urlscan.io logo urlscan.io
SecurityTrails logo

borrower.january.com Open in urlscan Pro
2600:9000:2451:7200:1c:3c6d:f4c0:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://january.com/b/egK_JYfM510=
Effective URL: https://borrower.january.com/b/egK_JYfM510=
Submission: On September 18 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 39 HTTP transactions. The main IP is 2600:9000:2451:7200:1c:3c6d:f4c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is borrower.january.com.
TLS certificate: Issued by Amazon on August 12th 2022. Valid for: a year.
This is the only time borrower.january.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    18.155.145.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-15.ham50.r.cloudfront.net
january.com
12    35.161.132.28 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-161-132-28.us-west-2.compute.amazonaws.com
www.january.com
11    2600:9000:2451:7200:1c:3c6d:f4c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
borrower.january.com
1    130.211.5.208 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 208.5.211.130.bc.googleusercontent.com
cdn4.mxpnl.com
1    35.201.112.186 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
4    143.204.65.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-65-117.lhr61.r.cloudfront.net
d2yyd1h5u9mauk.cloudfront.net
1    18.165.205.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-205-56.lhr50.r.cloudfront.net
www.datadoghq-browser-agent.com
2    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
1    2a00:1450:4001:811::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
1    18.155.145.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-53.ham50.r.cloudfront.net
widget.intercom.io
3    18.155.145.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-86.ham50.r.cloudfront.net
js.intercomcdn.com
1    2600:1f18:24e6:b900:1997:875d:2f4a:e3d2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rum-http-intake.logs.datadoghq.com
2    35.186.241.51 (None, )

ASN- ()
api-js.mixpanel.com
Apex Domain
Subdomains		 Transfer
25 january.com
january.com
www.january.com
borrower.january.com
1 MB
4 cloudfront.net
d2yyd1h5u9mauk.cloudfront.net
97 KB
3 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 1846
192 KB
3 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2291
rs.fullstory.com — Cisco Umbrella Rank: 2067
64 KB
2 mixpanel.com
api-js.mixpanel.com
375 B
2 google.com
accounts.google.com — Cisco Umbrella Rank: 77
apis.google.com — Cisco Umbrella Rank: 98
95 KB
1 datadoghq.com
rum-http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 3508
1 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1834
251 B
1 datadoghq-browser-agent.com
www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 2338
21 KB
1 mxpnl.com
cdn4.mxpnl.com — Cisco Umbrella Rank: 10717
18 KB
39 10
Domain Requested by
12 www.january.com 1 redirects borrower.january.com
edge.fullstory.com
11 borrower.january.com borrower.january.com
4 d2yyd1h5u9mauk.cloudfront.net borrower.january.com
3 js.intercomcdn.com widget.intercom.io
2 api-js.mixpanel.com www.datadoghq-browser-agent.com
2 rs.fullstory.com www.datadoghq-browser-agent.com
2 january.com 2 redirects
1 rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com
1 widget.intercom.io 1 redirects
1 apis.google.com borrower.january.com
1 accounts.google.com borrower.january.com
1 www.datadoghq-browser-agent.com borrower.january.com
1 edge.fullstory.com borrower.january.com
1 cdn4.mxpnl.com borrower.january.com
39 14

This site contains links to these domains. Also see Links.

Domain
www.january.com
Subject Issuer Validity Valid
*.january.com
Amazon		 2022-08-12 -
2023-09-10		 a year crt.sh
january.com
Amazon		 2022-01-07 -
2023-02-05		 a year crt.sh
*.mxpnl.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2022-07-11 -
2023-07-28		 a year crt.sh
edge.fullstory.com
GTS CA 1D4		 2022-08-08 -
2022-11-06		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
*.datadoghq-browser-agent.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-17 -
2023-02-18		 a year crt.sh
*.fullstory.com
R3		 2022-08-13 -
2022-11-11		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2022-08-29 -
2022-11-21		 3 months crt.sh
*.apis.google.com
GTS CA 1C3		 2022-08-29 -
2022-11-21		 3 months crt.sh
*.intercomcdn.com
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh
*.logs.datadoghq.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-26 -
2023-04-26		 a year crt.sh
*.mixpanel.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2022-03-28 -
2023-04-28		 a year crt.sh

This page contains 2 frames:

Primary Page: https://borrower.january.com/b/egK_JYfM510=
Frame ID: 2C6FD484039C63B3D3EC1327F24B03AF
Requests: 32 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.ee786cc9.js
Frame ID: 7BFE36C4B29271D2A68E82C13A812A56
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

January

Page URL History Show full URLs

  1. http://january.com/b/egK_JYfM510= HTTP 307
    https://january.com/b/egK_JYfM510= HTTP 301
    https://www.january.com/b/egK_JYfM510= HTTP 302
    https://borrower.january.com/b/egK_JYfM510= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <meta[^>]*google-signin-client_id
  • apis\.google\.com/js/platform\.js
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

39
Requests

95 %
HTTPS

29 %
IPv6

10
Domains

14
Subdomains

12
IPs

2
Countries

1938 kB
Transfer

2968 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://january.com/b/egK_JYfM510= HTTP 307
    https://january.com/b/egK_JYfM510= HTTP 301
    https://www.january.com/b/egK_JYfM510= HTTP 302
    https://borrower.january.com/b/egK_JYfM510= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19
  • https://january.com/static/prime_hsts.png HTTP 301
  • https://www.january.com/static/prime_hsts.png
Request Chain 22
  • https://widget.intercom.io/widget/epjdnjra HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request egK_JYfM510=
borrower.january.com/b/
Redirect Chain
  • http://january.com/b/egK_JYfM510=
  • https://january.com/b/egK_JYfM510=
  • https://www.january.com/b/egK_JYfM510=
  • https://borrower.january.com/b/egK_JYfM510=
10 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
675350eeb2490a3b2ad9fe7506f3a8d13e729c616768501192ad56453622c45f
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
83779
content-length
10364
content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
content-type
text/html
date
Sat, 17 Sep 2022 19:01:50 GMT
etag
"f1169490ddbdb85f65e40a2856593885"
last-modified
Fri, 16 Sep 2022 22:43:03 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-amz-cf-id
EADrbELf3BdwAhvIOkqjdf5XxCoG1SPgHiD4KfDyYJJVIJqlJuGRZg==
x-amz-cf-pop
HAM50-P2
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

content-length
293
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:07 GMT
location
https://borrower.january.com/b/egK_JYfM510=
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
events
www.january.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://borrower.january.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://borrower.january.com
allow
POST, OPTIONS
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:09 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Origin, Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
mixpanel-2-latest.min.js
cdn4.mxpnl.com/libs/ 		50 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn4.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.5.208 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
208.5.211.130.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 18:16:05 GMT
content-encoding
gzip
age
124
x-guploader-uploadid
ADPycdv4dRpJIzXR7RJ3-b2YK6aWjY0uaogxNnd4sFV6lD2UDDrEcFQPNwPtd4jmpuNbrnUp_Zq873mgg8wvO6k6QY2_UvV0lXvF
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17435
last-modified
Thu, 17 Feb 2022 20:21:50 GMT
server
UploadServer
etag
"caa762087e9d75cecc34b5d6626cb7b9"
vary
Accept-Encoding
x-goog-hash
crc32c=PPVzJA==, md5=yqdiCH6ddc7MNLXWYmy3uQ==
x-goog-generation
1645129310876382
access-control-allow-origin
*
cache-control
public,max-age=600
x-goog-stored-content-length
17435
accept-ranges
bytes
content-type
text/javascript
expires
Sun, 18 Sep 2022 18:26:05 GMT
events
www.january.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Sep 2022 18:18:09 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin, Cookie
content-type
text/html; charset=utf-8
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
strict-transport-security
max-age=3600; includeSubDomains
content-length
0
x-xss-protection
1; mode=block
fs.js
edge.fullstory.com/s/ 		245 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
647c61b085ea098e8b5d6c0498c18e97bd9cc858ec3e6763cd16cb64d61c47f8

Request headers

Referer
Origin
https://borrower.january.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 18:09:15 GMT
content-encoding
br
age
533
x-guploader-uploadid
ADPycdvtXyNKdttgv87uLP1OiP-HKsAYY60H4iVGvRKoxSK76cKrn6NkGGD48mytRuyTWQ-qDP7qdSdZFz0c6ntyE4q6oPfpiu08
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62929
last-modified
Wed, 14 Sep 2022 13:59:28 GMT
server
UploadServer
etag
"d720d9c7a26941dcca38a469673b2863"
vary
Accept-Encoding
x-goog-hash
crc32c=S62c9A==, md5=1yDZx6JpQdzKOKRpZzsoYw==
x-goog-generation
1663163967982920
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
62929
accept-ranges
bytes
content-type
application/javascript
expires
Sun, 18 Sep 2022 19:09:15 GMT
delightedPaymentPlan.js
d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/RpkpsOoqYVpoTIOX/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/RpkpsOoqYVpoTIOX/delightedPaymentPlan.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.65.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-65-117.lhr61.r.cloudfront.net
Software
/
Resource Hash
d496219272b099f8d3f71d74cdf7e3ba3f6696a0312aa6e712fb67fc440983c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Sun, 18 Sep 2022 18:18:08 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
LHR61-P1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
024d7983a8ba10b6a4434b24296e84e2
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.041892
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Via
1.1 b214b93d742fbebaa1ebb3a48c41e89a.cloudfront.net (CloudFront)
Cache-Control
max-age=120, public
Content-Security-Policy
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
X-Amz-Cf-Id
l39Hj9qh9thw8b1xkMsw0U3xju17DGahbk764hLbxt6wWAevEQqe9A==
delightedMakePayment.js
d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/MOHRArUZPB4Gqh85/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/MOHRArUZPB4Gqh85/delightedMakePayment.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.65.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-65-117.lhr61.r.cloudfront.net
Software
/
Resource Hash
aa3167bd7ab25fa1eaebe2d370ebf20290f9f08066869ccab266ab9739d2f415
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Sun, 18 Sep 2022 18:18:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
LHR61-P1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
d08fcd0f1f959d167ed80b482eb878a6
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.100229
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Via
1.1 b6143952706f018e1ba3e69247a6e10c.cloudfront.net (CloudFront)
Cache-Control
max-age=120, public
Content-Security-Policy
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
X-Amz-Cf-Id
HiFvVAfobK30n3tnhJRpQMbrdhJkzKOIZ26s6M2hdLV0mbt7zeMfpA==
delightedSettlement.js
d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/UgPRkrZHrT0FiLjU/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/UgPRkrZHrT0FiLjU/delightedSettlement.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.65.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-65-117.lhr61.r.cloudfront.net
Software
/
Resource Hash
19483417de220603f363180525c9aef8d61449755375f5066651b6f10fab4562
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Sun, 18 Sep 2022 18:18:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
LHR61-P1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
a6c78d17215cbabfb340a8b21df10824
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.098653
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Via
1.1 43334d331c518c3406b3d27e1a927864.cloudfront.net (CloudFront)
Cache-Control
max-age=120, public
Content-Security-Policy
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
X-Amz-Cf-Id
y4KZv-ezuTL8fawp_4T9PvFm1LCIlhvKo0Uv5aMWkKgjuXcIsnf0Kg==
delightedPayInFull.js
d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/G1UDcRojM6R1qYZM/ 		159 B
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/G1UDcRojM6R1qYZM/delightedPayInFull.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.65.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-65-117.lhr61.r.cloudfront.net
Software
/
Resource Hash
bffc53a34a16569907097bdba6121f043e9a2bdc205aae412e23666b0e47ce71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Sun, 18 Sep 2022 18:18:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-Amz-Cf-Pop
LHR61-P1
Transfer-Encoding
chunked
X-Cache
Miss from cloudfront
Status
200 OK
Connection
keep-alive
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Request-Id
01cbc08bac32c8ee7d9e9d73feaa1080
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.022347
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/javascript; charset=utf-8
Via
1.1 81bc7853cdca941dddd27cd956741044.cloudfront.net (CloudFront)
Cache-Control
max-age=120, public
Content-Security-Policy
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com http://fonts.intercomcdn.com https://dcx14qs33eg2z.cloudfront.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdn.weglot.com https://fonts.googleapis.com https://tagmanager.google.com https://heapanalytics.com https://app-sj30.marketo.com https://cdn.zapier.com https://dcx14qs33eg2z.cloudfront.net; object-src 'none'; media-src 'self' https://beacon-v2.helpscout.net https://js.intercomcdn.com/ https://dcx14qs33eg2z.cloudfront.net; img-src 'self' data: http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://app.intercom.io https://app.pendo.io https://a.opmnstr.com https://api.omappapi.com https://analytics.twitter.com https://app-sj30.marketo.com https://bat.bing.com https://beacon-v2.helpscout.net https://cdn.heapanalytics.com https://cdn.pendo.io https://cdn.weglot.com https://connect.facebook.net https://ct.capterra.com https://data.pendo.io https://googleads.g.doubleclick.net https://heapanalytics.com https://js.intercomcdn.com https://js.pusher.com https://js.stripe.com https://munchkin.marketo.net https://pendo-io-static.storage.googleapis.com https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://rum-static.pingdom.net https://script.crazyegg.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://widget.intercom.io https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://zapier.com https://cdn.zapier.com https://*.quora.com https://js.sentry-cdn.com https://browser.sentry-cdn.com https://public.profitwell.com https://static.profitwell.com https://polyfill.io https://d3dy5gmtp8yhk7.cloudfront.net/ https://d2yyd1h5u9mauk.cloudfront.net https://dcx14qs33eg2z.cloudfront.net; frame-src 'self' https://accounts.google.com https://app.pendo.io https://js.stripe.com https://beacon-v2.helpscout.net https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://app-sj30.marketo.com https://qglobalops.co1.qualtrics.com; connect-src 'self' https://delighted.com https://*.delighted.com https://api.delighted.com https://accounts.google.com https://api-iam.intercom.io https://api-ping.intercom.io https://api.intercom.io https://api.zapier.com https://zapier.com https://app.pendo.io https://bat.bing.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://cdn.weglot.com https://cdn-api-weglot.com https://d3hb14vkzrxvla.cloudfront.net https://data.pendo.io https://heapanalytics.com https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pendo-static-5802606298267648.storage.googleapis.com https://platform.twitter.com https://risk.clearbit.com https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://www.google.com https://www2.profitwell.com https://099-SJL-057.mktorest.com https://*.pusher.com https://js.sentry-cdn.com https://browser.sentry-cdn.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://ws.pusher.com wss://ws.pusherapp.com https://dcx14qs33eg2z.cloudfront.net; report-uri https://fb4qdnkh2k.execute-api.us-east-1.amazonaws.com/default
X-Amz-Cf-Id
Oqtqh9ToMDhSrEGAmH3VcUw9QMdxrMYuZ_TL5ATxFY4DJ9moXsplOw==
datadog-rum.js
www.datadoghq-browser-agent.com/ 		64 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.datadoghq-browser-agent.com/datadog-rum.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.205.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-205-56.lhr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
54cc471e6d75456315e6685c7af0dcdee292fddb9c31d4b7b0c5f75eb668d35c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 18:18:01 GMT
content-encoding
br
last-modified
Mon, 19 Jul 2021 12:21:08 GMT
server
AmazonS3
age
12
etag
W/"6f16bc452a225d7da116aa4c430872f8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6fa2f2520e1a521d933565337b2b81de.cloudfront.net (CloudFront)
cache-control
max-age=14400, s-maxage=60
x-amz-cf-pop
LHR50-P3
timing-allow-origin
*
x-amz-cf-id
OoQR_2C_oTPyqpYx3rN6uSou0QGapG0f1Y_YrUfoGjGYbjwH_MCimA==
main.2d5b3ea3.chunk.css
borrower.january.com/static/css/ 		5 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6c54c9e8d1cb9cc7854fa6e22bbd318de7436f770e41512b830b54bfcf53776c
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
Miss from cloudfront
content-length
5560
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:03 GMT
server
AmazonS3
x-frame-options
DENY
date
Sun, 18 Sep 2022 18:18:09 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
text/css
etag
"5cef40dfcbe485e7f6281f5f7f5d0392"
x-amz-cf-id
-DOrFarNBxDtzXgjSH9KbPDHIfk5SCOzpq0NG0QhPJ8PGmNpoJM33g==
runtime~main.9d209aec.js
borrower.january.com/static/js/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/js/runtime~main.9d209aec.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb8baf4f8597a45f89e5b79f98c908b52b2cd0832f7cedfaaa8debead8c98693
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
Miss from cloudfront
content-length
1452
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
date
Sun, 18 Sep 2022 18:18:09 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
application/javascript
etag
"95f440a35fe5ec7294926a342b9019ed"
x-amz-cf-id
-Qo7iE_Ay0tvpieJsFina9HEq8FFDh5IbVGBKCxV_L4S8ffPeDXBcw==
page
rs.fullstory.com/rec/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
7a5d401403a61fd91af3a87b31529cabc56d60c4e4ac488e3e388e1c9bf41c57

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 18 Sep 2022 18:18:10 GMT
content-encoding
gzip
content-type
application/json; charset=utf-8
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1380
via
1.1 google
0.fc954ba0.chunk.js
borrower.january.com/static/js/ 		358 KB
359 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/js/0.fc954ba0.chunk.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b0c93183d39afef3fe6875e4b4b06b82ada43a3fc9786496af0e102396f4fccd
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
RefreshHit from cloudfront
date
Sun, 18 Sep 2022 18:18:10 GMT
content-length
366220
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:03 GMT
server
AmazonS3
x-frame-options
DENY
etag
"645fe3a28ab7e72be3e06cab74e5eeb4"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
application/javascript
x-amz-cf-id
z7QfujnF57tBQcWP6tbg2LC1lIJbGfVQkY7nxXKgwWaEdHsH9XTRqg==
1.f2f57c20.chunk.js
borrower.january.com/static/js/ 		244 KB
245 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/js/1.f2f57c20.chunk.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
46fa69cf03feffc6d27b5796e6907518b39a4dba645d93d08199712ce842ab37
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
RefreshHit from cloudfront
date
Sun, 18 Sep 2022 18:18:10 GMT
content-length
250291
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
etag
"e0dce707ada59b06627ab611d3c458d1"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
application/javascript
x-amz-cf-id
MHZPa7crpGcmuT-wTOgZNsHINGWQepJgRI9fA3OxmNGIhsZKW3Mh7w==
main.c0250349.chunk.js
borrower.january.com/static/js/ 		732 KB
734 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/js/main.c0250349.chunk.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7a64afc0a1a104422f3cf2527bc924d0615b24c1545c12717c986de82a842eaa
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
77475
x-cache
Hit from cloudfront
content-length
749825
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
date
Sat, 17 Sep 2022 20:46:55 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
application/javascript
etag
"25e046af900e5755ca18bdc958f922c8"
x-amz-cf-pop
HAM50-P2
x-amz-cf-id
GOJdwgzVueaQKf3hRzBGvRi_y3uU38RHknqisOMiyk11BoFPHfU5EA==
graphql
www.january.com/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.january.com/api/graphql
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://borrower.january.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://borrower.january.com
allow
POST, OPTIONS
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Origin, Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
graphql
www.january.com/api/ 		364 B
810 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.january.com/api/graphql
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
1b68e75f6179f0d16f792c61099a5441815dbba72ecf2aba6b82367140450732
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept
*/*
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
content-type
application/json

Response headers

date
Sun, 18 Sep 2022 18:18:11 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin, Cookie
content-type
application/json
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
strict-transport-security
max-age=3600; includeSubDomains
x-xss-protection
1; mode=block
client
accounts.google.com/gsi/ 		186 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
461f906fbdd651ac3cc6e3c4424304be60da05bd573659d5bc855724137ebcb2
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-93D_Vd0s08dVxDWa0rI7dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 18:18:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-93D_Vd0s08dVxDWa0rI7dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Sun, 18 Sep 2022 18:18:10 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2517f2f4a19d61f890f6ceca117953dcb151b3d6b2d6ed388e0df235b857a3db
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20360
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
date
Sun, 18 Sep 2022 18:18:10 GMT
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"95a07626e083cec6"
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 18 Sep 2022 18:18:10 GMT
prime_hsts.png
www.january.com/static/
Redirect Chain
  • https://january.com/static/prime_hsts.png
  • https://www.january.com/static/prime_hsts.png
272 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.january.com/static/prime_hsts.png
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
0e19e889c092784bd195e20cd6e0b6f659f44e7a01b3383cf76b1aa0786328d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sun, 18 Sep 2022 18:18:10 GMT
content-encoding
gzip
last-modified
Thu, 19 Aug 2021 19:05:15 GMT
server
nginx
etag
W/"611eab6b-110"
content-type
image/png
cache-control
max-age=315360000, public; immutable
expires
Thu, 31 Dec 2037 23:55:55 GMT

Redirect headers

date
Sun, 18 Sep 2022 16:12:49 GMT
via
1.1 fce8106dca6331a9ef447b7d400205f8.cloudfront.net (CloudFront)
server
AmazonS3
age
7521
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
location
https://www.january.com/static/prime_hsts.png
cache-control
max-age=1800; public
x-amz-cf-pop
HAM50-P1
content-length
0
x-amz-cf-id
dNwMqHxRAf5BNCQUfudRe8ARZeae6R-tjA8dn25GMVdhbO1bUxWG0Q==
events
www.january.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://borrower.january.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://borrower.january.com
allow
POST, OPTIONS
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Origin, Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
events
www.january.com/ 		0
500 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/b/egK_JYfM510=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Sep 2022 18:18:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin, Cookie
content-type
text/html; charset=utf-8
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
strict-transport-security
max-age=3600; includeSubDomains
content-length
0
x-xss-protection
1; mode=block
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/epjdnjra
  • https://js.intercomcdn.com/shim.latest.js
18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Protocol
H2
Server
18.155.145.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-145-86.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b85257d994958c38fa5bed2cf8320d2921a3e635719c14b3b9cf467f22965cba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
orphSTh0yahMXiz4wRwElsF875MfVqD3
content-encoding
gzip
etag
"a7308f57f487841c6800b476fa99ab72"
age
205
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
content-length
6169
last-modified
Fri, 16 Sep 2022 15:59:38 GMT
server
AmazonS3
date
Sun, 18 Sep 2022 18:14:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
via
1.1 df82305b97992378d05ae949e544e3e0.cloudfront.net (CloudFront)
cache-control
max-age=300, s-maxage=300, public
x-amz-cf-pop
HAM50-P1
accept-ranges
bytes
x-amz-cf-id
6WSCRz_fG9pkVQ64UYGstw7wJecY7wzqlIWRHSoEgGLzcvpMmgxTfA==

Redirect headers

date
Tue, 13 Sep 2022 11:48:28 GMT
via
1.1 c25f4c3e9095efed7de1aa324e9d84e2.cloudfront.net (CloudFront)
server
AmazonS3
age
455383
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop
HAM50-P1
content-length
0
x-amz-cf-id
xz9kXESYuUhlxbOSpbUpj1D9MRT11sb-ua0RuOIloeGE-Wc5WNmg8Q==
bundle
rs.fullstory.com/rec/ 		29 B
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle?OrgId=NA3ZB&UserId=5942013959704576&SessionId=5699882057830400&PageId=5221742315409408&Seq=1&PageStart=1663525089834&PrevBundleTime=0&LastActivity=1&IsNewSession=true
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
a9fd3aa33892ef2953806bb593aebf798d34f5afe789b6b984da097b58a6e70c

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://borrower.january.com
date
Sun, 18 Sep 2022 18:18:10 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
content-type
application/json; charset=utf-8
frame-modern.ee786cc9.js
js.intercomcdn.com/ Frame 7BFE 		425 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.ee786cc9.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/epjdnjra
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.145.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-145-86.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f5e1163fc3490f82087737f1e5ab3309278b70748b7be43b70efb8ec7d5a15cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
VV3RPBiyodPEW7caFvqkFp5DvlZ6WJTY
content-encoding
gzip
etag
"7dbfb2a51f8e0a09901956fd00b29b29"
age
1106
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
content-length
119155
last-modified
Fri, 16 Sep 2022 15:58:22 GMT
server
AmazonS3
date
Sun, 18 Sep 2022 17:59:45 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
via
1.1 df82305b97992378d05ae949e544e3e0.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
HAM50-P1
accept-ranges
bytes
x-amz-cf-id
8QD6_sFD8naZUGxCpdtjHUfgx9gnk11MNSBzylvQ7erd5eO_naXvfw==
vendor-modern.1a2e9d87.js
js.intercomcdn.com/ Frame 7BFE 		219 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.1a2e9d87.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/epjdnjra
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.155.145.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-155-145-86.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3f34510d1084efa2ded08fa59e86435eb3ee231be7b4e52de986f694cd54b234
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
SNCNv5gYAtOuI4rBfcDR9ZJ0kMElLlxm
content-encoding
gzip
etag
"277c062a61ee0d8cbef1bb626307d844"
age
2214
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
vary
Accept-Encoding
content-length
69356
last-modified
Fri, 16 Sep 2022 15:58:23 GMT
server
AmazonS3
date
Sun, 18 Sep 2022 17:41:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
via
1.1 df82305b97992378d05ae949e544e3e0.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
HAM50-P1
accept-ranges
bytes
x-amz-cf-id
sWSXChoaEYEMj0hBnvoUQBNbNbwghQPDqllpB0FfgpqI9uU1BFTpBQ==
events
www.january.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://borrower.january.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://borrower.january.com
allow
OPTIONS, POST
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:11 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Origin, Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
events
www.january.com/ 		0
501 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Sep 2022 18:18:11 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin, Cookie
content-type
text/html; charset=utf-8
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
strict-transport-security
max-age=3600; includeSubDomains
content-length
0
x-xss-protection
1; mode=block
events
www.january.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://borrower.january.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://borrower.january.com
allow
POST, OPTIONS
content-length
0
content-type
text/html; charset=utf-8
date
Sun, 18 Sep 2022 18:18:11 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=3600; includeSubDomains
vary
Origin, Cookie
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
events
www.january.com/ 		0
501 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.january.com/events
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.161.132.28 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-161-132-28.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=3600; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Sep 2022 18:18:11 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
x-frame-options
SAMEORIGIN
vary
Origin, Cookie
content-type
text/html; charset=utf-8
access-control-allow-origin
https://borrower.january.com
access-control-allow-credentials
true
strict-transport-security
max-age=3600; includeSubDomains
content-length
0
x-xss-protection
1; mode=block
logo.5fdbeb88.svg
borrower.january.com/static/media/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://borrower.january.com/static/media/logo.5fdbeb88.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
515f7ce21c023ec0d7b82b23e7dece0944c82f4461d1d084818c02b22ba44bbe
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/questionnaire/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71974
x-cache
Hit from cloudfront
date
Sat, 17 Sep 2022 22:18:38 GMT
content-length
2628
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 17:48:36 GMT
server
AmazonS3
x-frame-options
DENY
etag
"5fdbeb88ffa70cbe7c09711b50348305"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
image/svg+xml
x-amz-cf-pop
HAM50-P2
x-amz-cf-id
ab7R_3yXZidFSRGzeY1kaePAyKcz5BtxiWgOUA-tupSLAQby4ARt1Q==
formLock.324710bb.svg
borrower.january.com/static/media/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://borrower.january.com/static/media/formLock.324710bb.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ede271165c133d575ff80797c5fc0dd766e6c39b4574c0c2f9ac98c099c0d8a
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://borrower.january.com/b/questionnaire/egK_JYfM510=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
RefreshHit from cloudfront
date
Sun, 18 Sep 2022 18:18:12 GMT
content-length
2095
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
etag
"324710bba9cfa6b6dcc4c81f658880f0"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
image/svg+xml
x-amz-cf-id
JpRAy1tXjvn_qrusTD_tczVAGCz26WhjZvIusUPpBrAL1r0wLrZphA==
P22MackinacBold.8bc1e8da.woff2
borrower.january.com/static/media/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/media/P22MackinacBold.8bc1e8da.woff2
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1e96bb27720c4418bad93f130c46e69485a8d81b606fb49398708f1fce4f13c
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Origin
https://borrower.january.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
Miss from cloudfront
content-length
35656
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
date
Sun, 18 Sep 2022 18:18:12 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
font/woff2
etag
"8bc1e8da3b8f6f9ea95caab466b870fc"
x-amz-cf-id
aLwwjRdhoQzZAKtG0OBv9ueco1FZur0y_PLNMqgHJACkkugh4lrWmg==
MNKYBananaGrotesk-Regular.730de7c3.woff2
borrower.january.com/static/media/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/media/MNKYBananaGrotesk-Regular.730de7c3.woff2
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4e6e6867c21ac90b204e50e98d9f47fe432e30d85ec5e84159bf390296475d4f
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Origin
https://borrower.january.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
HAM50-P2
x-cache
Miss from cloudfront
content-length
24976
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 22:43:04 GMT
server
AmazonS3
x-frame-options
DENY
date
Sun, 18 Sep 2022 18:18:12 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
font/woff2
etag
"730de7c32264ae930986d3ef87b1de6f"
x-amz-cf-id
JxkMrXc7k5a-lHQxZttNn66zxCmiKbV_Mgfjii9LyWXI45Jm-MzWnA==
MNKYBananaGrotesk-Bold.01d81fb2.woff2
borrower.january.com/static/media/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://borrower.january.com/static/media/MNKYBananaGrotesk-Bold.01d81fb2.woff2
Requested by
Host: borrower.january.com
URL: https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2451:7200:1c:3c6d:f4c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4927a107412f9b737480bb1d90a3bd55ae03a770c06a1fe486edcd804e8f24ca
Security Headers
Name Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://borrower.january.com/static/css/main.2d5b3ea3.chunk.css
Origin
https://borrower.january.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy
object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
via
1.1 c08e2480b7edc38ca37e62153bcb77fe.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
71974
x-cache
Hit from cloudfront
date
Sat, 17 Sep 2022 22:18:38 GMT
content-length
25380
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 16 Sep 2022 17:48:35 GMT
server
AmazonS3
x-frame-options
DENY
etag
"01d81fb21ce4453c794c5d1b8fea4a35"
strict-transport-security
max-age=63072000; includeSubdomains; preload
content-type
font/woff2
x-amz-cf-pop
HAM50-P2
x-amz-cf-id
fZjLLSy2nokG2QXsK6s7jyW4asEDJYSbd8URZuHSYusbIA5LCqpaXQ==
pub2ad3e2cc839b84d04bb2f6673087b6bc
rum-http-intake.logs.datadoghq.com/v1/input/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://rum-http-intake.logs.datadoghq.com/v1/input/pub2ad3e2cc839b84d04bb2f6673087b6bc?ddsource=browser&ddtags=sdk_version%3A2.18.0%2Cenv%3Aproduction%2Cservice%3ABorrower%20Portal&batch_time=1663525091559
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b900:1997:875d:2f4a:e3d2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
/
api-js.mixpanel.com/track/ 		25 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-js.mixpanel.com/track/?verbose=1&ip=1&_=1663525094375
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.241.51 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
date
Sun, 18 Sep 2022 18:18:14 GMT
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://borrower.january.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
21
alt-svc
clear
content-length
25
/
api-js.mixpanel.com/engage/ 		25 B
375 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-js.mixpanel.com/engage/?verbose=1&ip=1&_=1663525094376
Requested by
Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.241.51 -, , ASN (),
Reverse DNS
Software
envoy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=604800; includeSubDomains

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=604800; includeSubDomains
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
date
Sun, 18 Sep 2022 18:18:14 GMT
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://borrower.january.com
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
alt-svc
clear
content-length
25

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| mixpanel boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS object| delightedPaymentPlan object| delightedMakePayment object| delightedSettlement object| delightedPayInFull object| DD_RUM string| _fs_loaded function| _fs_shutdown object| webpackJsonp undefined| message function| AdditionalQuestionsOptions function| AdditionalQuestionsScale object| _delighted object| __SENTRY__ number| 2f1acc6c3a606b082e5eef5e54414ffb object| regeneratorRuntime function| Intercom object| __APOLLO_CLIENT__ object| gapi object| ___jsl object| default_gsi object| google object| closure_lm_698580 function| __intercomAssignLocation

5 Cookies

Domain/Path Name / Value
borrower.january.com/ Name: _dd_s
Value: rum=1&id=91babff0-64fc-40bd-bad0-a13818826646&created=1663525088822&expire=1663525988822
.january.com/ Name: session
Value: eyJfZnJlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX3V1aWQiOiJiZTZiMmRmNi03NjYwLTRlMmItYmYyMy04MWFmZTRhNzc5OWQifQ.Yydg4w.3aJIEm861h1fVfG24DgGXN_N-BI
.january.com/ Name: ystbed_171219
Value: %7B%22device_id%22%3A%221936fbf3-64a8-41d6-b1c8-5f425d106219%22%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3A%22core-sequence-v2.generic_website_spanish%22%2C%22utm_medium%22%3A%22SMS%22%7D
.january.com/ Name: mp_59fc721590b4dba8d4179061d968de60_mixpanel
Value: %7B%22distinct_id%22%3A%20%22a1de5706-2a85-484b-96aa-2934aa0ac51f%22%2C%22%24device_id%22%3A%20%2218351d270636c-07863be8d1e139-6b3f5152-1d4c00-18351d270641a8%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22%24user_id%22%3A%20%22a1de5706-2a85-484b-96aa-2934aa0ac51f%22%7D
.january.com/ Name: fs_uid
Value: #NA3ZB#5942013959704576:5699882057830400:::#88aa3bdd#/1695061088

1 Console Messages

Source Level URL
Text
security error URL: https://borrower.january.com/static/js/main.c0250349.chunk.js
Message:
Refused to create a worker from 'blob:https://borrower.january.com/194faf0a-4ef0-4e68-954f-0df5f917402e' because it violates the following Content Security Policy directive: "worker-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src 'none'; manifest-src 'self'; base-uri 'self'; report-uri 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc'; report-to 'https://sentry.io/api/144822/security/?sentry_key=4693be96acc0414fac531adae524bafc';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
api-js.mixpanel.com
apis.google.com
borrower.january.com
cdn4.mxpnl.com
d2yyd1h5u9mauk.cloudfront.net
edge.fullstory.com
january.com
js.intercomcdn.com
rs.fullstory.com
rum-http-intake.logs.datadoghq.com
widget.intercom.io
www.datadoghq-browser-agent.com
www.january.com
130.211.5.208
143.204.65.117
18.155.145.15
18.155.145.53
18.155.145.86
18.165.205.56
2600:1f18:24e6:b900:1997:875d:2f4a:e3d2
2600:9000:2451:7200:1c:3c6d:f4c0:93a1
2a00:1450:4001:80b::200e
2a00:1450:4001:811::200d
35.161.132.28
35.186.194.58
35.186.241.51
35.201.112.186
0e19e889c092784bd195e20cd6e0b6f659f44e7a01b3383cf76b1aa0786328d1
19483417de220603f363180525c9aef8d61449755375f5066651b6f10fab4562
1b68e75f6179f0d16f792c61099a5441815dbba72ecf2aba6b82367140450732
2517f2f4a19d61f890f6ceca117953dcb151b3d6b2d6ed388e0df235b857a3db
3f34510d1084efa2ded08fa59e86435eb3ee231be7b4e52de986f694cd54b234
461f906fbdd651ac3cc6e3c4424304be60da05bd573659d5bc855724137ebcb2
46fa69cf03feffc6d27b5796e6907518b39a4dba645d93d08199712ce842ab37
4927a107412f9b737480bb1d90a3bd55ae03a770c06a1fe486edcd804e8f24ca
4e6e6867c21ac90b204e50e98d9f47fe432e30d85ec5e84159bf390296475d4f
515f7ce21c023ec0d7b82b23e7dece0944c82f4461d1d084818c02b22ba44bbe
54cc471e6d75456315e6685c7af0dcdee292fddb9c31d4b7b0c5f75eb668d35c
647c61b085ea098e8b5d6c0498c18e97bd9cc858ec3e6763cd16cb64d61c47f8
675350eeb2490a3b2ad9fe7506f3a8d13e729c616768501192ad56453622c45f
6c54c9e8d1cb9cc7854fa6e22bbd318de7436f770e41512b830b54bfcf53776c
7a5d401403a61fd91af3a87b31529cabc56d60c4e4ac488e3e388e1c9bf41c57
7a64afc0a1a104422f3cf2527bc924d0615b24c1545c12717c986de82a842eaa
9ede271165c133d575ff80797c5fc0dd766e6c39b4574c0c2f9ac98c099c0d8a
a9fd3aa33892ef2953806bb593aebf798d34f5afe789b6b984da097b58a6e70c
aa3167bd7ab25fa1eaebe2d370ebf20290f9f08066869ccab266ab9739d2f415
b0c93183d39afef3fe6875e4b4b06b82ada43a3fc9786496af0e102396f4fccd
b85257d994958c38fa5bed2cf8320d2921a3e635719c14b3b9cf467f22965cba
bb8baf4f8597a45f89e5b79f98c908b52b2cd0832f7cedfaaa8debead8c98693
bffc53a34a16569907097bdba6121f043e9a2bdc205aae412e23666b0e47ce71
d1e96bb27720c4418bad93f130c46e69485a8d81b606fb49398708f1fce4f13c
d496219272b099f8d3f71d74cdf7e3ba3f6696a0312aa6e712fb67fc440983c0
da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5e1163fc3490f82087737f1e5ab3309278b70748b7be43b70efb8ec7d5a15cb