf119"
x-vercel-cache: HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 282 KB
95 KB 111ms
45ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3ddeb8f216ffeb7c751f94c9364df276b3d774f7acd8c52ed280f3d3f3ad988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97348
x-xss-protection: 0
last-modified: Fri, 03 May 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 03 May 2024 22:37:28 GMT

GET
H2 200 pixel.min.js Show response
cdn.mgln.ai/ 4 KB
2 KB 389ms
36ms Script
application/javascript 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mgln.ai/pixel.min.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
x-amz-version-id: Qluw.Dmpsqk5N8uDOhUTz5or_W6D3CxC
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KHS0TG223HT7SWZ6
age: 5874
x-amz-server-side-encryption: AES256
x-amz-id-2: Kp1ZgS86elNyoFK2F6b2+hneHwnG5ASas6d/rvQ4kwbUmNuK7KePMxD+QXiNAYW2HkzeaaWqCdw=
last-modified: Thu, 08 Dec 2022 20:53:16 GMT
server: cloudflare
etag: W/"37bf51efaf3af89068b080c2d9635113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zd%2BqjlwuQ7ihr%2FAWHP%2B9ks6YuoYG2oywNCH0TTN%2FqQphp2joVStuuCIejBdfdaliEfiQYHsW4QZxCoZ5v6fbbXw1OHK%2FuXY1FnGncXAiSXX0eLiYqwQgUaM7TG0YDBT0Wuw48JD86nVa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 87e3bc618dc85d74-FRA

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 103 KB
28 KB 402ms
46ms Script
text/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 43ce35def7558be28d30002de7984ab770ebc989155fe2c504b39cf00c9798d2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: ae9tTaCQsftD7OUK1p_lw9fULTYnIDR4
content-encoding: br
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
date: Fri, 03 May 2024 22:37:08 GMT
x-amz-cf-pop: FRA6-C1
age: 106
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 25 Apr 2024 19:48:18 GMT
server: AmazonS3
etag: W/"da00d4407118f62fd911cbfc6ad4782f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: 2P2iYZKSMQgvg4k61kvhr6Ip1_Jgf2KNVUk0P6q-iUl3pBNgNqmLDA==

GET
H2 200 fs.js Show response
id.biltrewards.com/fsedge/s/ 270 KB
73 KB 409ms
53ms Script
application/javascript 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsedge/s/fs.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:02:21 GMT
content-encoding: br
via: 1.1 google
age: 2108
x-guploader-uploadid: ABPtcPq9_7XOCyBSycsRZNc_P6Spk7S7yrqUI6QQjHwkYLGpasTNz1MM5RKRMBcPTJZU9g1es-7hBOgFlQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74572
last-modified: Wed, 01 May 2024 18:59:38 GMT
server: UploadServer
etag: "9568c49933648165a4b57d6134954fb0"
vary: Accept-Encoding
x-goog-generation: 1714589978252932
x-goog-hash: crc32c=TIbhRA==, md5=lWjEmTNkgWWktX1hNJVPsA==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=3600,no-transform
x-goog-stored-content-length: 74572
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 03 May 2024 23:02:21 GMT

GET
H2 200 t.png
tvspix.com/ 68 B
194 B 1191ms
209ms Image
image/png 52.39.83.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tvspix.com/t.png?&t=1714775848837&l=tvscientific-pix-o-946859a1-af7d-49da-bef5-a1dcf030077a&u3=https%3A%2F%2Fwww.biltrewards.com%2Fapp
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.39.83.198 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-39-83-198.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
pragma: no-cache
date: Fri, 03 May 2024 22:37:29 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 68
expires: 0

POST
H2 200 / Show response
o441793.ingest.sentry.io/api/5823479/envelope/ 2 B
308 B 368ms
35ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o441793.ingest.sentry.io/api/5823479/envelope/?sentry_key=50f039ff934e419597bde8e7652fc3d8&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.112.2

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 GT-America-Extended-Bold.woff2
static.biltrewards.com/fonts/ 63 KB
0 0ms
0ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Extended-Bold.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:33:25 GMT
age: 243
x-guploader-uploadid: ABPtcPrecwDIgn-aXSjmxdlkawwvID0SHii0C-1pZo6Ox0oB6_TvwqLAKzSsAGQegjIDvlORqa62rkx4qg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523728054486
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64096
last-modified: Mon, 20 Mar 2023 23:30:33 GMT
server: UploadServer
etag: "62d21cb9a8474aa65c284dc0af48bc30"
vary: Origin
x-goog-generation: 1679355033778551
x-goog-hash: crc32c=ri+bug==, md5=YtIcuahHSqZcKE3Ar0i8MA==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 64096
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 GT-America-Condensed-Light.woff2
static.biltrewards.com/fonts/ 61 KB
42 B 37ms
37ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Condensed-Light.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:28 GMT
age: 0
x-guploader-uploadid: ABPtcPp79J0TGJ0DhIYEAtz6OOAETWq0bhNwQqtWsqvwA_eZFMbOzW_nY-rOJyPPyIBrziQzSQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523727372600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62684
last-modified: Mon, 20 Mar 2023 23:30:33 GMT
server: UploadServer
etag: "6aa535284dd3ad74ea5e654866808275"
vary: Origin
x-goog-generation: 1679355033559918
x-goog-hash: crc32c=yOdKrw==, md5=aqU1KE3TrXTqXmVIZoCCdQ==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 62684
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 GT-America-Standard-Regular.woff2
static.biltrewards.com/fonts/ 57 KB
0 0ms
0ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Regular.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 21:51:47 GMT
age: 2741
x-guploader-uploadid: ABPtcPr0vKMf4H2g7rPVdBQp_H7w4pTcI9jNPoVH7wpnQ2UI0eR0IyGWgSz3cl1WmZ9awQOkZfh6x3jcGA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-x-goog-reserved-source-generation: 1668523730209285
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58164
last-modified: Mon, 20 Mar 2023 23:30:32 GMT
server: UploadServer
etag: "34faea2a319852842506af0b1871af2f"
vary: Origin
x-goog-generation: 1679355032260337
x-goog-hash: crc32c=3JtdcA==, md5=NPrqKjGYUoQlBq8LGHGvLw==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 58164
accept-ranges: bytes
content-type: application/octet-stream

GET
H2 200 ada-compliance.js Show response
www.biltrewards.com/assets/vendor/ 2 KB
3 KB 45ms
45ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/assets/vendor/ada-compliance.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:28 GMT
strict-transport-security: max-age=63072000
age: 8198
content-disposition: inline; filename="ada-compliance.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::hjtld-1714775848965-00ad340a12ab
x-matched-path: /assets/vendor/ada-compliance.js
etag: W/"d2b0d05ef1d0990b8dd364cf4b0461b6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H3 200 agent.js Show response
cdn.deviceinf.com/js/v4/ 310 KB
99 KB 299ms
54ms Script
application/javascript 172.67.136.129
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.deviceinf.com/js/v4/agent.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.136.129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
x-amz-version-id: oBwuMALhSWNlluJ4Z9BGO_.GELHIAD3H
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P1
age: 264
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 20 Dec 2022 16:00:08 GMT
server: cloudflare
etag: W/"c34c3067f651e0fea2609171ab7bfec0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1BsKZXc%2FHeFnBIAWQH8HUg6qIEcetvD6i0ywnhLt3PR0IFSsotdn4ndHEcAGY9VXCQGS56mQSPrujmtUgN%2FjTjAIU0THFkCGDqGCnUcNLi%2BOujbOu43M7vC9tYszH4k7Wt2nA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 87e3bc619ad09745-FRA
x-amz-cf-id: u3Ao2P3ngcgNDPnsHsCe0emyZkFT5eZGqaGJ2lXBFKt0Xj7TGUlTJQ==

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 156 KB
43 KB 324ms
74ms Script
text/javascript 13.33.187.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-92.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fee988d0a4b149a9ce3c30d63733d83d3c257368af50883bc9027fe0614dd522

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Z7GeVqqfJdx39lnO1DYeFIFqbuv5g4L4
content-encoding: br
via: 1.1 a6ec089aa02839578670b49d128782c2.cloudfront.net (CloudFront)
date: Fri, 03 May 2024 19:38:23 GMT
x-amz-request-id: 280NNR8J0YS5TBP8
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
age: 10765
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: wQc0VZ5+QkdHSy1sSlpgiITAMtonN5C/ncgx47EkUX139vrqtCp8OdFSWMGHI6j1242W0wWts0w=
last-modified: Thu, 02 May 2024 22:23:48 GMT
server: AmazonS3
etag: W/"fb1152b407f358b0c91a2c5cb2d8cdbc"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: tzx-mGcJrkTI5MWusMSMO1x0780M-siPs33K3B-ScAht08dXm0tUFw==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
927 B 292ms
45ms Script
text/javascript 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

GSE /

Resource Hash

25bec41e9f6dbc851e40687dc3aca88eb7f24515b8c04113e0a8bce69aefc57f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Fri, 03 May 2024 22:37:29 GMT

GET
H2 200 airgap.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 105 KB
43 KB 294ms
48ms Script
text/javascript 2606:4700:3108::ac42:28c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:28c4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 32988
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"f40739130aa0cc889c7fc63c2ffe78ae"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e3bc618f715d87-FRA
expires: Fri, 03 May 2024 22:38:29 GMT

POST
H2 200 vitals
vitals.vercel-insights.com/v1/ 2 B
166 B 310ms
73ms Ping
text/plain 108.128.159.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vitals.vercel-insights.com/v1/vitals
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.159.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-159-11.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
x-ratelimit-reset: 60
x-ratelimit-limit: 1000
cross-origin-resource-policy: cross-origin
content-length: 2
x-ratelimit-remaining: 999
content-type: text/plain; charset=utf-8

GET
H2 200 rent-day Show response
www.biltrewards.com/api/ 161 B
3 KB 31ms
31ms XHR
application/json 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/api/rent-day

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

51ba927d0c37fbfee18d263bbcc41c71d1bd4663120bfea42500cec812f03cea

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
baggage: sentry-environment=production,sentry-release=401aa281d078c4ad4f305df9464f599516f8f085,sentry-public_key=50f039ff934e419597bde8e7652fc3d8,sentry-trace_id=3c24659cbac24d5d87815ce6a8cbf378,sentry-sample_rate=0.025,sentry-transaction=%2Fapp,sentry-sampled=false
sentry-trace: 3c24659cbac24d5d87815ce6a8cbf378-9075f674cdef7f51-0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Fri, 03 May 2024 22:37:07 GMT
referrer-policy: origin
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::cle1::hjtld-1714775848981-0fd6cf43f9a8
age: 21
x-content-type-options: nosniff
etag: "cu8q0wygyr4h"
x-vercel-cache: HIT
x-matched-path: /api/rent-day
content-type: application/json; charset=utf-8
cache-control: public
content-length: 161
x-xss-protection: 1; mode=block

GET
H2 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
397 B 410ms
183ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 9b3109ac7d26fa72ad05c0891ac8986310ca847962a146bb1a2112a1f909fc47

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: 5003c3f668fa2c91572faca98d7248e6
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161

GET
H2 200 frontend Show response
flags.biltrewards.com/api/ 5 KB
980 B 148ms
147ms Fetch
application/json 34.160.241.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=910516597&appName=bilt-rewards&environment=default
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash: 8077def44dac6d0007fe546fa48014b104b349456393acce1bfb3670ae78ae21

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
Authorization: bilt-frontend:production.4ecbf2972c41cd20e95e223a3a8f1be63d54d659b61391749811b96e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json
Referer: https://www.biltrewards.com/
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
via: 1.1 google
etag: W/"1515-i6TiJdKAP_PV9mK34XdcUA=="
vary: accept-encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 bilt.js Show response
decagon.ai/loaders/ 3 KB
1 KB 225ms
50ms Script
application/javascript 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://decagon.ai/loaders/bilt.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
strict-transport-security: max-age=63072000
server: Vercel
x-vercel-id: fra1::42tpz-1714775849214-2381bf65e0c9
age: 846
x-matched-path: /loaders/bilt.js
etag: W/"653cacd6241644d8457a997c6cf05e54"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="bilt.js"

GET
H2 200 Allyant_Accessibility_Badge.svg
static.biltrewards.com/assets/footer/ 9 KB
9 KB 33ms
33ms Image
image/svg+xml 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.biltrewards.com/assets/footer/Allyant_Accessibility_Badge.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 21:57:41 GMT
age: 2388
x-guploader-uploadid: ABPtcPrcTkYWhlA7wgksluyRDzbwuTWh8e2-mQl8Anejgxo5Cmw6NjbOcBvHsOo1VVwaYcq6Vs6HDBXk6g
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8902
last-modified: Mon, 22 Apr 2024 14:38:56 GMT
server: UploadServer
etag: "ec60b6278480c91cc0bdf8f7b2891638"
vary: Origin
x-goog-generation: 1713796736912798
x-goog-hash: crc32c=PEyyKw==, md5=7GC2J4SAyRzAvfj3sokWOA==
content-type: image/svg+xml
cache-control: public,max-age=3600
x-goog-stored-content-length: 8902
accept-ranges: bytes

GET
H2 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
244 B 534ms
175ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b2eb966323b30aa81a4c532919f886235fb76221bece6da5bf5660abf39e1c2e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: 73501cbf0c9b790a71b93667e59db820
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 160

GET
H3 200 GT-America-Standard-Medium.woff2
static.biltrewards.com/fonts/ 56 KB
56 KB 39ms
39ms Font
application/octet-stream 35.241.5.91
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.biltrewards.com/fonts/GT-America-Standard-Medium.woff2
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.5.91 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 91.5.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 21:51:47 GMT
age: 2742
x-guploader-uploadid: ABPtcPo83ZVfvTsQFeDji1R4mz6a1LHB9ceZRFB4N6BHSsndgfHDzdxXAfSkcyv4z4b_qvbrvatfysGJew
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57076
last-modified: Wed, 24 May 2023 18:38:03 GMT
server: UploadServer
etag: "63dc66a0acb63f7b9c52d3a1996896dc"
vary: Origin
x-goog-generation: 1684953483763390
x-goog-hash: crc32c=rAUnxg==, md5=Y9xmoKy2P3ucUtOhmWiW3A==
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public,max-age=3600
x-goog-stored-content-length: 57076
accept-ranges: bytes
content-type: application/octet-stream

GET
H3 400 token Show response
id.biltrewards.com/public/user/authentication/ 164 B
183 B 691ms
176ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/public/user/authentication/token
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: ae711693ddd734b0b9f3e56194208a6b1fe16460c00591b24ffa9b8df3406f3f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept: application/json, text/plain, */*
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
via: 1.1 google
server: Google Frontend
content-type: application/json;
access-control-allow-origin: https://www.biltrewards.com
x-cloud-trace-context: e4cf292cd104bc824bdffd77c3e9eed8
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161

GET
H2 200 card.json Show response
www.biltrewards.com/_next/data/F8D1Ibu9gdxs_Pf2p2DHX/ 71 KB
11 KB 36ms
36ms Fetch
text/x-component 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/data/F8D1Ibu9gdxs_Pf2p2DHX/card.json

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

a686a93f452cf5ccdf545159d02dbb77540c5d182dd4dad0fc5ef89458eb372b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
x-nextjs-data: 1
purpose: prefetch
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://www.biltrewards.com/
baggage: sentry-environment=production,sentry-release=401aa281d078c4ad4f305df9464f599516f8f085,sentry-public_key=50f039ff934e419597bde8e7652fc3d8,sentry-trace_id=3c24659cbac24d5d87815ce6a8cbf378,sentry-sample_rate=0.025,sentry-transaction=%2Fapp,sentry-sampled=false
sentry-trace: 3c24659cbac24d5d87815ce6a8cbf378-891af6ddfa6df097-0
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8229
content-disposition: inline
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::9zlx5-1714775849075-0e530b9c0757
x-matched-path: /_next/data/F8D1Ibu9gdxs_Pf2p2DHX/card.json
etag: W/"752ece8ea693169739d93653847fd796"
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
content-type: text/x-component
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 2053-7f835efa20181010.js
www.biltrewards.com/_next/static/chunks/ 0
7 KB 77ms
77ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/2053-7f835efa20181010.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="2053-7f835efa20181010.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::b6rmx-1714775849207-600b8f08b929
x-matched-path: /_next/static/chunks/2053-7f835efa20181010.js
etag: W/"cbca72d95ce427e07cd4f038dc73b853"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8832-d1152a37b7de30d5.js
www.biltrewards.com/_next/static/chunks/ 0
5 KB 38ms
37ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8832-d1152a37b7de30d5.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="8832-d1152a37b7de30d5.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::nkb2t-1714775849207-d98217da0220
x-matched-path: /_next/static/chunks/8832-d1152a37b7de30d5.js
etag: W/"2b151b0fb1059a6e8e5b4ab080ba4427"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 3375-8db6cf4ac1840b11.js
www.biltrewards.com/_next/static/chunks/ 0
5 KB 37ms
37ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/3375-8db6cf4ac1840b11.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="3375-8db6cf4ac1840b11.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::hjtld-1714775849207-63d66ae8d24d
x-matched-path: /_next/static/chunks/3375-8db6cf4ac1840b11.js
etag: W/"aff4bc6f8fad200df992d29091f009f6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8905-dba232020b6837e5.js
www.biltrewards.com/_next/static/chunks/ 0
11 KB 39ms
39ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8905-dba232020b6837e5.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="8905-dba232020b6837e5.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::99zbt-1714775849207-787e7edd1886
x-matched-path: /_next/static/chunks/8905-dba232020b6837e5.js
etag: W/"8f6d31267e03987423d76c087903d536"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1281-b6ab15b248ecd28c.js
www.biltrewards.com/_next/static/chunks/ 0
6 KB 40ms
40ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1281-b6ab15b248ecd28c.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="1281-b6ab15b248ecd28c.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wckpj-1714775849208-98227daa343d
x-matched-path: /_next/static/chunks/1281-b6ab15b248ecd28c.js
etag: W/"27972eaff346663cc47463fa97afc973"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1309-1f697375d1d90c78.js
www.biltrewards.com/_next/static/chunks/ 0
12 KB 70ms
70ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1309-1f697375d1d90c78.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="1309-1f697375d1d90c78.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::8t5gs-1714775849208-be328de6ff2e
x-matched-path: /_next/static/chunks/1309-1f697375d1d90c78.js
etag: W/"81e538812a572cacb0387af0832635f4"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9966-a2a017dba6e8e167.js
www.biltrewards.com/_next/static/chunks/ 0
9 KB 90ms
90ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9966-a2a017dba6e8e167.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="9966-a2a017dba6e8e167.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bzdw4-1714775849213-a07a1909fc44
x-matched-path: /_next/static/chunks/9966-a2a017dba6e8e167.js
etag: W/"b840ddd22fcb6c89997f2e922d61325f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1801-d778edc9c211751e.js
www.biltrewards.com/_next/static/chunks/ 0
9 KB 76ms
76ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1801-d778edc9c211751e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 7916
content-disposition: inline; filename="1801-d778edc9c211751e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::22c4j-1714775849209-3f64c65d71aa
x-matched-path: /_next/static/chunks/1801-d778edc9c211751e.js
etag: W/"31572e13cc3009f02d1fb32288b80712"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 410-c1b4e16dbcff6b7e.js
www.biltrewards.com/_next/static/chunks/ 0
13 KB 79ms
79ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/410-c1b4e16dbcff6b7e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="410-c1b4e16dbcff6b7e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gb4vc-1714775849209-e10081f02e0e
x-matched-path: /_next/static/chunks/410-c1b4e16dbcff6b7e.js
etag: W/"bcb6e5adfa923cbdbe2f2761f1c5f88f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 card-57d07153bea67a40.js
www.biltrewards.com/_next/static/chunks/pages/ 0
3 KB 72ms
72ms Other
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/pages/card-57d07153bea67a40.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Fri, 03 May 2024 22:37:29 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
age: 8104
content-disposition: inline; filename="card-57d07153bea67a40.js"
content-length: 293
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bw4xs-1714775849210-21f6741c499e
x-matched-path: /_next/static/chunks/pages/card-57d07153bea67a40.js
etag: "2167d84fc29cf6e1a5c7a343b9d362f7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

OPTIONS
H2 200 frontend
flags.biltrewards.com/api/ Frame 0
0 381ms
153ms Preflight 34.160.241.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://flags.biltrewards.com/api/frontend?sessionId=910516597&appName=bilt-rewards&environment=default
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.241.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.241.160.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: OPTIONS, CONNECT, HEAD, PATCH, TRACE, POST, PUT, DELETE, GET
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 03 May 2024 22:37:29 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google

GET
H2 200 widget.js Show response
cdn.userway.org/ 2 KB
2 KB 98ms
25ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/assets/vendor/ada-compliance.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 66a9737875a0f5a00048fb2ed685946f0abd0649d44735b8460bf99821664c54

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:29 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 758
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 236
x-accel-date: 1714775613
x-77-nzt: EgwBw7WvJwH37AAAAAwBJRPCNAH3DAAAAA
x-accel-expires: @1714779213
x-77-age: 236
last-modified: Tue, 30 Apr 2024 12:17:00 GMT
server: CDN77-Turbo
etag: W/"2de2d3a4fa8cc3535ca51bf797159fd8"
x-77-nzt-ray: 25b0213160ebbfb8296735664858ba12
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
content-type: application/javascript
x-amz-cf-id: FjLLrJblqV2AH6bGM9C3i_P1fjBMP88bVQ9tDbiFlAWwq8LozJrkhg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 256 KB
88 KB 36ms
36ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10874839969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7a3bed4b149bea12720998a501f1d977e449841bf0f651312ae9e532a7f37e2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89772
x-xss-protection: 0
last-modified: Fri, 03 May 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 03 May 2024 22:37:29 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 288 KB
98 KB 58ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-QLSYZKSM0E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7a60c755c1b63a6a75a630ec292d75c3600bbe88778f12104d2576221be05221

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 100250
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 03 May 2024 22:37:29 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 38 KB
12 KB 85ms
26ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 57bd3463acfad02c222f7beac208f69df5507f7de42fa38b18a1e1e48df2a44a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 24 Apr 2024 17:35:49 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "c4d61fbb6e730a840c7f140cbb9bcd06"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 11214

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 278ms
170ms Script
application/javascript 104.126.37.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-185.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 90055bd27913b60e8cfc7839e66f3bfbdc37bbdda9354b914a7cba50b414a9d9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 11a6ea30
date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240503223729C421811DC4E3083BCEE6-473E9842051CCCC7-00
x-cache: TCP_MISS from a104-126-37-181.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
server-timing: inner; dur=4, cdn-cache; desc=MISS, edge; dur=4, origin; dur=111
content-length: 2236
pragma: no-cache
server: nginx
x-tt-logid: 20240503223729C421811DC4E3083BCEE6
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 111,104.126.37.181
x-tt-trace-host: 01830b7dd967e2b758146f097fc56346848872c00661f63d8ce6a88711f224304737b75d5a60697c9b1266a73575739ea774d32e60398714aa5c8816d19d6dfc8f3e795fe841dfa494ef312535b7d3ca632fff3b0ef9fa3766483bff18afbef9d6
expires: Fri, 03 May 2024 22:37:29 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 205ms
128ms Script
text/javascript 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 20fe9adfaea7dc50dbc0483bce8e4075b6efe699b31516ea88ab653b4a152ac9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 03 May 2024 22:37:29 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 b-00ri.min.js Show response
b-code.liadm.com/ 101 KB
36 KB 107ms
30ms Script
application/javascript 2600:9000:275d:6c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/b-00ri.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275d:6c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 16:47:23 GMT
content-encoding: gzip
via: 1.1 b166ca183629eada7c88ffe6bf8562a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P11
age: 21006
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public,max-age=86400
x-amz-cf-id: lOZGXm03_aRcR53eMnNz7Wfb_sJk53tMHgITE9VkNNvFFrNumHW8Dw==

GET
H2 204 init Show response
mgln.ai/ 0
1 KB 143ms
134ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/init

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D
x-request-id: 99554547-3a15-4b0a-9ac6-d23dd5669043
x-runtime: 0.001046
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e3bc61ee025d74-FRA

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 3 KB
2 KB 111ms
41ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/settings
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 0J8FdXNAYV1z6ofZJjahVic3IXJOIsUZ
content-encoding: br
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
date: Fri, 03 May 2024 22:29:52 GMT
x-amz-cf-pop: FRA6-C1
age: 458
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Apr 2024 17:43:55 GMT
server: AmazonS3
etag: W/"9c420e2783cc9b135277d88d374c741a"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: Fuki0qCj12AC1XdLYZy3JCSkphm_4rYGZ0im-btghKRxsXHIIgl9jw==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/ 509 KB
203 KB 100ms
27ms Script
text/javascript 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 14:49:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114458
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 207268
x-xss-protection: 0
last-modified: Mon, 22 Apr 2024 21:03:35 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 02 May 2025 14:49:51 GMT

GET
H3 200 ui.js Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 295 KB
83 KB 114ms
66ms Script
text/javascript 172.66.40.196
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.40.196 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46683
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"2ff4fae52b8ac954d5874b92987806e9"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e3bc6298985d6d-FRA
expires: Fri, 03 May 2024 22:38:29 GMT

GET
H2 200 web Show response
id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/ 6 KB
7 KB 162ms
162ms XHR
application/json 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://id.biltrewards.com/fsrelay/s/settings/13PEW8/v1/web
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 245.183.110.34.bc.googleusercontent.com
Software: /
Resource Hash: bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Fri, 03 May 2024 22:37:29 GMT
via: 1.1 google, 1.1 google
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json; charset=utf-8

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 98ms
34ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-QLSYZKSM0E&gtm=45je4510v874427215z8863411406za200&_p=1714775848834&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1144161262.1714775849&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714775849&sct=1&seg=0&dl=https%3A%2F%2Fwww.biltrewards.com%2Fapp&dt=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2341
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QLSYZKSM0E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 03 May 2024 22:37:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.biltrewards.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 view Show response
mgln.ai/ 0
111 B 62ms
61ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D
x-request-id: 0f887b2c-b068-425b-a730-9e91f22a4cfa
x-runtime: 0.002014
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e3bc641fe25d74-FRA

POST
H2 204 view Show response
mgln.ai/ 0
88 B 117ms
117ms XHR
text/plain 2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mgln.ai/view

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-length: 0
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D
x-request-id: f0563e55-f376-4efa-9be7-f2f3bbe90027
x-runtime: 0.002811
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
access-control-max-age: 7200
access-control-allow-methods: GET, POST
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D"}]}
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
x-frame-options: SAMEORIGIN
access-control-allow-credentials: true
cache-control: no-cache
vary: Origin
cf-ray: 87e3bc641fe55d74-FRA

GET
H2

200

pixel
eu.mgln.ai/
Redirect Chain

https://mgln.ai/pixel/sync.gif
https://pixel.tapad.com/idsync/ex/receive?partner_id=3365&partner_device_id=6a24f95e-bfde-4c52-862a-986652133cde&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3365&partner_device_id=6a24f95e-bfde-4c52-862a-986652133cde&partner_url=https%3A%2F%2Feu.mgln.ai%2Fpixel%3Ftapad_id%3D%24%7BTA_DEVICE_ID%7D
https://eu.mgln.ai/pixel?tapad_id=85c46149-2fd1-49d8-b74a-35a916e85dc0

43 B
603 B

153ms
141ms

Image
image/gif

2606:4700:20::681a:2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://eu.mgln.ai/pixel?tapad_id=85c46149-2fd1-49d8-b74a-35a916e85dc0

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Server

2606:4700:20::681a:2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
Strict-Transport-Security	max-age=0; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 03 May 2024 22:37:30 GMT
content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'none'; script-src 'self' https: 'nonce-'; style-src 'self' https:
x-content-type-options: nosniff
strict-transport-security: max-age=0; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: DYNAMIC
via: 1.1 vegur
content-transfer-encoding: binary
content-disposition: inline; filename="magellan_pixel.gif"; filename*=UTF-8''magellan_pixel.gif
content-length: 43
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775850&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=UNJETYuILu%2FfAudpu4vDLborE9tp4EnqvBGz8dmHDZQ%3D
x-request-id: c62b4788-3460-4722-8898-345bfb0cac68
x-runtime: 0.002049
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a065920df8cc4016d67c3a464be90099"
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775850&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=UNJETYuILu%2FfAudpu4vDLborE9tp4EnqvBGz8dmHDZQ%3D"}]}
content-type: image/gif
vary: Origin
cache-control: max-age=0, private, must-revalidate
cf-ray: 87e3bc6679445d74-FRA

Redirect headers

date: Fri, 03 May 2024 22:37:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://eu.mgln.ai/pixel?tapad_id=85c46149-2fd1-49d8-b74a-35a916e85dc0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 183ms
123ms Preflight 2606:4700:20::ac43:484f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:484f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87e3bc635ab21976-FRA
content-length: 0
date: Fri, 03 May 2024 22:37:29 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D
server: cloudflare
via: 1.1 vegur

OPTIONS
H2 200 view
mgln.ai/ Frame 0
0 185ms
125ms Preflight 2606:4700:20::ac43:484f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mgln.ai/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:484f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: https://www.biltrewards.com
access-control-expose-headers: Set-Cookie
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 87e3bc635ab51976-FRA
content-length: 0
date: Fri, 03 May 2024 22:37:29 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1714775849&sid=812dcc77-0bd0-43b1-a5f1-b25750382959&s=L4ics8pHvQfbhP6U2lMyGF7fU69JpRzTvpH%2BA8R3pVs%3D
server: cloudflare
via: 1.1 vegur

GET
H2 200 widget_app_base_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/ 153 KB
44 KB 76ms
25ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7b4cdce57f8fddd34bfda991ea0073b28e5440c8406149a721db6542135c319c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:29 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 762
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295581
x-accel-date: 1714480268
x-77-nzt: EgwBw7WvJwH3nYIEAAwB1GY4EQH3BwAAAA
x-accel-expires: @1740400261
x-77-age: 295581
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"de02da26b05523fea66308b0c5dccf8e"
x-77-nzt-ray: 25b02131e5ef1ebb29673566c947111d
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: PIY8DBMQcK17QVsuw40AljZHyfCxYacybGngBJ3weKYURUiowfc0aQ==

GET t2_7lmxmkme_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 0
0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 411ms
31ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1714775849425&id=t2_7lmxmkme&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=9a6a754e-1e6d-4144-99b6-065b3fa549a2&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_3ba1cddf&dpm=&dpcc=&dprc=
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

PUT error
conversions-config.reddit.com/v1/pixel/ 0
0

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 30ms
30ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 15:05:40 GMT
x-amz-version-id: 1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding: br
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 1582310
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Apr 2024 21:39:45 GMT
server: AmazonS3
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: zc3QJ9orGygm1gAFACqPSRTdFUF9Nd_WQMjt9t3CsCBJ_LCx3cFf4Q==

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame B0B2 0
0 133ms
63ms Document
text/html 216.58.212.164
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdUsBMkAAAAAGCY6fvbV46vZCjoomh2kmbSEGnc&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=V6_85qpc2Xf2sbe3xTnRte7m&size=invisible&cb=dijd38nrevcd

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.164 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wqfSPKyXcQbXRKhi9shU4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wqfSPKyXcQbXRKhi9shU4w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 May 2024 22:37:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cm.css
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ 15 KB
4 KB 62ms
61ms Stylesheet
text/css 172.66.40.196
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/cm.css

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/ui.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.40.196 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46682
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"58539a2b908f4e73e04d4f950b1b35a3"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e3bc64d86c5d4e-FRA
expires: Fri, 03 May 2024 22:38:29 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 128ms
128ms Stylesheet
text/css 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: f17f41308a25d94b07389976d9a56bc89361f1f6be003ecfb50ec56b1257f64b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 03 May 2024 22:37:29 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 190ms
122ms Fetch
image/jpeg 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Fri, 03 May 2024 22:37:29 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

POST
H2 200 TlbN1PqpZB Show response
api.userway.org/api/tunings/ 3 KB
3 KB 581ms
191ms XHR
application/json 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/TlbN1PqpZB
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 49158eb40fa1df35097e314a4c2973c8fe19b97d82b6d91a4b4dce0bb8735c67

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 03 May 2024 22:37:30 GMT
etag: W/"ad9-97OuNh89Jt7CGA48EX6pTdUcRq8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usr2a7b25f747e9426
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 2777
x-service-version: uw-pr

GET
H2 200 main.MTc5M2Y0YjUwMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 321 KB
94 KB 44ms
43ms Script
application/javascript 104.126.37.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc5M2Y0YjUwMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9G398RC77U9N0P9KPM0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-185.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 348c150ca130c3e4b99b012ccf8572d9d8897d7d3e47610d033dd1ef86678a8f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 11a6ee35
date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024042916000001ACE02C27B50A60B990
x-tt-trace-id: 00-24042916000001ACE02C27B50A60B990-7A61C2737B239F58-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a104-126-37-181.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 011a1b8a3407f69c9944f7b4279092e535429174f77e88cd3b622c1bf2118742042b5b21b24478527e100f962e3d50a841e2e302b52d9ace3f791a70cbbc933f39b1a948714622b356c1e6b88564ea31f7034b11027488ec4d3fa25f50409839c1
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length: 95798

GET
H3 200 en.json Show response
transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/ 8 KB
2 KB 57ms
57ms Fetch
application/json 172.66.40.196
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/translations/en.json

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.40.196 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 46682
content-disposition: inline
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
etag: W/"deeec53da2118f7d45f432e74ecef857"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=60
access-control-max-age: 86400
cf-ray: 87e3bc64faa25d6d-FRA
expires: Fri, 03 May 2024 22:38:29 GMT

POST
H3 202 page Show response
id.biltrewards.com/fsrelay/rec/ 87 B
104 B 164ms
164ms XHR
text/plain 34.110.183.245
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://id.biltrewards.com/fsrelay/rec/page

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.110.183.245 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

245.183.110.34.bc.googleusercontent.com

Software

Resource Hash

14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 03 May 2024 22:37:29 GMT
via: 1.1 google, 1.1 google
x-content-type-options: nosniff
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://www.biltrewards.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87

GET
H2 200 2053-7f835efa20181010.js Show response
www.biltrewards.com/_next/static/chunks/ 11 KB
0 2ms
2ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/2053-7f835efa20181010.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

35ad14870479eef74d997ee99ed4b30ee64dc5e2b32a31a9cb3591696c7638a1

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="2053-7f835efa20181010.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::b6rmx-1714775849207-600b8f08b929
x-matched-path: /_next/static/chunks/2053-7f835efa20181010.js
etag: W/"cbca72d95ce427e07cd4f038dc73b853"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8832-d1152a37b7de30d5.js Show response
www.biltrewards.com/_next/static/chunks/ 6 KB
0 3ms
3ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8832-d1152a37b7de30d5.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

2913c21c309171edff6716c34ba25a69c9949a141e2dbe6bbf437460fee6ce5e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="8832-d1152a37b7de30d5.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::nkb2t-1714775849207-d98217da0220
x-matched-path: /_next/static/chunks/8832-d1152a37b7de30d5.js
etag: W/"2b151b0fb1059a6e8e5b4ab080ba4427"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 3375-8db6cf4ac1840b11.js Show response
www.biltrewards.com/_next/static/chunks/ 9 KB
0 3ms
3ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/3375-8db6cf4ac1840b11.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fa99a5961909f69c45ae90fddd26a912ad09674ace9fabdd7ad138c59e3e0f77

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="3375-8db6cf4ac1840b11.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::hjtld-1714775849207-63d66ae8d24d
x-matched-path: /_next/static/chunks/3375-8db6cf4ac1840b11.js
etag: W/"aff4bc6f8fad200df992d29091f009f6"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 8905-dba232020b6837e5.js Show response
www.biltrewards.com/_next/static/chunks/ 17 KB
0 5ms
5ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/8905-dba232020b6837e5.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

8e4647b2c54a42695e138bc40714f77b28db2a314b80703fc2f6e382592ee803

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="8905-dba232020b6837e5.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::99zbt-1714775849207-787e7edd1886
x-matched-path: /_next/static/chunks/8905-dba232020b6837e5.js
etag: W/"8f6d31267e03987423d76c087903d536"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1281-b6ab15b248ecd28c.js Show response
www.biltrewards.com/_next/static/chunks/ 12 KB
0 5ms
5ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1281-b6ab15b248ecd28c.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

5c8a982670f098a78cf5a0349bd771c965321a815f45e7947f2608a7f1341e3e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="1281-b6ab15b248ecd28c.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::wckpj-1714775849208-98227daa343d
x-matched-path: /_next/static/chunks/1281-b6ab15b248ecd28c.js
etag: W/"27972eaff346663cc47463fa97afc973"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1309-1f697375d1d90c78.js Show response
www.biltrewards.com/_next/static/chunks/ 25 KB
0 6ms
6ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1309-1f697375d1d90c78.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

d7fd8c1808ce158cbe78c756d301645bee9c0554a5ec470202d11dd85b3eeeba

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="1309-1f697375d1d90c78.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::8t5gs-1714775849208-be328de6ff2e
x-matched-path: /_next/static/chunks/1309-1f697375d1d90c78.js
etag: W/"81e538812a572cacb0387af0832635f4"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 9966-a2a017dba6e8e167.js Show response
www.biltrewards.com/_next/static/chunks/ 30 KB
0 7ms
7ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/9966-a2a017dba6e8e167.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

9c250802a848518f6a9ff06f1c3ca3df0f4cc33d2662b01ddd4ac83dc03081f0

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="9966-a2a017dba6e8e167.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bzdw4-1714775849213-a07a1909fc44
x-matched-path: /_next/static/chunks/9966-a2a017dba6e8e167.js
etag: W/"b840ddd22fcb6c89997f2e922d61325f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 1801-d778edc9c211751e.js Show response
www.biltrewards.com/_next/static/chunks/ 22 KB
0 8ms
8ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/1801-d778edc9c211751e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0101ce2ebedf0c6c79929420c97cd3e8e7f37f971e80a27519195584b7245694

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 7916
content-disposition: inline; filename="1801-d778edc9c211751e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::22c4j-1714775849209-3f64c65d71aa
x-matched-path: /_next/static/chunks/1801-d778edc9c211751e.js
etag: W/"31572e13cc3009f02d1fb32288b80712"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 410-c1b4e16dbcff6b7e.js Show response
www.biltrewards.com/_next/static/chunks/ 32 KB
0 8ms
8ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/410-c1b4e16dbcff6b7e.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

857fd3d2327ff29be00f9e5b595e7ae2664058e74d71caefe1fc679b218e92a6

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:29 GMT
age: 8104
content-disposition: inline; filename="410-c1b4e16dbcff6b7e.js"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::gb4vc-1714775849209-e10081f02e0e
x-matched-path: /_next/static/chunks/410-c1b4e16dbcff6b7e.js
etag: W/"bcb6e5adfa923cbdbe2f2761f1c5f88f"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable

GET
H2 200 card-57d07153bea67a40.js Show response
www.biltrewards.com/_next/static/chunks/pages/ 293 B
0 10ms
10ms Script
application/javascript 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/_next/static/chunks/pages/card-57d07153bea67a40.js

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

27177704f38bd97f92a4380b039ec8f1170496c8c56e7d1ad55e1af26cf41a17

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
date: Fri, 03 May 2024 22:37:29 GMT
x-content-type-options: nosniff
age: 8104
content-disposition: inline; filename="card-57d07153bea67a40.js"
content-length: 293
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::bw4xs-1714775849210-21f6741c499e
x-matched-path: /_next/static/chunks/pages/card-57d07153bea67a40.js
etag: "2167d84fc29cf6e1a5c7a343b9d362f7"
x-vercel-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6Oj...

0
0

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 37ms
34ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 13 Feb 2024 21:44:05 GMT
x-amz-version-id: GdbKd8UgUP5EXZpDaTRDFeJkJbyj8x6E
content-encoding: br
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 6915205
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 13 Feb 2024 18:05:05 GMT
server: AmazonS3
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: jYSFaxYGhbuZRSx6LvVs2pLJY68pLSu30VHR5bxXlxvCgOXrlJeXMg==

GET
H2 200 identify_48ae6622.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 47ms
47ms Script
application/javascript 104.126.37.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_48ae6622.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc5M2Y0YjUwMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-185.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 96ec6a5c420dcd5ee533306c9dd9ea52ac1ecac6073425fd96a4430f27ce68e7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-akamai-request-id: 11a6efdb
date: Fri, 03 May 2024 22:37:29 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202404181500003A02D819AAD74965F615
x-tt-trace-id: 00-2404181500003A02D819AAD74965F615-7FFA55E937DE652A-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a104-126-37-181.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01cf239b1cc2c1bb8bb6adb191e2905b61f939e99818140612796d1454bbdb4a54c531d51fa02a5414883a5dba89f4d537595784862e79af5b8f47c9658f59296531ee92ae338733d5b1a36bba9a9cfacbfc0eea91e2cacd11c7114d7eb3518c25
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 39606

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
848 B 268ms
268ms Ping
text/plain 104.126.37.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc5M2Y0YjUwMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-185.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 29ff78a8.11a6f006
date: Fri, 03 May 2024 22:37:30 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240503223730DC53A3C87BFBF840A0AB-26A5632F1854029C-00
x-cache: TCP_MISS from a104-126-37-181.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
x-parent-response-time: 216,104.126.37.181
server-timing: cdn-cache; desc=MISS, edge; dur=184, origin; dur=42, inner; dur=30
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240503223730DC53A3C87BFBF840A0AB
x-cache-remote: TCP_MISS from a184-51-101-214.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 42,184.51.101.214
x-tt-trace-host: 01830b7dd967e2b758146f097fc56346848872c00661f63d8ce6a88711f2243047926314b20162174f786444b02267a660b8e0cf0ea127938f5f674aa3235414b2c6323d774a6410ae1027cd5bd911fda9e394c11674c15163a6b6515f4a37bd5d96abffbdcff6e4b97fd5d9c56cf3b564
access-control-allow-headers: Authorization,*
expires: Fri, 03 May 2024 22:37:30 GMT

GET
H2 200 facebook-pixel.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 10 KB
4 KB 45ms
40ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 21:50:52 GMT
content-encoding: gzip
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-version-id: 73B4bUucoqQ.zop5Rb.39qMTDNo8ltid
x-amz-cf-pop: FRA6-C1
age: 3113198
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3273
last-modified: Fri, 08 Mar 2024 07:35:29 GMT
server: AmazonS3
etag: "4b03a476015c2ba9b9e74e895b97c12c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: 674S_8j91ADyuOOW4cvXXyfE-Sygn1Ng0LGJx4LL_KyQmDYNRR1ZQA==

GET
H2 200 adwords.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 4 KB
2 KB 46ms
41ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 23:59:28 GMT
content-encoding: gzip
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-version-id: .PFTD1mf4T6.cqCzCGDBaoXaZe77x4YA
x-amz-cf-pop: FRA6-C1
age: 8030282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1356
last-modified: Wed, 18 Oct 2023 10:36:34 GMT
server: AmazonS3
etag: "257fe81df53dcd4819bc1a81e78fce58"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: GaoNOhUbD8ckBppsF2_R9VIjqbsQUNaSAtpY46X30Gu2V6bJwiiIOw==

GET
H2 200 google-tag-manager.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 3 KB
2 KB 48ms
43ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 31 Jan 2024 09:56:24 GMT
content-encoding: gzip
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-version-id: iBgkeROQ82ipYgPNwFnoDehQ.U3dPJg.
x-amz-cf-pop: FRA6-C1
age: 8080866
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1342
last-modified: Wed, 18 Oct 2023 10:36:34 GMT
server: AmazonS3
etag: "a1bed0458702cf863f2d24fb1b9d39ae"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: ftMiCbnHQLNGXWqI4ap5RPN93ee5ExxHFXHVT383aNlIpNmLmwFPAA==

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
177 B 748ms
214ms Fetch
application/json 54.69.251.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.251.6 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-251-6.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Fri, 03 May 2024 22:37:30 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
313 B 140ms
139ms XHR
text/plain 3.121.4.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CLz8BddIbHunRwx9J6JGIQ&is_js=true&landing_url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&t=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&tip=AeUAcLFZ_klJ2nTfi1EzXNEYImQhIpaufurAXnwFZI0&host=https%3A%2F%2Fwww.biltrewards.com&sa_conv_data_css_value=%270-711e9383-6c90-5c57-539c-ffdf48636ec0%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9711e93836c905c57539cffdf48636ec0d972da19&sa-user-id-v3=s%253AAQAKIK9fnHTuHt2kpEVJ7kCaxcl9mxImWGuAsNPz0DK4Fsu6EHwYBCCpztWxBjABOgS9M-cxQgSM6_To.%252F7oRNzfg8E89AxqHvDEiPh5u2Af%252Bs7%252FUXgJaVhNgirA&sa-user-id-v2=s%253AcR6Tg2yQXFdTnP_fSGNuwNly2hk.gkYBN%252FbQNM2xEbnVNO1QtdSE6fU%252FW4t3L%252BNYdZV7y%252BM&sa-user-id=s%253A0-711e9383-6c90-5c57-539c-ffdf48636ec0.dC6SkBadM1w0Y1uVkoEoQDEWMMldX8XNCzr7HMLzOEc
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.121.4.172 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-121-4-172.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: https://www.biltrewards.com
date: Fri, 03 May 2024 22:37:30 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 commons.c42222c4cb2f8913500f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 48ms
47ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 10:56:48 GMT
content-encoding: gzip
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
x-amz-version-id: HopHKmY9TBcR3b.zdj3KrkRozUW9hj.F
x-amz-cf-pop: FRA6-C1
age: 2634043
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 22177
last-modified: Fri, 08 Mar 2024 07:35:27 GMT
server: AmazonS3
etag: "befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: NTdCQt-lEIIOS_zABbECraGLf-IO8pD8HPjftkyyV9BDyT_M7_pK8A==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 218 KB
59 KB 464ms
34ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 03 May 2024 22:37:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57845
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=31, rtx=0, c=12, mss=1294, tbw=2786, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: 3RFoi934pxALtKjQgJ272cR3eI8JT+kzQpGL/glu/KhOOdZ4qoMzOZCh9qR2dbyWilCd2lIv6/JsRPCJz//JzQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 50 KB
18 KB 494ms
67ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

5d82e8c0c0c0c9bd98b9931a48d14ed6e53f00ac9199053f09f17c9e63e98cb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18442
x-xss-protection: 0
server: cafe
etag: 5230216553204923164
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 03 May 2024 22:37:30 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 282 KB
95 KB 72ms
72ms Script
application/javascript 172.217.16.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX&l=dataLayer&gtm_preview=gtm_auth=WonWorjHdmyZK4CuPVtRVg&gtm_preview=env-8

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a0546d53be10232506a89b1612653c4aee60cdc506f889dfa78c79a633048d58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97377
x-xss-protection: 0
last-modified: Fri, 03 May 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 03 May 2024 22:37:30 GMT

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=ht...

0
0

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
847 B 212ms
211ms Ping
text/plain 104.126.37.185
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc5M2Y0YjUwMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.185 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-185.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 3a17dd3f.11a6f3b6
date: Fri, 03 May 2024 22:37:30 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240503223730BE2CFA9DE2C9EC38B922-2A919DB001A01A2A-00
x-cache: TCP_MISS from a104-126-37-181.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-)
x-parent-response-time: 138,104.126.37.181
server-timing: cdn-cache; desc=MISS, edge; dur=139, origin; dur=27, inner; dur=24
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240503223730BE2CFA9DE2C9EC38B922
x-cache-remote: TCP_MISS from a23-220-106-137.deploy.akamaitechnologies.com (AkamaiGHost/11.5.0.1-56208139) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 27,23.220.106.137
x-tt-trace-host: 01830b7dd967e2b758146f097fc56346848872c00661f63d8ce6a88711f2243047ce498f9e185268e6034705dcc69a0c35583dd92c21e6a048bcfa9e7661c08494870f00e0551cab1c9080b052afac2c6bff0d858015198cfefaf2738d0e815cc86d93c42913b758e79dbf53590ccdad80
access-control-allow-headers: Authorization,*
expires: Fri, 03 May 2024 22:37:30 GMT

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=ht...

0
0

GET
H2 200 en-US.json Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/ 621 B
1007 B 30ms
30ms XHR
application/json 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/locales/en-US.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 760
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295577
x-accel-date: 1714480273
x-77-nzt: EgwBw7WvJwH3mYIEAAwB1GY4EQH3DAAAAA
x-accel-expires: @1740400261
x-77-age: 295577
last-modified: Tue, 30 Apr 2024 12:16:53 GMT
server: CDN77-Turbo
etag: W/"85d8c40aac9c25bb0b993d4aa039a56f"
x-77-nzt-ray: 25b02131e5ef1ebb2a6735665265a313
access-control-max-age: 3000
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/json
x-amz-cf-id: LtgS_L6WdgISTgSfdK0n6VRM1f4bOwVKeT6Ki2QWBqs3wPOcTcdayQ==

GET

j
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1714775849753&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c...
https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=ht...

0
0

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/10874839969/ 3 KB
2 KB 53ms
52ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/10874839969/?random=1714775850572&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

6e6dabe7479706b180861f3f87ea6cba75d7fae4e4ce831cde3795f15f5f4b3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 03 May 2024 22:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1529
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/ 43 B
61 B 140ms
60ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=1714775850578&cv=9&fst=1714775850578&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562772%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&data=path%3D%2Fapp%3Breferrer%3D%3Bsearch%3D%3Btitle%3DTo%20pay%20your%20rent%20and%20start%20earning%20points%5C%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2Fapp&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f98.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Fri, 03 May 2024 22:37:30 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 353467326379958 Show response
connect.facebook.net/signals/config/ 56 KB
13 KB 248ms
247ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/353467326379958?v=2.9.155&r=stable&domain=www.biltrewards.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

06b071402d78d223ed8054689e67798c07e8ccdccf911c189c654b29461bfc0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 03 May 2024 22:37:30 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=61, mss=1294, tbw=63310, tp=-1, tpl=-1, uplat=213, ullat=0
pragma: public
x-fb-debug: J+yB6fV5T1hDMc3nSJDkwRo1SiJffzHjq0FfF67f8SDJaTMBQs1dgbVS03/qty54I/xNgn0uAY5D4z2Kpdj/Vw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1714775850623&aid=b-00ri&se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&wpn=lc-bundle&cd=.biltrewards.com&c...
https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=ht...

43 B
239 B

430ms
125ms

Image
image/gif

34.201.224.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Server: 34.201.224.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-201-224-56.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 03 May 2024 22:37:31 GMT
x-pixel-event-id: 026c4a39-e9a2-45a2-aa9c-0b4625dcb2eb
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4
date: Fri, 03 May 2024 22:37:30 GMT
content-length: 0

GET
H2

200

p
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/p?dtstmp=1714775850623&aid=b-00ri&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&tv=v2.14.3&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiB...
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ3NzU4NDk3NTMmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaH...

43 B
242 B

427ms
124ms

Image
image/gif

34.201.224.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ3NzU4NDk3NTMmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgwOW55Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0Nzc1ODQ5NzUzJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Server: 34.201.224.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-201-224-56.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Fri, 03 May 2024 22:37:31 GMT
x-pixel-event-id: 545bc30f-5165-4557-9379-2b352bd0bd77
content-length: 43
content-type: image/gif

Redirect headers

location: https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3IgZHVyaW5nIFhIUiBjYWxsOiAwLCB1cmw6IGh0dHBzOi8vcnAubGlhZG0uY29tL2o_ZHRzdG1wPTE3MTQ3NzU4NDk3NTMmYWlkPWItMDByaSZzZT1lMzAmZHVpZD0wNWUyMWU5YTY4NmUtLTAxaHgwOW55Li4uIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiRXJyb3I6IEVycm9yIGR1cmluZyBYSFIgY2FsbDogMCwgdXJsOiBodHRwczovL3JwLmxpYWRtLmNvbS9qP2R0c3RtcD0xNzE0Nzc1ODQ5NzUzJmFpZD1iLTAwcmkmc2U9ZTMwJmR1aWQ9MDVlMjFlOWE2ODZlLS0wLi4uIiwiZmlsZU5hbWUiOiJ1bmRlZmluZWQifQ&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775850623&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4
date: Fri, 03 May 2024 22:37:30 GMT
content-length: 0

GET
H3

200

/
www.google.de/pagead/1p-conversion/10874839969/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u...
https://www.google.com/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_hi...
https://www.google.de/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his...

42 B
64 B

338ms
49ms

Image
image/gif

142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyN3H68XyhQMVgIuDBx3Rrw33MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqb1U01EC0oTSZR5PjH9CMoO7thzXMKA&random=3555833139&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 03 May 2024 22:37:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 03 May 2024 22:37:30 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/10874839969/?random=886416645&cv=9&fst=1714775850572&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2Fapp&tiba=To%20pay%20your%20rent%20and%20start%20earning%20points%2C%20download%20the%20Bilt%20Rewards%20mobile%20app.&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMIyN3H68XyhQMVgIuDBx3Rrw33MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6HGh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8&is_vtc=1&cid=CAQSGwB7FLtqb1U01EC0oTSZR5PjH9CMoO7thzXMKA&random=3555833139&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 remediation_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/ 105 KB
29 KB 29ms
29ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/remediation_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d85e3b3bf0efa46b38853dc507ba4292665037545075d1ceb94079fbe97c552f

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 eca56eada7885f8195ee4db13cd72cc2.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 738
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295581
x-accel-date: 1714480269
x-77-nzt: EgwBw7WvJwH3nYIEAAwBnJIhHwH3AgAAAA
x-accel-expires: @1740400267
x-77-age: 295581
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"614544075b6e4e6ebbaec1a693536046"
x-77-nzt-ray: 25b02131e5ef1ebb2a67356672b0c731
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: Yf3trm-_RzlijUU4NsCm8OxCnU3LNS40VMASUrDE_BdiJTg0_PJlKQ==

GET
H2 200 IXD25a7qYzAOaBBz.json Show response
cdn.userway.org/remediations/consolidated/2055530/ 864 KB
112 KB 39ms
39ms XHR
application/json 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediations/consolidated/2055530/IXD25a7qYzAOaBBz.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 85
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 291983
x-accel-date: 1714483867
x-77-nzt: EgwBw7WvJwH3j3QEAAwBnJIhHwH3fA0AAA
x-accel-expires: @1746016415
x-77-age: 291983
last-modified: Thu, 25 Apr 2024 19:17:37 GMT
server: CDN77-Turbo
etag: W/"54787d57725833581fb3127dea55b4ac"
x-77-nzt-ray: 25b02131e5ef1ebb2a6735660dd00032
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: public, max-age=31536000
content-type: application/json
x-amz-cf-id: A76Mma_rzvqV147IDvHuStU5uHfew-cijpKvwsGJMmRNtGKmTa9cEw==

GET
H2 200 body_wh.svg
cdn.userway.org/widgetapp/images/ 4 KB
3 KB 26ms
26ms Image
image/svg+xml 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/body_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 47bf742fc3975367a1788e300150d028.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 404
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295581
x-accel-date: 1714480269
x-77-nzt: EgwBw7WvJwH3nYIEAAwBJRPCNAH3DQAAAA
x-accel-expires: @1740400256
x-77-age: 295581
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"1d8b1582fe82bd329041cc1982ad42e4"
x-77-nzt-ray: 25b0213160ebbfb82a6735667a65d532
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: dTr04PFmTf8U_1m58hPaGZhiL3HK6OPN-Kymfje7-hLMKhbgJCdZzg==

GET
H2 200 spin_wh.svg
cdn.userway.org/widgetapp/images/ 2 KB
1 KB 26ms
26ms Image
image/svg+xml 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/spin_wh.svg
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/app
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 965181b6d91907befd5a0165af38daf0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 425
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295581
x-accel-date: 1714480269
x-77-nzt: EgwBw7WvJwH3nYIEAAwB1GY4EQH3CAAAAA
x-accel-expires: @1740400261
x-77-age: 295581
last-modified: Fri, 22 Mar 2024 12:49:37 GMT
server: CDN77-Turbo
etag: W/"8e0a35946bf39d10f46a1f1653366a0a"
x-77-nzt-ray: 25b0213160ebbfb82a6735661fb3df32
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: OM1xIi8PbAJTQfjkznNDcDWzlAm3kxyhtuDtripUcqehC7yub_pCqg==

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 185ms
26ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=353467326379958&ev=PageView&dl=https%3A%2F%2Fwww.biltrewards.com&rl=&if=false&ts=1714775850890&sw=1600&sh=1200&ud[external_id]=68ddb3d631c307525e4523039027397e788640f208468f0de6ed43c805b586bb&v=2.9.155&r=stable&a=seg&ec=0&o=4124&fbp=fb.1.1714775850887.730093275&pm=1&hrl=8b289b&ler=empty&cdl=API_unavailable&it=1714775850620&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1714775849923-0b25f5a2-cda7-4987-8188-52510484e7a9&cs_cc=1&cas=7368986099863077%2C5027429843991248%2C5406700332768189%2C4118934621525755%2C4544091382281257%2C4076096172505397%2C4526720607360042%2C4175906249165104%2C6099185086759110&rqm=GET

Requested by

Host: www.biltrewards.com
URL: https://www.biltrewards.com/app

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=21, rtx=0, c=10, mss=1294, tbw=2756, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 03 May 2024 22:37:31 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 remediation-tool.js Show response
cdn.userway.org/remediation/2024-04-30-12-14-34/paid/ 57 KB
21 KB 26ms
26ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediation/2024-04-30-12-14-34/paid/remediation-tool.js?ts=1714479274721
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 245e82e79fc403ffc23f1b59217509f44f826fd360b7b0c3a7f19b13eec5aea4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:31 GMT
via: 1.1 c114c55bb579a01518cf64c447d45272.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 726
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295582
x-accel-date: 1714480269
x-77-nzt: EgwBw7WvJwH3noIEAAwBisclwQH3DQAAAA
x-accel-expires: @1740400256
x-77-age: 295582
last-modified: Tue, 30 Apr 2024 12:16:59 GMT
server: CDN77-Turbo
etag: W/"d00f1a2dad09eb407473962a17d69117"
x-77-nzt-ray: 25b02131e5ef1ebb2b673566bb8da505
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: Noye1b6dG9Op-IJ1Iii7YN_uOQX2K5eZSDvumGqrvOnkgUj06Bf4xg==

GET
H2 200 IXD25a7qYzAOaBBz.json Show response
cdn.userway.org/remediations/consolidated/2055530/ 864 KB
0 0ms
0ms Fetch
application/json 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediations/consolidated/2055530/IXD25a7qYzAOaBBz.json
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:30 GMT
via: 1.1 5297df6326448099cefed6e96fd7b00a.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: DUS51-P1
age: 85
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 291983
x-accel-date: 1714483867
x-77-nzt: EgwBw7WvJwH3j3QEAAwBnJIhHwH3fA0AAA
x-accel-expires: @1746016415
x-77-age: 291983
last-modified: Thu, 25 Apr 2024 19:17:37 GMT
server: CDN77-Turbo
etag: W/"54787d57725833581fb3127dea55b4ac"
x-77-nzt-ray: 25b02131e5ef1ebb2a6735660dd00032
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: public, max-age=31536000
content-type: application/json
x-amz-cf-id: A76Mma_rzvqV147IDvHuStU5uHfew-cijpKvwsGJMmRNtGKmTa9cEw==

GET
H2 200 bilt
decagon.ai/demo/ Frame BFD9 0
0 284ms
156ms Document
text/html 76.76.21.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://decagon.ai/demo/bilt?defaultVisibility=hidden

Requested by

Host: decagon.ai
URL: https://decagon.ai/loaders/bilt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.21 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel / Next.js

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 0
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 03 May 2024 22:37:31 GMT
server: Vercel
strict-transport-security: max-age=63072000
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Url
x-matched-path: /demo/[slug]
x-powered-by: Next.js
x-vercel-cache: MISS
x-vercel-execution-region: iad1
x-vercel-id: fra1::iad1::g49l2-1714775851337-8618b58ea406

GET
H2 200 de67a7b8-de3e-4c8f-858d-6c7f832a1a5f
sync-transcend-cdn.com/consent-manager/ Frame AFB2 0
0 166ms
46ms Document
application/xhtml+xml 2606:4700::6812:7f8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sync-transcend-cdn.com/consent-manager/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f

Requested by

Host: transcend-cdn.com
URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7f8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.biltrewards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-methods: GET,HEAD,OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
age: 4919
cache-control: public, max-age=60
cf-cache-status: HIT
cf-ray: 87e3bc6edf308f36-FRA
content-disposition: inline
content-encoding: br
content-type: application/xhtml+xml
date: Fri, 03 May 2024 22:37:31 GMT
etag: W/"ecaabd46fc191f55321d2c2683697460"
expect-ct: max-age=86400, enforce
expires: Fri, 03 May 2024 22:38:31 GMT
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 vitals
vitals.vercel-insights.com/v1/ 2 B
165 B 60ms
59ms Ping
text/plain 108.128.159.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vitals.vercel-insights.com/v1/vitals
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-3ca86c083e350b5d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.159.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-159-11.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 03 May 2024 22:37:31 GMT
x-ratelimit-reset: 60
x-ratelimit-limit: 1000
cross-origin-resource-policy: cross-origin
content-length: 2
x-ratelimit-remaining: 999
content-type: text/plain; charset=utf-8

OPTIONS
H2 200 alts.json
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ Frame 0
0 315ms
181ms Preflight 2a02:6ea0:c700::17
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fwww.datocms-assets.com%2F43819%2F1657296459-app.png%22%2C%22alt%22%3A%22%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
date: Fri, 03 May 2024 22:37:31 GMT
server: CDN77-Turbo
x-77-cache: MISS
x-77-nzt: EggBnJIhiAAACAElE8IxAAA
x-77-nzt-ray: f6587a1dbb7b6c012b6735662f10382f
x-77-pop: frankfurtDE
x-service-version: img-dscr-srv-727604a1

GET
H2 200 2055530 Show response
api.userway.org/api/br-links/v0/contribute/ 51 B
429 B 293ms
293ms Fetch
application/json 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/br-links/v0/contribute/2055530
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:31 GMT
etag: W/"33-H+KjAZZBE0PpJIInQTjCoPBRoaQ"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 51
x-service-version: apps-ddb67952

GET
H2 200 2055530 Show response
api.userway.org/api/br-links/v0/links/ 86 B
452 B 190ms
190ms Fetch
application/json 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/br-links/v0/links/2055530
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3f7853bd4d6086be63374d96af8f4297718ae35b74698c30e362bf43a1d888a5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:37:31 GMT
etag: W/"56-Q78UpHasXJc4bkSkw+leqwZtTHI"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=300, public
vary: Accept-Encoding
access-control-allow-headers: *
content-length: 86
x-service-version: apps-ddb67952

GET
H2 200 alts.json Show response
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ 220 B
774 B 30ms
30ms Fetch
application/json 2a02:6ea0:c700::17
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fwww.datocms-assets.com%2F43819%2F1657296459-app.png%22%2C%22alt%22%3A%22%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: ea66d86f1539dad1f12b54e283d9a87954804191ccfe5fa5ed9d1ae61599ca9e

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:31 GMT
content-encoding: gzip
x-77-cache: HIT
x-cache: MISS
x-accel-date: 1714175334
x-service-version: img-dscr-srv-8d5b377c
x-77-nzt: EggBnJIhiAFBDAElE8IxAdfFKQkA
x-accel-expires: @1714780134
x-77-age: 600517
server: CDN77-Turbo
etag: W/"dc-5AYupHwRPSXb8USe+QKuPEvc+vg"
x-77-nzt-ray: f6587a1dbb7b6c012b673566c6d4273a
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
access-control-allow-headers: *

GET
H2 200 nav_menu_helper_1714479274721.js Show response
cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/ 23 KB
7 KB 23ms
23ms Script
application/javascript 2a02:6ea0:c700::11
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/remediation/nav_menu_helper_1714479274721.js
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 48eef7fe61a3e2c7c88ac1c6a263bd851b6a05363607e52fd2be4e4472d42255

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Origin: https://www.biltrewards.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:32 GMT
via: 1.1 28f8e84a396255d768dd04c506bf86f0.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-cf-pop: FRA56-P10
age: 726
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-cache: HIT
x-age: 295583
x-accel-date: 1714480269
x-77-nzt: EgwBw7WvJwH3n4IEAAwBJRPCLgH3DAAAAA
x-accel-expires: @1740400257
x-77-age: 295583
last-modified: Tue, 30 Apr 2024 12:16:54 GMT
server: CDN77-Turbo
etag: W/"d5babf1f477d0f7bf4044b0693b956d9"
x-77-nzt-ray: 25b02131e5ef1ebb2c673566ef8b9005
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: PvfLMkVtkO5JWAk6fy8oWJk7v7AmfC106EkuS23PI1rKFTmva1CryQ==

GET
H2 200 favicon.ico
www.biltrewards.com/ 15 KB
3 KB 42ms
42ms Other
image/vnd.microsoft.icon 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.biltrewards.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 Walnut, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

9fff2bb0ae4e7b8399d2af77253fecd38540f21fbd2e5899f1459eec325a4cca

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud *.ada.support *.analytics.google.com *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.segment.io *.sentry.io *.smooch.io *.transcend.io *.userway.org *.zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai *.biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' *.biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' *.activebuilding.com *.activebuilding.docker *.avalonaccess.com *.biltrewards.com *.securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com *.lvh.me:3000 *.henridev.com *.henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com *.biltrewards.com *.doubleclick.net *.jamsadr.com *.soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: *.soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com *.google-analytics.com *.googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com *.biltrewards.com *.doubleclick.net *.googletagmanager.com *.oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com *.biltrewards.com cdn.userway.org transcend-cdn.com ;
content-encoding: br
x-content-type-options: nosniff
date: Fri, 03 May 2024 22:37:32 GMT
strict-transport-security: max-age=63072000
age: 8201
content-disposition: inline; filename="favicon.ico"
x-xss-protection: 1; mode=block
referrer-policy: origin
server: Vercel
x-vercel-id: fra1::q49jf-1714775852176-3164c42fa9e0
x-matched-path: /favicon.ico
etag: W/"8709c36a9447ce8f70f68b6627d2c739"
x-vercel-cache: HIT
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate

GET
H2 200 alts.json Show response
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ 987 B
935 B 34ms
33ms Fetch
application/json 2a02:6ea0:c700::17
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fstatic.biltrewards.com%2Fassets%2Ffooter%2FAllyant_Accessibility_Badge.svg%22%2C%22alt%22%3A%22Reviewed%20by%20Allyant%20for%20accessibility%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Ftvspix.com%2Ft.png%22%2C%22alt%22%3A%22%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.biltrewards.com%2Fassets%2FButton-AppStore.svg%22%2C%22alt%22%3A%22Download%20on%20the%20App%20Store%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.biltrewards.com%2Fassets%2FButton-GooglePlay.svg%22%2C%22alt%22%3A%22Get%20it%20on%20Google%20Play%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.datocms-assets.com%2F43819%2F1657569961-redeem-points-app.png%22%2C%22alt%22%3A%22%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Requested by: Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: d516b02416f90e12f1f034b4f9e991f849bf1ed267497f3b9030dbbf11d07d71

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

x-77-pop: frankfurtDE
date: Fri, 03 May 2024 22:37:33 GMT
content-encoding: gzip
x-77-cache: HIT
x-cache: MISS
x-accel-date: 1714419737
x-service-version: img-dscr-srv-727604a1
x-77-nzt: EggBnJIhiAFBDAGckiEnAfcUbwUA
x-accel-expires: @1715024537
x-77-age: 356116
server: CDN77-Turbo
etag: W/"3db-SR8peu6hZYvh+KxMXM86fX8Whgg"
x-77-nzt-ray: f6587a1dbb7b6c012d6735669c127a0a
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
access-control-allow-headers: *

OPTIONS
H2 200 alts.json
cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/ Frame 0
0 508ms
507ms Preflight 2a02:6ea0:c700::17
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn77.api.userway.org/api/img-dscr/v2/TlbN1PqpZB/2055530/RLqwMG7OTpTSzPtC/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fstatic.biltrewards.com%2Fassets%2Ffooter%2FAllyant_Accessibility_Badge.svg%22%2C%22alt%22%3A%22Reviewed%20by%20Allyant%20for%20accessibility%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Ftvspix.com%2Ft.png%22%2C%22alt%22%3A%22%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.biltrewards.com%2Fassets%2FButton-AppStore.svg%22%2C%22alt%22%3A%22Download%20on%20the%20App%20Store%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.biltrewards.com%2Fassets%2FButton-GooglePlay.svg%22%2C%22alt%22%3A%22Get%20it%20on%20Google%20Play%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fwww.datocms-assets.com%2F43819%2F1657569961-redeem-points-app.png%22%2C%22alt%22%3A%22%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.biltrewards.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
access-control-max-age: 3000
cache-control: max-age=604800
date: Fri, 03 May 2024 22:37:33 GMT
server: CDN77-Turbo
x-77-cache: MISS
x-77-nzt: EggBnJIhiAAACAGckiEnAAA
x-77-nzt-ray: f6587a1dbb7b6c012c673566d542b627
x-77-pop: frankfurtDE
x-service-version: img-dscr-srv-727604a1

GET status
api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2Fapp/DESKTOP/WIDGET_ON/ 0
0

GET
H2 200 1657298632-autopay-rent-app.png
www.datocms-assets.com/43819/ 45 KB
45 KB 56ms
56ms Image
image/avif 2606:4700:4400::6812:297e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.datocms-assets.com/43819/1657298632-autopay-rent-app.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:297e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e033d1d8c326a5477655409267ff6f0f2d5c7c8176793aaa2d18660f146083ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.biltrewards.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
date: Fri, 03 May 2024 22:37:35 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 56365
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
x-imgix-id: 8b3b95f28f00c5307cf30fb0647801986d6519db
x-status: HIT
content-length: 45818
x-xss-protection: 1; mode=block
x-served-by: cache-sjc1000123-SJC, cache-iad-kiad7000063-IAD
last-modified: Wed, 17 Apr 2024 19:47:11 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/avif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 87e3bc8bccab0368-FRA
timing-allow-origin: *
expires: Sat, 03 May 2025 22:37:35 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.redditstatic.com
URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry

Domain: conversions-config.reddit.com
URL: https://conversions-config.reddit.com/v1/pixel/error

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Domain: rp4.liadm.com
URL: https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4

Domain: api.userway.org
URL: https://api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwww.biltrewards.com%2Fapp/DESKTOP/WIDGET_ON/status

Verdicts & Comments Add Verdict or Comment

136 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.liadm.com/p	1970-01-21 05:55:35	Name: lidid Value: e1c3ad3b-077a-4b7e-8930-0f588d083648
www.biltrewards.com/	1970-01-21 05:05:11	Name: theme Value: light
.biltrewards.com/	1970-01-20 22:29:11	Name: _gcl_au Value: 1.1.1605761547.1714775849
.mgln.ai/	1970-01-20 21:45:59	Name: arc_id Value: eyJfcmFpbHMiOnsibWVzc2FnZSI6IklqWmhNalJtT1RWbExXSm1aR1V0TkdNMU1pMDROakpoTFRrNE5qWTFNakV6TTJOa1pTST0iLCJleHAiOiIyMDI0LTA3LTAyVDIyOjM3OjI5LjM1N1oiLCJwdXIiOiJjb29raWUuYXJjX2lkIn19--ca1f0af3e8df81ec5fc373a908437da68098a742
.biltrewards.com/	1970-01-21 05:55:35	Name: _ga_QLSYZKSM0E Value: GS1.1.1714775849.1.0.1714775849.0.0.0
.biltrewards.com/	1970-01-21 05:55:35	Name: _ga Value: GA1.1.1144161262.1714775849
.biltrewards.com/	1970-01-20 22:29:11	Name: _rdt_uuid Value: 1714775849425.9a6a754e-1e6d-4144-99b6-065b3fa549a2
tags.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id Value: s%3A0-711e9383-6c90-5c57-539c-ffdf48636ec0.dC6SkBadM1w0Y1uVkoEoQDEWMMldX8XNCzr7HMLzOEc
.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id Value: s%3A0-711e9383-6c90-5c57-539c-ffdf48636ec0.dC6SkBadM1w0Y1uVkoEoQDEWMMldX8XNCzr7HMLzOEc
tags.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id-v2 Value: s%3AcR6Tg2yQXFdTnP_fSGNuwNly2hk.gkYBN%2FbQNM2xEbnVNO1QtdSE6fU%2FW4t3L%2BNYdZV7y%2BM
.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id-v2 Value: s%3AcR6Tg2yQXFdTnP_fSGNuwNly2hk.gkYBN%2FbQNM2xEbnVNO1QtdSE6fU%2FW4t3L%2BNYdZV7y%2BM
tags.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id-v3 Value: s%3AAQAKIK9fnHTuHt2kpEVJ7kCaxcl9mxImWGuAsNPz0DK4Fsu6EHwYBCCpztWxBjABOgS9M-cxQgSM6_To.%2F7oRNzfg8E89AxqHvDEiPh5u2Af%2Bs7%2FUXgJaVhNgirA
.srv.stackadapt.com/	1970-01-21 05:05:11	Name: sa-user-id-v3 Value: s%3AAQAKIK9fnHTuHt2kpEVJ7kCaxcl9mxImWGuAsNPz0DK4Fsu6EHwYBCCpztWxBjABOgS9M-cxQgSM6_To.%2F7oRNzfg8E89AxqHvDEiPh5u2Af%2Bs7%2FUXgJaVhNgirA
.tiktok.com/	1970-01-21 05:41:11	Name: _ttp Value: 2fyacMZWpQsQlSktEEodcap26Ch
.biltrewards.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .biltrewards.com
.biltrewards.com/	1970-01-21 05:55:35	Name: _lc2_fpi Value: 05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5
.biltrewards.com/	1970-01-21 05:55:35	Name: _lc2_fpi_meta Value: {%22w%22:1714775849629}
www.biltrewards.com/	1970-01-21 05:05:11	Name: sa-user-id Value: s%253A0-711e9383-6c90-5c57-539c-ffdf48636ec0.dC6SkBadM1w0Y1uVkoEoQDEWMMldX8XNCzr7HMLzOEc
www.biltrewards.com/	1970-01-21 05:05:11	Name: sa-user-id-v2 Value: s%253AcR6Tg2yQXFdTnP_fSGNuwNly2hk.gkYBN%252FbQNM2xEbnVNO1QtdSE6fU%252FW4t3L%252BNYdZV7y%252BM
www.biltrewards.com/	1970-01-21 05:05:11	Name: sa-user-id-v3 Value: s%253AAQAKIK9fnHTuHt2kpEVJ7kCaxcl9mxImWGuAsNPz0DK4Fsu6EHwYBCCpztWxBjABOgS9M-cxQgSM6_To.%252F7oRNzfg8E89AxqHvDEiPh5u2Af%252Bs7%252FUXgJaVhNgirA
.tapad.com/	1970-01-20 21:45:59	Name: TapAd_TS Value: 1714775849842
.tapad.com/	1970-01-20 21:45:59	Name: TapAd_DID Value: 85c46149-2fd1-49d8-b74a-35a916e85dc0
.biltrewards.com/	1970-01-21 05:41:11	Name: _tt_enable_cookie Value: 1
.biltrewards.com/	1970-01-21 05:41:11	Name: _ttp Value: h4XWJV7SB6gGCf7LTxDJKM52uVI
.biltrewards.com/	1970-01-21 05:05:11	Name: ajs_anonymous_id Value: 25f5a2cd-a7a9-47c1-8852-510484e7a90d
.tapad.com/	1970-01-20 21:45:59	Name: TapAd_3WAY_SYNCS Value:
.liadm.com/	1970-01-21 05:55:35	Name: lidid Value: e1c3ad3b-077a-4b7e-8930-0f588d083648
.doubleclick.net/	1970-01-20 20:19:36	Name: test_cookie Value: CheckForPermission
.biltrewards.com/	1970-01-20 22:29:11	Name: _fbp Value: fb.1.1714775850887.730093275
.clerk.decagon.ai/	1970-01-20 20:19:37	Name: __cf_bm Value: mar7jRVXaW77EsG1aJegX2X6l0_4Lzf_tx9KItf2vAc-1714775852-1.0.1.1-5JwS3RHfHOD3kOzecjH6gdJtvXdI.byf8qXI6a1Fc04ALhRKs9Kk2iQO_G.KrNOD_GIxFTkGscWw4qIQN7r3Rg
.clerk.decagon.ai/	1969-12-31 23:59:59	Name: _cfuvid Value: On8GowPHKt6ubLg0uy5pchcoE506VTDSC82fAACoPfA-1714775852356-0.0.1.1-604800000

78 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.biltrewards.com/app Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: about:blank Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://id.biltrewards.com/fsedge/s/fs.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: Refused to connect to 'https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_7lmxmkme_telemetry' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
security	error	URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-b76a029f07f48e78.js(Line 18) Message: Refused to connect to 'https://conversions-config.reddit.com/v1/pixel/error' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 345) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
network	error	URL: https://id.biltrewards.com/public/user/authentication/token Message: Failed to load resource: the server responded with a status of 400 ()
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/app Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&n3pc=true&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/app Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 737) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__de.js(Line 737) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/app Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.biltrewards.com/app Message: Refused to connect to 'https://rp4.liadm.com/j?se=e30&duid=05e21e9a686e--01hx09nymx4n1z2ntp3ex2v6b5&aid=b-00ri&cd=.biltrewards.com&dtstmp=1714775849753&tv=v2.14.3&wpn=lc-bundle&i6=MjAwMToxYjYwOjI6MjQwOjMyNDc6OjI%3D&pu=https%3A%2F%2Fwww.biltrewards.com%2Fapp&c=PHRpdGxlPlRvIHBheSB5b3VyIHJlbnQgYW5kIHN0YXJ0IGVhcm5pbmcgcG9pbnRzLCBkb3dubG9hZCB0aGUgQmlsdCBSZXdhcmRzIG1vYmlsZSBhcHAuPC90aXRsZT4' because it violates the following Content Security Policy directive: "connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com".
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://cdn.userway.org/widgetapp/2024-04-30-12-14-34/widget_app_base_1714479274721.js(Line 3) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://connect.facebook.net/signals/config/353467326379958?v=2.9.155&r=stable&domain=www.biltrewards.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 82) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://decagon.ai/loaders/bilt.js(Line 46) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
security	error	URL: https://transcend-cdn.com/cm/de67a7b8-de3e-4c8f-858d-6c7f832a1a5f/airgap.js(Line 4) Message: The Content-Security-Policy directive 'frame-ancestors' does not support the source expression '.henrihome.com'
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.biltrewards.com/app Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	block-all-mixed-content; child-src 'self'; connect-src 'self' ws: analytics.tiktok.com east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai rp.liadm.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com onlineleasing-dev.related-dev.com:60154 onlineleasing-int.related-dev.com onlineleasing-uat.related-dev.com onlineleasing.related.com openboxsoftware.com openbox-redirect.wiremockapi.cloud .ada.support .analytics.google.com .biltcard.com .biltrewards.com .deviceinfresolver.com .facebook.com .google-analytics.com .googletagmanager.com .segment.io .sentry.io .smooch.io .transcend.io .userway.org .zdassets.com analytics.google.com biltrewards.ada.support biltrewards.zendesk.com cdn.plaid.com cdn.segment.com cognito-identity.us-west-2.amazonaws.com docv-prod-api.alloy.co ipgeolocation.abstractapi.com js.verygoodvault.com js3.verygoodvault.com maps.googleapis.com sdk.iad-05.braze.com snippet.meticulous.ai stats.g.doubleclick.net tr.snapchat.com transcend-cdn.com user-events-v3.s3-accelerate.amazonaws.com vercel.live vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com www.air-port-codes.com ; default-src 'self' snippet.meticulous.ai .biltrewards.com cdn.plaid.com www.google.com www.gstatic.com ; font-src 'self' .biltrewards.com cdn.userway.org fonts.googleapis.com ; frame-ancestors 'self' .activebuilding.com .activebuilding.docker .avalonaccess.com .biltrewards.com .securecafe.com avalonaccess.com bilt-qa.framer.website rp.ams-dev-avalonbay.com www.hqo.co www.hqo.com www.hqoapp.com .lvh.me:3000 .henridev.com .henrihome.com * .henrihome.com ; frame-src 'self' development-knotapi.vercel.app cardswitcher.knotapi.com .biltrewards.com .doubleclick.net .jamsadr.com .soul-cycle.com alloysdk.alloy.co biltrewards.ada.support cdn.plaid.com cdn.userway.org decagon.ai js.verygoodvault.com js3.verygoodvault.com mailto: .soul-cycle.com sync-transcend-cdn.com tr.snapchat.com vercel.live www.datocms-assets.com www.google.com www.googletagmanager.com ; img-src 'self' data: https: east.srv.stackadapt.com eu.srv.stackadapt.com mgln.ai srv.stackadapt.com tags.srv.stackadapt.com tvspix.com uw.srv.stackadapt.com .google-analytics.com .googletagmanager.com ; media-src static.biltrewards.com www.datocms-assets.com stream.mux.com ; object-src 'self' www.datocms-assets.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' b-code.liadm.com cdn.mgln.ai east.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com srv.stackadapt.com tags.srv.stackadapt.com uw.srv.stackadapt.com www.redditstatic.com .biltrewards.com .doubleclick.net .googletagmanager.com .oktacdn.com analytics.tiktok.com api.smooch.io browser.sentry-cdn.com cdn.deviceinf.com cdn.plaid.com cdn.refersion.com cdn.segment.com cdn.userway.org cdnjs.cloudflare.com connect.facebook.net decagon.ai js.verygoodvault.com maps.googleapis.com sc-static.net snippet.meticulous.ai static.ada.support static.zdassets.com tr.snapchat.com transcend-cdn.com vercel.live www.google.com www.googleadservices.com www.gstatic.com ; style-src 'self' 'unsafe-inline' east.srv.stackadapt.com tags.srv.stackadapt.com eu.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com .biltrewards.com cdn.userway.org transcend-cdn.com ;
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
analytics.tiktok.com
api.segment.io
api.userway.org
b-code.liadm.com
bilt.page.link
cdn.deviceinf.com
cdn.mgln.ai
cdn.plaid.com
cdn.segment.com
cdn.userway.org
cdn77.api.userway.org
connect.facebook.net
conversions-config.reddit.com
decagon.ai
eu.mgln.ai
flags.biltrewards.com
googleads.g.doubleclick.net
id.biltrewards.com
mgln.ai
o441793.ingest.sentry.io
pixel.tapad.com
region1.google-analytics.com
rp.liadm.com
rp4.liadm.com
static.biltrewards.com
sync-transcend-cdn.com
tags.srv.stackadapt.com
transcend-cdn.com
tvspix.com
vitals.vercel-insights.com
www.biltrewards.com
www.datocms-assets.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.redditstatic.com
api.userway.org
conversions-config.reddit.com
rp4.liadm.com
www.redditstatic.com
104.126.37.185
108.128.159.11
13.33.187.92
142.250.186.35
151.101.1.140
172.217.16.130
172.217.16.200
172.217.23.98
172.66.40.196
172.67.136.129
2001:4860:4802:34::36
216.58.212.164
2600:1f14:5db:eb11:b7c2:adeb:f9f9:4156
2600:1f18:730:b150:3e92:a640:deed:8020
2600:9000:275d:6c00:8:8845:1500:93a1
2606:4700:20::681a:2b4
2606:4700:20::ac43:484f
2606:4700:3108::ac42:28c4
2606:4700:4400::6812:297e
2606:4700::6812:7f8
2a00:1450:4001:813::2001
2a00:1450:4001:81d::2003
2a00:1450:4001:82f::2008
2a02:6ea0:c700::11
2a02:6ea0:c700::17
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:400::396
3.121.4.172
34.110.183.245
34.111.113.62
34.120.195.249
34.160.241.76
34.201.224.56
35.241.5.91
52.39.83.198
54.69.251.6
76.76.21.21
76.76.21.93
99.86.8.175
0101ce2ebedf0c6c79929420c97cd3e8e7f37f971e80a27519195584b7245694
06b071402d78d223ed8054689e67798c07e8ccdccf911c189c654b29461bfc0f
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
14196431302464b67035d3be26eb7dfb3b18e4d638a369d5ed6b4d4ebb4177b7
143e1e74e5cc9c6083b8322248f0e552d0499178431c08287cb4fa41ae99cc58
193f70e3ef4fb576a502cd67546306e9ec798eb04db2cbb8f42e19b719f75fe4
20fe9adfaea7dc50dbc0483bce8e4075b6efe699b31516ea88ab653b4a152ac9
21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710
245e82e79fc403ffc23f1b59217509f44f826fd360b7b0c3a7f19b13eec5aea4
25bec41e9f6dbc851e40687dc3aca88eb7f24515b8c04113e0a8bce69aefc57f
27177704f38bd97f92a4380b039ec8f1170496c8c56e7d1ad55e1af26cf41a17
2913c21c309171edff6716c34ba25a69c9949a141e2dbe6bbf437460fee6ce5e
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
31caec1e4851b931c1df05ced2d2d2bfddc38a262b5969a62ddc20f629fa6aea
348c150ca130c3e4b99b012ccf8572d9d8897d7d3e47610d033dd1ef86678a8f
352a6d9b12a5ae3949d370ff42a338ba8bb6ff455d9ba995b1755fb7b99e8824
35ad14870479eef74d997ee99ed4b30ee64dc5e2b32a31a9cb3591696c7638a1
36fe8d60c96300f39cef881c83445907bb7a1d0f00b71ffaf38916bc08f99585
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342
3df0ad29adc2dcb93fbdf4a0af7d67edf68ebf5e9a68cef09f93d28c51592ff0
3f7853bd4d6086be63374d96af8f4297718ae35b74698c30e362bf43a1d888a5
43ce35def7558be28d30002de7984ab770ebc989155fe2c504b39cf00c9798d2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ccd0c0f3d7a88ddbae1648ae059a9e2a52540e691a7af0df30e4d3b2292bbc
48eef7fe61a3e2c7c88ac1c6a263bd851b6a05363607e52fd2be4e4472d42255
49158eb40fa1df35097e314a4c2973c8fe19b97d82b6d91a4b4dce0bb8735c67
4ad9a5493aafc1f43e8882aeb9d07b945139ad6326d82a04b5237ee1a3283538
4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a
500ba18736d9e2fc79546b0f1ff540b8d022a0405718c9c460e6da300f18f7d3
51ba927d0c37fbfee18d263bbcc41c71d1bd4663120bfea42500cec812f03cea
52d615829959af7f19081ab71b18ac06dfaa032d417653288b42210fb1afe6a4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57bd3463acfad02c222f7beac208f69df5507f7de42fa38b18a1e1e48df2a44a
5a75a26f4dd38fe6f26a171533626d35e2df62b7c94a74c147c49589bac9b427
5c8a982670f098a78cf5a0349bd771c965321a815f45e7947f2608a7f1341e3e
5cf25ad54e83f0818d642d719afc921a523d92d9d450643fd8357f62a96a8b64
5d82e8c0c0c0c9bd98b9931a48d14ed6e53f00ac9199053f09f17c9e63e98cb1
5ebdda80c7f59c8f3237e0fa224a491321f544cf109c939141015c75d0f45312
66a9737875a0f5a00048fb2ed685946f0abd0649d44735b8460bf99821664c54
6e6dabe7479706b180861f3f87ea6cba75d7fae4e4ce831cde3795f15f5f4b3c
714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385
7705cfa1c0bc05d67afd1b2d5abf64186b6139905917b0b5864fc247312383fa
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7a3bed4b149bea12720998a501f1d977e449841bf0f651312ae9e532a7f37e2e
7a60c755c1b63a6a75a630ec292d75c3600bbe88778f12104d2576221be05221
7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518
7b4cdce57f8fddd34bfda991ea0073b28e5440c8406149a721db6542135c319c
8077def44dac6d0007fe546fa48014b104b349456393acce1bfb3670ae78ae21
84baf114519f46a19ea21f24cefad7b47efa7f71cd3671e72cbf04911fec362b
857fd3d2327ff29be00f9e5b595e7ae2664058e74d71caefe1fc679b218e92a6
8998554ffd85437ff7bfae81b2e94983f09986380d574117bb234ba6240f7bee
8e4647b2c54a42695e138bc40714f77b28db2a314b80703fc2f6e382592ee803
90055bd27913b60e8cfc7839e66f3bfbdc37bbdda9354b914a7cba50b414a9d9
9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2
96ec6a5c420dcd5ee533306c9dd9ea52ac1ecac6073425fd96a4430f27ce68e7
9b3109ac7d26fa72ad05c0891ac8986310ca847962a146bb1a2112a1f909fc47
9c250802a848518f6a9ff06f1c3ca3df0f4cc33d2662b01ddd4ac83dc03081f0
9fff2bb0ae4e7b8399d2af77253fecd38540f21fbd2e5899f1459eec325a4cca
a0546d53be10232506a89b1612653c4aee60cdc506f889dfa78c79a633048d58
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf
a686a93f452cf5ccdf545159d02dbb77540c5d182dd4dad0fc5ef89458eb372b
ad04a2251ac76732b9c8fbb0810ca4017dc3519fa08449c6b898f1e9af6d29fa
ae711693ddd734b0b9f3e56194208a6b1fe16460c00591b24ffa9b8df3406f3f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b220223a8800d05dc359ab6bd8cb71e35cf06dde9bedc2f5d9014df3b1e4e1ac
b2eb966323b30aa81a4c532919f886235fb76221bece6da5bf5660abf39e1c2e
ba5d21119b9f5b6e7961eb16778c3a33489ad3e9f820d12a7e957f811ebb8712
bb86d91e3b389c31862f4b8bf4751da190f0cf386e9c1af4b193fb7f36754733
be575da13139662c6322fa3d100cda159a93f55517aff329b03db8f5e1a721a8
c2b94cfc4eef447336e5dfa65487b6920554809090d4ffb57dd3c8a0b4663634
c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c
c8ac815b5b86cd8b9184bc6184ee4ee23d88f7759e71b7cfe4b69b4093fa9a1c
c91c19ffccd38706c6253aa32770f0a4161d70c784c7ac9889c840b2e4cdd3af
d36581d12cf8cf9ba65fffd3c7c864e5b3dd472906fe2e203519b4fe0b13f7b4
d516b02416f90e12f1f034b4f9e991f849bf1ed267497f3b9030dbbf11d07d71
d5781b6843de18ff323984b25323f02a17ccbd6d984ea170e8f0f290272031bb
d7fd8c1808ce158cbe78c756d301645bee9c0554a5ec470202d11dd85b3eeeba
d85e3b3bf0efa46b38853dc507ba4292665037545075d1ceb94079fbe97c552f
db3a4c293163d6e0bc88dbd91c09fc2a855785cff3024c4d8e4ba11982137ced
e033d1d8c326a5477655409267ff6f0f2d5c7c8176793aaa2d18660f146083ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ddeb8f216ffeb7c751f94c9364df276b3d774f7acd8c52ed280f3d3f3ad988
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db
ea16fe5590dfb6972fe040ca1e726b8c53f5f940f7b187eb431eb3124ef9ecc3
ea66d86f1539dad1f12b54e283d9a87954804191ccfe5fa5ed9d1ae61599ca9e
eca9085356b42332f349139ffd7a0354b4d9ee3ebb035a9f1b3fd9fe0eb1eae9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f17f41308a25d94b07389976d9a56bc89361f1f6be003ecfb50ec56b1257f64b
f451ccd1b82076cdf339b4c512eb3363a898c580776fe8e2a4242ffea352b4a1
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f87a3392313500de980b01445d72f2f7e95bc0d26d5f938bb2f1a7ab569caf98
fa10a41a8fd89e1784da2ae09f9d4f1cee48e98161e3ab35ec20cd9e2d9fba47
fa99a5961909f69c45ae90fddd26a912ad09674ace9fabdd7ad138c59e3e0f77
fee988d0a4b149a9ce3c30d63733d83d3c257368af50883bc9027fe0614dd522

www.biltrewards.com Open in urlscan Pro 76.76.21.93 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

138 Requests

92 %HTTPS

43 %IPv6

30 Domains

40 Subdomains

38 IPs

3 Countries

2776 kBTransfer

9098 kBSize

31 Cookies

14 Outgoing links

Page URL History

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.biltrewards.com Open in urlscan Pro
76.76.21.93 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

92 %
HTTPS

43 %
IPv6

30
Domains

40
Subdomains

38
IPs

3
Countries

2776 kB
Transfer

9098 kB
Size

31
Cookies

138 HTTP transactions
0 data transactions