| ocsp.starfieldtech.com/ |  192.124.249.22 | | 2.1 kB |
IP192.124.249.22:0
Hashe13eb917efd8fbc85ffce682c8828081 be0215f3e4c3e0eef0919d58034913f81ded1b9e 1bf2086f3caeefd6a0d90c2ed0117c7232ad5d535bc2670a58c57359df6a2ac8
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 23 Sep 2023 14:19:23 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 22 Sep 2023 22:07:10 GMT
Expires: Sat, 23 Sep 2023 22:07:10 GMT
ETag: "be0215f3e4c3e0eef0919d58034913f81ded1b9e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
|
| www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884 | 35.201.76.131 | 302 Found | 260 B |
URL User Request GET HTTP/2www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884 IP35.201.76.131:443
CertificateIssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
File typeHTML document, ASCII text Hashb901ab5030961e42dafa141d9efd0cdb bf42d64efd83bedc491772813d8486fa4474e819 e08d0f29be3dcdd77aa339311620429ccdb9dc7d4d77a48868f19fa5ce496ccd
GET /29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884 HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 14:19:23 GMT
content-type: text/html; charset=utf-8
content-length: 260
accept-ch: Sec-Ch-Ua-Platform-Version
location: https://www.lmbahsj2.com/29PD1BG/8N7X34/?__rpt=0&__po=9&__ptid=f183010c9c0f42c29e16e6ebcef77f7f&__rpa=0&__rc=1&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884&sub3=&sub4=&sub5=&source_id=9&__pcd=9
set-cookie: uniqueClick_FGXLG=88be45d2-435c-4865-9e30-8241fd3e96b3:1695478763; Path=/; Expires=Sun, 24 Sep 2023 14:19:23 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 51081e33-3c0e-477a-af43-e4a84b3d9974
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.lmbahsj2.com/29PD1BG/8N7X34/?__rpt=0&__po=9&__ptid=f183010c9c0f42c29e16e6ebcef77f7f&__rpa=0&__rc=1&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884&sub3=&sub4=&sub5=&source_id=9&__pcd=9 | 35.201.76.131 | 302 Found | 290 B |
URL User Request GET HTTP/2www.lmbahsj2.com/29PD1BG/8N7X34/?__rpt=0&__po=9&__ptid=f183010c9c0f42c29e16e6ebcef77f7f&__rpa=0&__rc=1&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884&sub3=&sub4=&sub5=&source_id=9&__pcd=9 IP35.201.76.131:443
CertificateIssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
File typeHTML document, ASCII text Hash54c652111b9c4a15b6c5b7f217170db6 1a844582a977610efe01228530132b30092bd5a8 3d94a54c95091e58842b31575282c2490d28ee47602663f34a939af833ec6e09
GET /29PD1BG/8N7X34/?__rpt=0&__po=9&__ptid=f183010c9c0f42c29e16e6ebcef77f7f&__rpa=0&__rc=1&sub1=2&sub2=cefc44054ed64b2fb2f304d931b70884&sub3=&sub4=&sub5=&source_id=9&__pcd=9 HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: uniqueClick_FGXLG=88be45d2-435c-4865-9e30-8241fd3e96b3:1695478763
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sat, 23 Sep 2023 14:19:23 GMT
content-type: text/html; charset=utf-8
content-length: 290
accept-ch: Sec-Ch-Ua-Platform-Version
location: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
set-cookie: uniqueClick_8N7X34=8ccb776c-9144-40e2-8484-3b4c5f85a061:1695478763; Path=/; Expires=Sun, 24 Sep 2023 14:19:23 GMT; Secure; SameSite=None
transaction_id=bc805b829ef849478351eeabe32f80e2; Path=/; Expires=Fri, 22 Dec 2023 14:19:23 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 8b77a2bf-9a5f-4013-8eeb-8a4e398b2ef0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.starfieldtech.com/ | 192.124.249.36 | | 2.1 kB |
IP192.124.249.36:0
Hashe13eb917efd8fbc85ffce682c8828081 be0215f3e4c3e0eef0919d58034913f81ded1b9e 1bf2086f3caeefd6a0d90c2ed0117c7232ad5d535bc2670a58c57359df6a2ac8
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 23 Sep 2023 14:19:23 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 22 Sep 2023 22:07:10 GMT
Expires: Sat, 23 Sep 2023 22:07:10 GMT
ETag: "be0215f3e4c3e0eef0919d58034913f81ded1b9e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash8fe5097b12ddbaa7731f5c6d445db349 b1d9718a7e3ead4ad6c08b3c888129ddf9ba52af 3133a3d91f11eeb170b6a3149b7cceb04228b72a222187bcc374f1fbbdbf4bd3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| use.typekit.net/msd8xng.css |  23.36.76.186 | 200 OK | 680 B |
URL GET HTTP/2use.typekit.net/msd8xng.css IP23.36.76.186:443 ASN#20940 Akamai International B.V.
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subjectuse.typekit.net Fingerprint5F:2F:EB:47:33:08:97:87:7F:73:06:D1:9A:4B:F5:06:57:11:08:2B ValidityWed, 14 Sep 2022 00:00:00 GMT - Sun, 15 Oct 2023 23:59:59 GMT
File typeUnicode text, UTF-8 text, with very long lines (516) Hash20203a97a8fb7c1ce2353ecc67ea540d 69dd242bcc9927260938d83c99e59453871ebba4 56af1865c3c674da77191c0c3f9c9a01789e64b2851675d878cb03b5bc57a353
GET /msd8xng.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 680
date: Sat, 23 Sep 2023 14:19:25 GMT
X-Firefox-Spdy: h2
|
|
| ocsp.godaddy.com/ | 192.124.249.41 | | 2.1 kB |
IP192.124.249.41:0
Hash417e7084ca21981d10af637be94eedcc 75bfa0951a48ff286ffbe1f60861528ead99091a 3f791bf34316118974a3d5a3085c3c8506cc68dbdb51f16ab73af4099b40d06b
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 23 Sep 2023 14:19:25 GMT
Content-Type: application/ocsp-response
Content-Length: 2107
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 23 Sep 2023 06:15:33 GMT
Expires: Sun, 24 Sep 2023 06:15:33 GMT
ETag: "75bfa0951a48ff286ffbe1f60861528ead99091a"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
|
| static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 |  104.16.57.101 | 200 OK | 7.3 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 IP104.16.57.101:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint89:79:35:ED:04:A2:CA:50:F7:9A:B8:FE:DF:A5:0C:B1:F2:E6:DD:E8 ValidityMon, 10 Apr 2023 00:00:00 GMT - Tue, 09 Apr 2024 23:59:59 GMT
File typegzip compressed data, from Unix\012- data Hashcb909d9e17997d7ac304772f2644a413 f8eaf3943ba704c34fce2dadec544953bf500809 cf30f9df854b6f0112f2f554db0e912ebea5257abc835f103e57fe939b1ec6e1
GET /beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.7.1"
last-modified: Thu, 20 Jul 2023 18:10:27 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b36c2b4b441c06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cs-cdn.deviceatlas.com/dacs.js |  52.58.191.183 | 200 OK | 22 kB |
URL GET HTTP/2cs-cdn.deviceatlas.com/dacs.js IP52.58.191.183:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoDaddy.com, Inc. Subject*.deviceatlas.com Fingerprint24:8E:6E:64:30:97:51:E1:A5:07:DB:42:13:5B:15:27:BA:6F:10:C2 ValiditySat, 04 Mar 2023 07:26:21 GMT - Thu, 04 Apr 2024 07:26:21 GMT
File typeASCII text, with very long lines (22081) Hashe71b3f9237222c70c0d54c8dc2740fdd 168f0e872f5fc686d1303aca20e6956e413efd1f 068e0ef7413cb9d917b76718827946e20a1391a2f867f2d36df0f8ba4a6f29a7
GET /dacs.js HTTP/1.1
Host: cs-cdn.deviceatlas.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.17.9
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: application/javascript
content-length: 22174
last-modified: Tue, 19 Sep 2023 15:04:35 GMT
etag: "e71b3f9237222c70c0d54c8dc2740fdd"
expires: Sat, 23 Sep 2023 14:19:24 GMT
cache-control: no-cache
x-cache: HIT
accept-ch: DPR,Width,Viewport-Width,Viewport-Height,Device-Memory,RTT,Downlink,ECT,Lang,Sec-CH-DPR,Sec-CH-Width,Sec-CH-Viewport-Width,Sec-CH-Viewport-Height,Sec-CH-Device-Memory,Sec-CH-RTT,Sec-CH-Downlink,Sec-CH-ECT,Sec-CH-Lang,Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Bitness,Sec-CH-UA-WoW64,Sec-CH-Prefers-Reduced-Motion,Sec-CH-Prefers-Reduced-Transparency,Sec-CH-Prefers-Contrast,Sec-CH-Forced-Colors,Sec-CH-Prefers-Color-Scheme,Sec-CH-Prefers-Reduced-Data
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css | 23.36.76.96 | 200 OK | 5 B |
URL GET HTTP/2p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css IP23.36.76.96:443 ASN#20940 Akamai International B.V.
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subjectuse.typekit.net Fingerprint5F:2F:EB:47:33:08:97:87:7F:73:06:D1:9A:4B:F5:06:57:11:08:2B ValidityWed, 14 Sep 2022 00:00:00 GMT - Sun, 15 Oct 2023 23:59:59 GMT
Hash83d24d4b43cc7eef2b61e66c95f3d158 f0cafc285ee23bb6c28c5166f305493c4331c84d 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Tue, 07 Mar 2023 19:56:00 GMT
etag: "640796d0-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Sat, 23 Sep 2023 14:19:25 GMT
X-Firefox-Spdy: h2
|
|
| content.quickencompare.com/refily/starts.png | 104.18.28.109 | 200 OK | 551 B |
URL GET HTTP/2content.quickencompare.com/refily/starts.png IP104.18.28.109:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File typePNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced\012- data Hash90732fd581b4624530c995d70d3f17a8 6704549936ece70f840129dcca57a5e56ff0cac5 8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a
GET /refily/starts.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: image/png
content-length: 551
last-modified: Thu, 07 Sep 2023 16:30:01 GMT
x-amz-server-side-encryption: AES256
etag: "90732fd581b4624530c995d70d3f17a8"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AOXjKlyCHYMxJN3pqKtLg1TBEg2WyqycahamYtkrkZeRdwYtfiIoYg==
cf-cache-status: HIT
age: 443
expires: Sat, 23 Sep 2023 18:19:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=S.1Wz71sZTxFrM7320wfAP2asFJ3P2.BNS3XgWxjBHk-1695478766-0-AWS1UdAqwIyy7KhgPLzMDht6YfVSVUcRbH8aP8dKyMUQcu6SjsRg9grhDzs7o0Jy6qaKxD8axR/nLdY38dWPWLg=; path=/; expires=Sat, 23-Sep-23 14:49:26 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c336ba556a8-OSL
X-Firefox-Spdy: h2
|
|
| content.quickencompare.com/qc/refi-images/ICON-Homeowner.png | 104.18.28.109 | 200 OK | 10 kB |
URL GET HTTP/2content.quickencompare.com/qc/refi-images/ICON-Homeowner.png IP104.18.28.109:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File typePNG image data, 400 x 401, 8-bit/color RGBA, non-interlaced\012- data Hash6b6fdfba73cbc7cad1164a06e7ba471b 394e3ce560675dccc0c8606c2a53cf52c054436d 392696f65e2b746dd55fd3f11ce54c04e0ec51249b06f75bfdf0bbab370cf983
GET /qc/refi-images/ICON-Homeowner.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: image/png
content-length: 10196
last-modified: Fri, 11 Aug 2023 14:08:53 GMT
x-amz-server-side-encryption: AES256
etag: "6b6fdfba73cbc7cad1164a06e7ba471b"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SvS5z6BO8ImQf-6_zKEJWqf_aScILSbKjWXSB-ZIUAB_2fOamogsUA==
cf-cache-status: HIT
age: 443
expires: Sat, 23 Sep 2023 18:19:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=5TJB80vN4Tk6NhgbRon_nDXwAozdkReA8rYhXTU7vUI-1695478766-0-AaFVRy6PK0/71FepLlRUPlzChOg4FMlzgEmnuVTmM4+IjOMNUl/5YhQnEG69MJJw6jJxlF62lFTp8/yg3ws3Ilo=; path=/; expires=Sat, 23-Sep-23 14:49:26 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c336bb056a8-OSL
X-Firefox-Spdy: h2
|
|
| content.quickencompare.com/refily/property_progress_percent.png | 104.18.28.109 | 200 OK | 13 kB |
URL GET HTTP/2content.quickencompare.com/refily/property_progress_percent.png IP104.18.28.109:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File typePNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced\012- data Hash1cc128d542f50dda4737c738da7d124d 10675eab6e3f889f04a8947e55199a86091c4204 652047df21d9319ec5c7b89552ecfa361c941cc946efcade45ab211ffe20cddd
GET /refily/property_progress_percent.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: image/png
content-length: 12593
last-modified: Thu, 07 Sep 2023 16:30:01 GMT
x-amz-server-side-encryption: AES256
etag: "1cc128d542f50dda4737c738da7d124d"
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SM_v2DQtZ6_lMVTrn-Fvvn9gQZFmdhjql6B4xd0L26t7RwmgTAAmMQ==
cf-cache-status: HIT
age: 443
expires: Sat, 23 Sep 2023 18:19:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=KBPCS04KGiMoioNMJgdCV_nlDfbLH_WpXt2m1e5lJBQ-1695478766-0-AXGpgWWOJDIYrPj8ZiRwAT3xzr8G93/3TFfZBnSGxrPZFX9XFBBJKD2XjSNTxAitCspzktav2wNJ5Ge5axnP8Ts=; path=/; expires=Sat, 23-Sep-23 14:49:26 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c336bae56a8-OSL
X-Firefox-Spdy: h2
|
|
| content.quickencompare.com/refily/Refily.png | 104.18.28.109 | 200 OK | 6.5 kB |
URL GET HTTP/2content.quickencompare.com/refily/Refily.png IP104.18.28.109:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File typePNG image data, 151 x 100, 8-bit/color RGBA, non-interlaced\012- data Hashdf9a33f17dfc149b279fd77bc757293d 74c8a5433300453cd14a64bf3983ffc040465741 ad5d2a35d85361d7a35f97cb98fbffb2e831bd0ada4e603d381f89c636e5f1cd
GET /refily/Refily.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: image/png
content-length: 6523
last-modified: Thu, 07 Sep 2023 16:30:01 GMT
x-amz-server-side-encryption: AES256
etag: "df9a33f17dfc149b279fd77bc757293d"
x-cache: Hit from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: PMQrh0lUkjal15FOdeweAb9cVFWmYfJpqMyApVUJKnUOCCqmdlK8uA==
cf-cache-status: HIT
age: 443
expires: Sat, 23 Sep 2023 18:19:26 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=GCDDH.VQqAk8.oHtHjglc4oxCf3cArBdkmsjHXoaWiI-1695478766-0-AWSCGO2pqdksYJLgCTHYbdFwpAO1LjXQHJ10A0+dR5HGJdqlueq2ecf92kUUpMk0MofkZSZ7GMqBwdX05yooZ2Y=; path=/; expires=Sat, 23-Sep-23 14:49:26 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c336ba756a8-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash2a9cb3694beef11368f7284821163a4d 32d723fad91ccd0c154e5d7e489266cfe596aa61 08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 | 216.58.207.227 | 200 OK | 33 kB |
URL GET HTTP/2fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP216.58.207.227:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint3D:35:56:30:C0:0F:0C:7F:20:BA:7D:A8:48:DB:24:1B:15:F5:48:27 ValidityMon, 04 Sep 2023 08:23:09 GMT - Mon, 27 Nov 2023 08:23:08 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 33092, version 1.0\012- data Hash057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 12:01:36 GMT
expires: Sat, 21 Sep 2024 12:01:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 94670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash2a9cb3694beef11368f7284821163a4d 32d723fad91ccd0c154e5d7e489266cfe596aa61 08cd4f8a916cab4a520c51bd519209ebe87f4898f10d1f1c968bce537c4d3916
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicBold.woff | 172.64.132.22 | 200 OK | 30 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicBold.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 29480, version 0.0\012- data Hashdbba4f772f875d0f2076cda9feffe2a5 75a35cd7a0ccae0f9083c5808eacbd6cd5960ed0 9d490e0db498039d18b0e482fab817ffea3c14e95dcc21fd4ff1a03b5c265038
GET /s/72205/FuturaCyrillicBold.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: font/woff
content-length: 29480
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "7328-5d73bbd14dee6"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 233306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TuGCsb67016DQ%2BKlOA%2FT2yW5sqbY3gsVC%2F4CYuWh3pH2QTYy6yCpvcc1op6NFPnHUn%2ByUOPG7APpPWxqdlLB6pm5JBBw%2BAqlQKavjvYWno0d7zdkDNZEaADV9m0pctTcO1lJKic%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c355d895318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicHeavy.woff | 172.64.132.22 | 200 OK | 29 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicHeavy.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 28872, version 0.0\012- data Hash9769913239251188330d1e78e233433f 3516c88f276c67a2956e9d8d41916fbdade98df1 4a13903693073d8eefd2bd5bef99029e65013e049aed683d01b65de1930eb58f
GET /s/72205/FuturaCyrillicHeavy.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: font/woff
content-length: 28872
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "70c8-5d73bbd14e2ce"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=USo5GUNw1CKE78EaWoiFCZHnuxQ8mNm7qgt6OZinWGghF4SriEEJeO3u5qz3HrVOFr2JcOUM2jztbQeap2zri%2BJ9CodV5CMQdChT3omgTUHNjE99TJjVvns59skI65KwrA%2B48MQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c355d8e5318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicDemi.woff | 172.64.132.22 | 200 OK | 30 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicDemi.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 29868, version 0.0\012- data Hashaf4ca8b77e1cd08670e9fcc5f94116ac 17ba82a9d4613b333f44005440c1b9961110b619 f8d4d73bd5812288b086f0ae4fdc81905e25c4b994cdff5f46b973fc74fdf00e
GET /s/72205/FuturaCyrillicDemi.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: font/woff
content-length: 29868
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "74ac-5d73bbd14dee6"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 441
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FlgLcFpJZ1Z2DhHEIWQzfSqchwiDsubf2uwZznH42VVDJQM8MwCKTgLWRy49PfZuVFvW%2FGePGfPD6FO2puPYL5EU4siFW5J0n3BL0VwmQepMd3x9MU0F4%2B3JdiTpcOWSNLYNtDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c355d915318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicBook.woff | 172.64.132.22 | 200 OK | 29 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicBook.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 28744, version 0.0\012- data Hash97cce36d2c97b9a022976f1396eb0c5a 477d4e994f9f28f5f0542c6129c3d91c7608a901 f6a30969633fb0124959f5af4efd78b6fd5fe36d5901f36b8d34cf4c33a90b6a
GET /s/72205/FuturaCyrillicBook.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: font/woff
content-length: 28744
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "7048-5d73bbd14dee6"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 233306
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmYi4Xp%2BxJYRm7WHktKA29fyq7yRG%2FaUAVsL7MKrv9fGX%2B5uUv5SXLToKIp3ts8PuK%2BcmM9MbStanE1Ixb0bdt1Fl6mooZBZzFiA1Ewv%2BUb0xbyHrs4VtZB1hTLMbJI4JrKCuvU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c355d965318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash94111c3420bb2c6a13c84437834119c2 a60b1aaa235c754b4f840e14e5c32f3bd1920d3b 9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| home.refily.com/cdn-cgi/rum? | 104.18.8.131 | 204 No Content | 0 B |
URL POST HTTP/2home.refily.com/cdn-cgi/rum? IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
content-type: application/json
Content-Length: 6492
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949|bE:0"; _dd_s=rum=1&id=48638f00-55a7-413b-9b6f-0b5fbf6c05b8&created=1695478767387&expire=1695479667387
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Sat, 23 Sep 2023 14:19:27 GMT
access-control-allow-origin: https://home.refily.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 80b36c37680456af-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash94111c3420bb2c6a13c84437834119c2 a60b1aaa235c754b4f840e14e5c32f3bd1920d3b 9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash94111c3420bb2c6a13c84437834119c2 a60b1aaa235c754b4f840e14e5c32f3bd1920d3b 9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.redditstatic.com/ads/pixel.js | 151.101.129.140 | 200 OK | 7.4 kB |
URL GET HTTP/2www.redditstatic.com/ads/pixel.js IP151.101.129.140:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subjectwww.redditstatic.com Fingerprint5B:10:93:15:D0:06:B8:27:DD:C8:15:7C:8A:49:4B:AD:06:D3:8E:15 ValidityFri, 25 Aug 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT
File typeASCII text, with very long lines (23776) Hash78b6c68984a6ce5b3fcac1c6a9cad00c 02e1d366a17506cea8adfe5a15949aca89719a02 e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 23 Sep 2023 14:19:27 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7409
X-Firefox-Spdy: h2
|
|
| ocsp.starfieldtech.com/ | 192.124.249.22 | | 2.1 kB |
IP192.124.249.22:0
Hashe13eb917efd8fbc85ffce682c8828081 be0215f3e4c3e0eef0919d58034913f81ded1b9e 1bf2086f3caeefd6a0d90c2ed0117c7232ad5d535bc2670a58c57359df6a2ac8
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 23 Sep 2023 14:19:27 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 22 Sep 2023 22:07:10 GMT
Expires: Sat, 23 Sep 2023 22:07:10 GMT
ETag: "be0215f3e4c3e0eef0919d58034913f81ded1b9e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
|
|
| www.googletagmanager.com/gtag/js?id=AW-319191520 | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=AW-319191520 IP142.250.74.168:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18 ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File typeASCII text, with very long lines (4179) Hash045b62237cb8d82db1e56ea6d916233b cd2084a0acc1e70eb2c1526099b5d9675eb20801 c53e80799f9fe9745e60883bd1246f47b2142ba66b010e30c03fff5bbeb68f68
GET /gtag/js?id=AW-319191520 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:19:27 GMT
expires: Sat, 23 Sep 2023 14:19:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74930
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-320492720 | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=AW-320492720 IP142.250.74.168:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18 ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File typeASCII text, with very long lines (4179) Hashc6c4503a760509c1534a818ed7faa24e b794e1a04b831404a6e21a13cfeb9ff303d63d30 0a37fa778ddf0bbfa65457c6379373da40c2d9cfd52e592b65d3dd967dc2f2e5
GET /gtag/js?id=AW-320492720 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:19:27 GMT
expires: Sat, 23 Sep 2023 14:19:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75030
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=AW-10865694633 | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=AW-10865694633 IP142.250.74.168:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18 ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File typeASCII text, with very long lines (4179) Hash3918553d08b9d3b9819501b98e3359e5 1ec1e88a32a638ee6a63965b10439b09c826240d 81ae99c5c9ac1f7ca4b16ab42ce3c83a5988084ec84d98fb157c9345265fa5c5
GET /gtag/js?id=AW-10865694633 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:19:27 GMT
expires: Sat, 23 Sep 2023 14:19:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74856
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash94111c3420bb2c6a13c84437834119c2 a60b1aaa235c754b4f840e14e5c32f3bd1920d3b 9f0636387ba07be147b51285a1e30b77ad2e4e77126f1c1082775fd981b32d78
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.r2m01.amazontrust.com/ | 143.204.48.16 | | 471 B |
URL ocsp.r2m01.amazontrust.com/ IP143.204.48.16:0
Hashf65b0f7fa6fff85817b41a73048b8123 c76dfef9e6e7896ba4ebe136b6664a1531cd3a9d 24384cdee5cac3c2fd1814a42dfc1364d72ce60ce9244ee72870a8505d38b9c4
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 23 Sep 2023 14:19:27 GMT
Last-Modified: Sat, 23 Sep 2023 13:10:12 GMT
Server: ECAcc (ska/F791)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CjczdFzu6ueYKJxOY5D6EF9N8N3mmD_esN3iEiwAtWX5G03MBdAwpA==
Age: 4155
|
|
| www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 75 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint00:ED:16:68:8D:DB:14:8B:43:01:81:CA:83:9A:AE:5B:24:AB:11:18 ValidityMon, 04 Sep 2023 08:17:06 GMT - Mon, 27 Nov 2023 08:17:05 GMT
File typeASCII text, with very long lines (4179) Hash7bad843690fe49c8c26d845a9ce1827b 9e41556c8ff9534429aab446de10daa9b59feb08 50d30dec69e2da847665bd4eee66f9552c70e46960cac5f2519c9d3d7e050f8c
GET /gtag/destination?id=AW-320492720&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 23 Sep 2023 14:19:27 GMT
expires: Sat, 23 Sep 2023 14:19:27 GMT
cache-control: private, max-age=900
last-modified: Sat, 23 Sep 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75123
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| ocsp.sectigo.com/ | 104.18.14.101 | | 472 B |
IP104.18.14.101:0
Hashae1008210e03a39906760e826f3eb5c6 5d9f82d5b0268e67489615be7f0001629b025662 68145f1a3f5f6eb3a263255b8d7f834c958ac8dcb6f9b36138fc1ffc6720f61e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 23 Sep 2023 14:19:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 21 Sep 2023 23:11:04 GMT
Expires: Thu, 28 Sep 2023 23:11:03 GMT
Etag: "5d9f82d5b0268e67489615be7f0001629b025662"
Cache-Control: max-age=464468,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80b36c39a97856b9-OSL
|
|
| pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1695478767848&location=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= | 5.9.124.242 | 200 OK | 46 B |
URL GET HTTP/2pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1695478767848&location=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= IP5.9.124.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerSectigo Limited Subject*.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash118ec72a82eaf068f56739623c7d4060 acbe52199a143d41ac82508567f85cd9b7ca6a44 d142d5d8b875eb418f57b4e2a95075775a8d24decef45fa0c11a8f398f9c10d1
GET /track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1695478767848&location=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= HTTP/1.1
Host: pix.revjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home.refily.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: text/javascript
content-length: 46
set-cookie: trx=4787106513420869790; Max-Age=63072000; Expires=Mon, 22 Sep 2025 14:19:27 GMT; Path=/; Domain=.revjet.com; Secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767837 | 3.233.153.140 | 200 OK | 2 B |
URL POST HTTP/2rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767837 IP3.233.153.140:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File typeJSON data\012- , ASCII text, with no line terminators Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767837 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15993
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 | 207.189.124.43 | 200 | 4.9 kB |
URL GET HTTP/1.1a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 IP207.189.124.43:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerSectigo Limited Subject*.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT
Hashd0c18a5bc61a0aef3d06347d9d7ad2d4 173e09fe101ef7532d7335045dc60d119704e4c3 36a0fd2ae88140ebc59ffa85808f3d1fe8659fbeb64a58acb23df06e685c4d8c
GET /cdnr/forpci43/acton/bn/tracker/44325 HTTP/1.1
Host: a44325.actonservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/"
Set-Cookie: wp44325="XXWVYDDDDDDIBUCBZJU-ZWHM-XWJT-HUWY-ACZUKTVCZZHHDgNssDDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1
Content-Type: application/javascript;charset=utf-8
Content-Length: 4850
Date: Sat, 23 Sep 2023 14:19:27 GMT
X-Cnection: close
Strict-Transport-Security: max-age=16070400
|
|
| rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767397 | 3.233.153.140 | 200 OK | 2 B |
URL POST HTTP/2rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767397 IP3.233.153.140:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File typeJSON data\012- , ASCII text, with no line terminators Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478767397 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15989
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| ocsp.r2m01.amazontrust.com/ | 143.204.48.16 | | 471 B |
URL ocsp.r2m01.amazontrust.com/ IP143.204.48.16:0
Hashba2184356ea19ca203fd87764b11aaa3 c7567e25726b96a2f696350484e5ce8ec66c1700 826a1ba014ef55ed8bd127b6375c6e308cd6c0f989e4ffbf532eae9dd3e9a769
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 23 Sep 2023 14:19:27 GMT
Last-Modified: Sat, 23 Sep 2023 13:07:23 GMT
Server: ECAcc (amb/6AD5)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TAoAtvZtZndV8x25nNoaSSTO1rmfnMKbkR2J923ZTZjlOdmwq5sopQ==
Age: 4324
|
|
| a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&ref=&v=2&ts=1695478767450&nc=0 | 207.189.124.43 | 200 | 43 B |
URL GET HTTP/1.1a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&ref=&v=2&ts=1695478767450&nc=0 IP207.189.124.43:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerSectigo Limited Subject*.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 1\012- data Hashf7f26805de1a1f270e665bf7873d7e19 c32085898c6e36d361d4b8017087de90e1b8465c 2188414d64d2930eb54f4731b6eb9a931358ba625d1cd7535a889409218609d2
GET /acton/bn/44325?target=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&ref=&v=2&ts=1695478767450&nc=0 HTTP/1.1
Host: a44325.actonservice.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: wp44325="XXWVYDDDDDDIBUCBZJU-ZWHM-XWJT-HUWY-ACZUKTVCZZHHDgNssDDD"
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Set-Cookie: wp44325="XXWVYDDDDDDIBUCBZJU-ZWHM-XWJT-HUWY-ACZUKTVCZZHHDMCZAKJWC-ZKLL-XCCH-CHTB-IBBUUBWZZCBKDkLMpsR_JhtDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1
P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/"
Content-Type: image/gif
Content-Length: 43
Date: Sat, 23 Sep 2023 14:19:27 GMT
X-Cnection: close
Strict-Transport-Security: max-age=16070400
Vary: Accept-Encoding
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashec7e4fa5141f5c291141f904d913eb18 a1d02556789afef84c5c74b80eb45cd1604c3c70 9d7147857b1d24f497c88bbb8edb50fa9e27d8abbf81a4156bb5f97cfaf977aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 23 Sep 2023 14:19:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| bat.bing.com/bat.js | 13.107.21.200 | 200 OK | 13 kB |
IP13.107.21.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerMicrosoft Corporation Subjectwww.bing.com FingerprintCD:30:E8:F8:D2:A7:C2:85:A1:F7:A2:2E:B6:B3:FD:F9:08:FA:31:D1 ValidityWed, 26 Jul 2023 23:57:23 GMT - Mon, 22 Jan 2024 23:57:23 GMT
File typeUnicode text, UTF-8 text, with very long lines (45258), with no line terminators Hash5758d3b139bb81813a6232bbe21aeb9d 38c60cad0b17319248f863554edc11dae82a8424 a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 12981
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ranges: bytes
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C3FB47167EEA4A4C80E0F3942A9195B7 Ref B: OSL30EDGE0219 Ref C: 2023-09-23T14:19:28Z
date: Sat, 23 Sep 2023 14:19:27 GMT
X-Firefox-Spdy: h2
|
|
| www.google.com/pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 | 142.250.74.132 | 302 Found | 63 B |
URL GET HTTP/2www.google.com/pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP142.250.74.132:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintD2:77:FE:08:C6:61:6A:42:5C:1F:85:13:DA:23:B2:B8:46:20:45:88 ValidityMon, 04 Sep 2023 08:23:29 GMT - Mon, 27 Nov 2023 08:23:28 GMT
File typeASCII text, with no line terminators Hashad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
GET /pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 23 Sep 2023 14:19:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| content.enhancedrefinow.com/lre/favicon.ico | 104.18.5.105 | | 1.4 kB |
URL GET content.enhancedrefinow.com/lre/favicon.ico IP104.18.5.105:0
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File typegzip compressed data, from Unix\012- data Hashf52b1f7473f28a5a897da4ca2bac1b6a 46d8c8ce1d1593223ce41c78a25633505cf6afdb e6ca4f9df43afa91cb44b661988c750ef5dd02c37e56d12e54ad4138c38c1b6d
GET /lre/favicon.ico HTTP/1.1
Host: content.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=PPp8p5lrHv6N632cNBv7ziBrfgICCpsnSyOQ32zPz4s-1695478766-0-ARJujD4cxCuU0KsuNOEDgu+UDdcOEt9AImZFNiY8uSxmD5iRr6IPdYSSjqPMYX/gh244JZLxUosV8lS5quS1o0E=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 07 Sep 2023 16:29:59 GMT
x-amz-server-side-encryption: AES256
etag: W/"89bc42e3115e844dd692674ac4de5429"
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: o7OwaQpnhzIurOz_8aSPj1-XIr20Q9TXMM8wEy3JSvxN1kMh7G1x7w==
cf-cache-status: HIT
age: 442
expires: Sat, 23 Sep 2023 18:19:28 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c3d0866b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| home.refily.com/track | 104.18.8.131 | 200 OK | 29 kB |
IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
File typegzip compressed data, from Unix\012- data Hash987629d6ac1f04666bd244174b2c7bb7 b0a72e89984ef93029951d04e8c80cc96730ee01 5f4360aa702d187ef905532c67cdda16392f5d41829e1e6e9aa48b84a2e73e62
POST /track HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
Content-Type: application/json
Content-Length: 465
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949|bE:0"; _dd_s=rum=1&id=48638f00-55a7-413b-9b6f-0b5fbf6c05b8&created=1695478767387&expire=1695479667387; _rdt_uuid=1695478767563.d01df27b-11ab-4686-b28d-8bd5d0eccfeb; _gcl_au=1.1.152001604.1695478768
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
etag: W/"f6-vara537zPnTOWSTtHnb8jRb4KYI"
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c3abb7e56af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicBold.woff | 172.64.132.22 | 200 OK | 30 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicBold.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 29480, version 0.0\012- data Hashdbba4f772f875d0f2076cda9feffe2a5 75a35cd7a0ccae0f9083c5808eacbd6cd5960ed0 9d490e0db498039d18b0e482fab817ffea3c14e95dcc21fd4ff1a03b5c265038
GET /s/72205/FuturaCyrillicBold.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: font/woff
content-length: 29480
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "7328-5d73bbd14dee6"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 233308
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kvfxx%2BTpHdUso7I%2FTfmu77jmSqDI0p3JV%2FwWrKoacC3ezcrjKEW0oaZmdfcfF5%2F5neWepGcCjfcu09AYzJvT32uAwBBU6QAccvAMIYFESM4VnnAICYbO2O2V7jo4NsTMPWR1Pq0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c3dde3a5318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicDemi.woff | 172.64.132.22 | 200 OK | 30 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicDemi.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 29868, version 0.0\012- data Hashaf4ca8b77e1cd08670e9fcc5f94116ac 17ba82a9d4613b333f44005440c1b9961110b619 f8d4d73bd5812288b086f0ae4fdc81905e25c4b994cdff5f46b973fc74fdf00e
GET /s/72205/FuturaCyrillicDemi.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: font/woff
content-length: 29868
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "74ac-5d73bbd14dee6"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 443
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8VF%2FYp2%2FjMtGFyZNIURXH3qM7a8O%2FxpqII9%2Bmzdy0C1kmL%2FyXKC3jiFTQdfk0P4uvOEShtwh%2FcHK9DhNc9FbQabWKQ5tgEHR7ZdiBxjpLqs2ilgCUw%2FBUkLeF74RkWG7Wf80M1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c3dde375318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| fonts.cdnfonts.com/s/72205/FuturaCyrillicHeavy.woff | 172.64.132.22 | 200 OK | 29 kB |
URL GET HTTP/3fonts.cdnfonts.com/s/72205/FuturaCyrillicHeavy.woff IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeWeb Open Font Format, TrueType, length 28872, version 0.0\012- data Hash9769913239251188330d1e78e233433f 3516c88f276c67a2956e9d8d41916fbdade98df1 4a13903693073d8eefd2bd5bef99029e65013e049aed683d01b65de1930eb58f
GET /s/72205/FuturaCyrillicHeavy.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: font/woff
content-length: 28872
last-modified: Sat, 05 Feb 2022 02:00:58 GMT
etag: "70c8-5d73bbd14e2ce"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 443
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSGSm3GdUu4Bcumi%2BmNr%2BPMsovZyj3VN153hTcnydWIctibK1U6W4pgo3A5DMmIGhiqKPNgc%2B9kKzN%2BJijm5ggMWlbvyMl7cSZWp2xbpmse%2FV%2B4RZ3Ih2RG71vN5h0zvZRbQRVM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c3dde385318-LHR
alt-svc: h3=":443"; ma=86400
|
|
| www.lmbahsj2.com/sdk/click?effp=960fc666d9314c5d39c44d1cb505b6c3&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2&oid=155&affid=809&__cc=&async=json | 35.201.76.131 | 200 OK | 87 B |
URL GET HTTP/3www.lmbahsj2.com/sdk/click?effp=960fc666d9314c5d39c44d1cb505b6c3&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2&oid=155&affid=809&__cc=&async=json IP35.201.76.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
File typeJSON data\012- , ASCII text Hash5f93187f0737491fb358df0dfb80e84e 12a71551652d6f65847a753d13af6c45a008d458 1393fae430464ed094220115e6111f0fb4effad1c764dd14549763ff5b6d256b
GET /sdk/click?effp=960fc666d9314c5d39c44d1cb505b6c3&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2&oid=155&affid=809&__cc=&async=json HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: application/json; charset=utf-8
content-length: 87
accept-ch: Sec-Ch-Ua-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://home.refily.com
set-cookie: uniqueClick=4fb4b091-ad00-46e8-b5ac-75d4aa78110e:1695478768; Path=/; Expires=Sun, 24 Sep 2023 14:19:28 GMT; Secure; SameSite=None
transaction_id=bc805b829ef849478351eeabe32f80e2; Path=/; Expires=Fri, 22 Dec 2023 14:19:28 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: a51755a1-d360-4630-a34e-479b8bef7b6e
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| home.refily.com/refily/gosPrediction | 104.18.8.131 | 200 OK | 248 B |
URL GET HTTP/2home.refily.com/refily/gosPrediction IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
File typeJSON data\012- , ASCII text, with very long lines (1384), with no line terminators Hashd4b60b5cf518f759f6975cef6b9c685c 05446b51bb3bfb11eb226bff4f1b7337094662e4 7b3a9bc6c683928d32120c5a555ae74deb6c625d08922ee8d1bc813e3587680b
GET /refily/gosPrediction HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949|bE:0"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
etag: W/"568-BURrUbs7+xHrImv/TxtzNwlGYuQ"
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c367f0a56af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| bat.bing.com/p/action/146000783.js | 13.107.21.200 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/p/action/146000783.js IP13.107.21.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerMicrosoft Corporation Subjectwww.bing.com FingerprintCD:30:E8:F8:D2:A7:C2:85:A1:F7:A2:2E:B6:B3:FD:F9:08:FA:31:D1 ValidityWed, 26 Jul 2023 23:57:23 GMT - Mon, 22 Jan 2024 23:57:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/146000783.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A0DEAA3E9969418293768F1C30E63EB5 Ref B: OSL30EDGE0219 Ref C: 2023-09-23T14:19:28Z
date: Sat, 23 Sep 2023 14:19:27 GMT
X-Firefox-Spdy: h2
|
|
| s.yimg.com/wi/ytc.js |  87.248.119.252 | 200 OK | 6.7 kB |
IP87.248.119.252:443 ASN#203220 Yahoo! UK Services Limited
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.api.fantasysports.yahoo.com FingerprintD6:E7:13:87:6C:E1:5F:B5:1D:9F:17:BA:11:11:85:39:2B:E6:75:97 ValidityMon, 14 Aug 2023 00:00:00 GMT - Wed, 04 Oct 2023 23:59:59 GMT
File typegzip compressed data, from Unix\012- data Hash22333c1ea291859c80ca181c0909e623 4ffe34279892eeaf1dc08bbb28c980fc68b7b61b 4eb29588f997958ea7efce9ceba69c41cf0657d982a082521103d93ac67ff60b
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home.refily.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: F3Cvcd8nMPU6zsdWv11r70RAKKS87wJ3n/6ifJtZU7DzlKSPQQ+Uf6C4dzv1NER09cnkcGoyvMM=
x-amz-request-id: V8EVRMHWP18Q9CGZ
date: Sat, 23 Sep 2023 14:18:48 GMT
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "5c6ed25dce803fd84288922b8928409e-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 42
content-encoding: gzip
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| www.google.no/pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y | 142.250.74.163 | 200 OK | 63 B |
URL GET HTTP/2www.google.no/pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y IP142.250.74.163:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subject*.google.no FingerprintF8:21:85:85:E7:A3:F0:03:9E:50:77:60:8D:CB:66:7C:41:ED:3D:28 ValidityMon, 04 Sep 2023 08:25:22 GMT - Mon, 27 Nov 2023 08:25:21 GMT
File typeASCII text, with no line terminators Hashad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
GET /pagead/1p-conversion/320492720/?random=1695478767747&cv=11&fst=1695478767747&bg=ffffff&guid=ON&async=1>m=45be39k2&u_w=1280&u_h=1024&url=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=Refily>m_ee=1&auid=152001604.1695478768&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 23 Sep 2023 14:19:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap | 142.250.74.106 | 200 OK | 1.3 kB |
URL GET HTTP/2fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap IP142.250.74.106:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49 ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT
File typegzip compressed data, max compression\012- data Hashc713706ec96b2d8c92a46f6e83fcbafa 8890f95d789337d3ced1d6c7503a27ae26436a9d 2a35e05484e21168911c3eb1efed957c67c1a5c0568c21db3517837d3636057c
GET /css2?family=Montserrat:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 23 Sep 2023 14:19:25 GMT
date: Sat, 23 Sep 2023 14:19:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| s.yimg.com/wi/config/10194306.json | 87.248.119.252 | 200 OK | 46 B |
URL GET HTTP/2s.yimg.com/wi/config/10194306.json IP87.248.119.252:443 ASN#203220 Yahoo! UK Services Limited
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.api.fantasysports.yahoo.com FingerprintD6:E7:13:87:6C:E1:5F:B5:1D:9F:17:BA:11:11:85:39:2B:E6:75:97 ValidityMon, 14 Aug 2023 00:00:00 GMT - Wed, 04 Oct 2023 23:59:59 GMT
File typeJSON data\012- , ASCII text, with no line terminators Hash87d7a3e6ca5844729c849e28a1fdffda cf1c60dd594971896ff423177ad4991403928429 e8a12726ee07f3a17f43d5715b0f1c49c2548baf3ce450d2880701034c75700b
GET /wi/config/10194306.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Referer: https://home.refily.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: /lPPFOibiN9zXNjrV+Vl+lCEMCjm8ETsq8FjtmUCqyTsKjJz4oYmUxGZqN3W7zxXSenUNg2hMPg=
x-amz-request-id: 4W35DRA81EC7Y3G8
date: Sat, 23 Sep 2023 00:54:05 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Fri, 10 Feb 2023 01:56:42 GMT
x-amz-expiration: expiry-date="Sun, 17 Mar 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "87d7a3e6ca5844729c849e28a1fdffda"
x-amz-server-side-encryption: AES256
x-amz-version-id: caWlnPRZagqXTTF0U2Zwjhe.y6yunTI1
accept-ranges: bytes
content-type: application/json
server: ATS
content-length: 46
referrer-policy: no-referrer-when-downgrade
age: 48324
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478768912 | 3.233.153.140 | 200 OK | 2 B |
URL POST HTTP/2rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478768912 IP3.233.153.140:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File typeJSON data\012- , ASCII text, with no line terminators Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-GJO8MJ711&batch_time=1695478768912 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 16174
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| www.lmbahsj2.com/scripts/sdk/everflow.js | 35.201.76.131 | 200 OK | 61 kB |
URL GET HTTP/2www.lmbahsj2.com/scripts/sdk/everflow.js IP35.201.76.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/sdk/everflow.js HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: text/javascript
accept-ch: Sec-Ch-Ua-Platform-Version
cache-control: max-age=14400
vary: Origin
x-eflow-request-id: b4190513-7fea-4458-8b79-29bd9eefccca
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ads.revjet.com/analytics?acu=6680 | 5.9.137.78 | 200 OK | 20 kB |
URL GET HTTP/2ads.revjet.com/analytics?acu=6680 IP5.9.137.78:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerSectigo Limited Subject*.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT
File typeASCII text, with very long lines (1311) Hash26ec352468322f70910e03feb9b8b8fb 18878e8adcd809ad7a4850c8698efd24b22c04e5 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb
GET /analytics?acu=6680 HTTP/1.1
Host: ads.revjet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home.refily.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/javascript
last-modified: Fri, 14 Apr 2023 16:05:35 GMT
etag: W/"643979cf-4c14"
expires: Sat, 23 Sep 2023 14:29:27 GMT
cache-control: max-age=600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| script.anura.io/response.json | 13.40.91.234 | 200 OK | 151 B |
URL POST HTTP/2script.anura.io/response.json IP13.40.91.234:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerAmazon Subjectscript.anura.io Fingerprint00:49:D0:33:40:DB:54:FC:F3:AC:1E:42:4F:49:8F:4B:46:5A:A8:66 ValidityMon, 12 Jun 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash5a1504178f8df72766c433c4432b9cd9 f55ac02894a1bd3dc39370194551bee88ac20a60 f1187f9bb1579fb6cdcbf8baf30616eb86ad5e43d1b42c26a846aa46cbcb1193
POST /response.json HTTP/1.1
Host: script.anura.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 5238
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: application/json; charset=utf-8
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: POST
expires: Sun, 28 Dec 1980 18:57:00 EST
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| bat.bing.com/action/0?ti=146000783&Ver=2&mid=d564ceef-7a38-4205-8bc6-ac137295ef3d&sid=34bec2d05a1c11ee97607f70ba77b971&vid=34beea105a1c11ee8f62231762c70050&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Refily&kw=refinance,%20mortgage,%20mortgages,%20refinancing,%20mortgage%20rates,%20refinance%20mortgage,%20refinance%20rates,%20refinancing%20rates,%20refinancing%20home,%20home%20loan,%20home%20loans,%20equity%20loans,%20home%20equity%20loans,%20home%20equity%20loan,%20second%20mortgage,%20home%20equity%20loan%20rates,%20credit%20card%20consolidation,%20debt%20loans,%20credit%20card%20debt%20consolidation,%20bad%20credit%20loans,%20debt%20free,%20bad%20credit,%20debt%20help,%20debt%20solutions,%20money%20management,%20credit%20card%20debt,%20personal%20loan,%20bad%20credit%20mortgage,%20mortgage%20calculator&p=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&r=<=4277&evt=pageLoad&sv=1&rn=407723 | 13.107.21.200 | 204 No Content | 0 B |
URL GET HTTP/2bat.bing.com/action/0?ti=146000783&Ver=2&mid=d564ceef-7a38-4205-8bc6-ac137295ef3d&sid=34bec2d05a1c11ee97607f70ba77b971&vid=34beea105a1c11ee8f62231762c70050&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Refily&kw=refinance,%20mortgage,%20mortgages,%20refinancing,%20mortgage%20rates,%20refinance%20mortgage,%20refinance%20rates,%20refinancing%20rates,%20refinancing%20home,%20home%20loan,%20home%20loans,%20equity%20loans,%20home%20equity%20loans,%20home%20equity%20loan,%20second%20mortgage,%20home%20equity%20loan%20rates,%20credit%20card%20consolidation,%20debt%20loans,%20credit%20card%20debt%20consolidation,%20bad%20credit%20loans,%20debt%20free,%20bad%20credit,%20debt%20help,%20debt%20solutions,%20money%20management,%20credit%20card%20debt,%20personal%20loan,%20bad%20credit%20mortgage,%20mortgage%20calculator&p=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&r=<=4277&evt=pageLoad&sv=1&rn=407723 IP13.107.21.200:443 ASN#8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerMicrosoft Corporation Subjectwww.bing.com FingerprintCD:30:E8:F8:D2:A7:C2:85:A1:F7:A2:2E:B6:B3:FD:F9:08:FA:31:D1 ValidityWed, 26 Jul 2023 23:57:23 GMT - Mon, 22 Jan 2024 23:57:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=146000783&Ver=2&mid=d564ceef-7a38-4205-8bc6-ac137295ef3d&sid=34bec2d05a1c11ee97607f70ba77b971&vid=34beea105a1c11ee8f62231762c70050&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Refily&kw=refinance,%20mortgage,%20mortgages,%20refinancing,%20mortgage%20rates,%20refinance%20mortgage,%20refinance%20rates,%20refinancing%20rates,%20refinancing%20home,%20home%20loan,%20home%20loans,%20equity%20loans,%20home%20equity%20loans,%20home%20equity%20loan,%20second%20mortgage,%20home%20equity%20loan%20rates,%20credit%20card%20consolidation,%20debt%20loans,%20credit%20card%20debt%20consolidation,%20bad%20credit%20loans,%20debt%20free,%20bad%20credit,%20debt%20help,%20debt%20solutions,%20money%20management,%20credit%20card%20debt,%20personal%20loan,%20bad%20credit%20mortgage,%20mortgage%20calculator&p=https%3A%2F%2Fhome.refily.com%2F%3Fmoid%3D314646%26sourceid%3Daffl_everflow_lre-rfl_155_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3Dbc805b829ef849478351eeabe32f80e2%26sid%3D155%26cmpid%3D155%26crtid%3D%26oid%3D155%26affid%3D809%26_ef_transaction_id%3Dbc805b829ef849478351eeabe32f80e2&r=<=4277&evt=pageLoad&sv=1&rn=407723 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2FEEA4F889DF63EC2C5EB76D882A622E; domain=.bing.com; expires=Thu, 17-Oct-2024 14:19:28 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 50A47066B97642848C2CB7BB7A7AC2C6 Ref B: OSL30EDGE0219 Ref C: 2023-09-23T14:19:28Z
date: Sat, 23 Sep 2023 14:19:27 GMT
X-Firefox-Spdy: h2
|
|
| fonts.cdnfonts.com/css/futura-pt | 172.64.132.22 | 200 OK | 1.2 kB |
URL GET HTTP/2fonts.cdnfonts.com/css/futura-pt IP172.64.132.22:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerGoogle Trust Services LLC Subjectcdnfonts.com Fingerprint31:06:9C:88:D6:68:1E:D9:01:CF:B7:2B:48:09:7F:C6:93:13:B5:3C ValidityFri, 04 Aug 2023 05:27:26 GMT - Thu, 02 Nov 2023 05:27:25 GMT
File typeASCII text, with very long lines (1192), with no line terminators Hash5aef002cbffb3eacc4603ee91ee618e3 bf7a337641916d0e508f081338afdbe63fcea6d3 70e8b95f4865beeb114ddd32fe21337ea0d1b823396a367cfcbd9910edb9648f
GET /css/futura-pt HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: text/css;charset=UTF-8
cf-bgj: minify
cf-polished: origSize=1425
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 28445050
last-modified: Sat, 29 Oct 2022 08:55:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwiKbnkyr33CCBhZyCtzWb%2B6ho16V322BHpYoM2u1utM5Y7Ilm9poA6%2BLRFzsA%2FD93Q8aaTZ3LO838%2BqGBtKcszNDtgJy7DT89%2BSQbvdClEjVEm5uyfxtHH%2F9dylHi3GfpSQq4M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-origin: *
server: cloudflare
cf-ray: 80b36c2b4d487735-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| home.refily.com/visitor | 104.18.8.131 | 200 OK | 232 B |
IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashd241df32f1fb20ad04f735f2206bcaef 5491d8129e3751ab25fecba72ea568498057af48 4e88ef134b5fd10997580193e98922f441bacbced381a76aac3c2cf6e3c62df4
POST /visitor HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
Content-Type: application/json
Content-Length: 1440
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|bE:0"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
etag: W/"e8-ES87QlNnSxXoUZ9Z53N6edX+hvA"
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c358def56af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| home.refily.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled | 104.18.8.131 | 200 OK | 4 B |
URL GET HTTP/2home.refily.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
File typeASCII text, with no line terminators Hashb326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /app-configuration/?path=/lendingLeadGen/fraud/anura/enabled HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949|bE:0"; _dd_s=rum=1&id=48638f00-55a7-413b-9b6f-0b5fbf6c05b8&created=1695478767387&expire=1695479667387
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:28 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c37881756af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js | 104.18.5.105 | 200 OK | 619 kB |
URL GET HTTP/2static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js IP104.18.5.105:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
Size619 kB (618569 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /vendor.67a1d66e4ad0509192e9.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: application/javascript
last-modified: Thu, 03 Aug 2023 08:08:59 GMT
etag: W/"0e80b2b8d6f895c55fb9aefe511479b6"
x-amz-server-side-encryption: AES256
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a30105057fbcc8761b99df13f333a9ea.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: YjcWLhYR0UzQ_vqTosjuAnXHntCF1R4HkhH9OzIjxUldJTPhjoyo-Q==
cf-cache-status: HIT
age: 442
expires: Sat, 23 Sep 2023 18:19:25 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=1uO8aRqc86aJuBkS.m_FkACl54eauY0S9oGqbtVWWHQ-1695478765-0-AY1mjX7eW1ltOqVpc0fhAxExWkYKLOtTQPYNvVEoCuJdDGK2dKCGNeSIBKIw9rfngzeZ/CxGPlUBInjku/RF0Lk=; path=/; expires=Sat, 23-Sep-23 14:49:25 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c2ab9fbb4f3-OSL
X-Firefox-Spdy: h2
|
|
| cdn-refinance.enhancedrefinow.com/pixel-9890b8c02b16d2973025.js | 104.18.5.105 | 200 OK | 153 kB |
URL GET HTTP/2cdn-refinance.enhancedrefinow.com/pixel-9890b8c02b16d2973025.js IP104.18.5.105:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators Size153 kB (152763 bytes) Hashb58411c17f63092283c63aa026938cfe 507fb82597b91f891e96ce826e0a6402b57efb9d 838b45d826805c2d218206623c36748faf484052088614761888bf2018b785c6
GET /pixel-9890b8c02b16d2973025.js HTTP/1.1
Host: cdn-refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:26 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: public, max-age=14400
last-modified: Sat, 23 Sep 2023 00:03:07 GMT
etag: W/"254bb-18abf58dea4"
cf-cache-status: MISS
expires: Sat, 23 Sep 2023 18:19:26 GMT
set-cookie: __cf_bm=PPp8p5lrHv6N632cNBv7ziBrfgICCpsnSyOQ32zPz4s-1695478766-0-ARJujD4cxCuU0KsuNOEDgu+UDdcOEt9AImZFNiY8uSxmD5iRr6IPdYSSjqPMYX/gh244JZLxUosV8lS5quS1o0E=; path=/; expires=Sat, 23-Sep-23 14:49:26 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c2ab9f3b4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ads.anura.io/showads.js?147351058266 | 54.230.111.27 | 200 OK | 0 B |
URL GET HTTP/2ads.anura.io/showads.js?147351058266 IP54.230.111.27:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerAmazon Subjectads.anura.io Fingerprint69:66:FA:26:E2:E4:89:00:9A:F7:DE:2C:F6:5A:C2:B9:58:04:5D:E6 ValidityTue, 30 May 2023 00:00:00 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /showads.js?147351058266 HTTP/1.1
Host: ads.anura.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://home.refily.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Sep 2023 22:13:37 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _VtMbbkHvTpJWXcLrZJDM4qkG1aWtJuIdhwOjH3m2TYwyHfW4si5Nw==
age: 57950
X-Firefox-Spdy: h2
|
|
| static-lre.refinance.enhancedrefinow.com/manifest.d3b75049d9ef611959f4.js | 104.18.5.105 | 200 OK | 13 kB |
URL GET HTTP/2static-lre.refinance.enhancedrefinow.com/manifest.d3b75049d9ef611959f4.js IP104.18.5.105:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (12636), with no line terminators Hash3d5494fa9061526aac7788f9c2c0cfc8 6e85baa26908d7b17b5068e07c7f7252308b6c96 4f6ea004772b51495744c5712d1ef14397dff020604ff91e1b5361a6aedc4984
GET /manifest.d3b75049d9ef611959f4.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: application/javascript
last-modified: Tue, 05 Sep 2023 07:26:41 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
etag: W/"3d5494fa9061526aac7788f9c2c0cfc8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c1a2760c3f8e9ff8c3652b4d6ff3a906.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: JupdnJ-Mm2YqJvsZ--JJdtKS-ewgO_pQzVB26NC4vuIhWRSIL5tRaA==
cf-cache-status: HIT
age: 442
expires: Sat, 23 Sep 2023 18:19:25 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=Aq2fLM6zHrYNe6udcBTXsd4RT0dCuebXMyoN2VrVzic-1695478765-0-AXni4wp4lvc7raPZTLr1KGM8EQUa1xjeVZsj8AgyO/mFdHUjhrvZ1rM3uj9d23dUW+s0n3gZhHWCJWVC2g29G3A=; path=/; expires=Sat, 23-Sep-23 14:49:25 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c2aca03b4f3-OSL
X-Firefox-Spdy: h2
|
|
| static-lre.refinance.enhancedrefinow.com/main.beeac9c60f11ef610c23.css | 104.18.5.105 | 200 OK | 170 kB |
URL GET HTTP/2static-lre.refinance.enhancedrefinow.com/main.beeac9c60f11ef610c23.css IP104.18.5.105:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File typeASCII text, with very long lines (45878) Size170 kB (170063 bytes) Hashf693cdad63a9399109882d24052572f5 375e4f1ac120cacdfc715319df121ffcf5100107 9bc70115845096ee3d725201f6e7beace8b4ec0ba1768ab43c989efdd722e35e
GET /main.beeac9c60f11ef610c23.css HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: text/css
last-modified: Tue, 05 Sep 2023 07:26:41 GMT
etag: W/"f693cdad63a9399109882d24052572f5"
x-amz-server-side-encryption: AES256
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 990c1aa70667fe4e8f93d88ac8400fc4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: hiXJL1jzwf7V4tOL28nw5vmlGTko3pFt6dUJW1YDov4JwfCfww_RpQ==
cf-cache-status: HIT
age: 442
expires: Sat, 23 Sep 2023 18:19:25 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=MMAR6WHjzfWM9OWci4ONo4cNrT2SfABBTcVFmrFyqCU-1695478765-0-AQDcJ1xMFphR5nKYmQC9UEMFCAROqgw0/09i1BH4aVEGGuouLe/k7QIJ32vNyigQ/sTN4rdrRIQMEgKw6uNBQ8U=; path=/; expires=Sat, 23-Sep-23 14:49:25 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c2ada17b4f3-OSL
X-Firefox-Spdy: h2
|
|
| home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 | 104.18.8.131 | 200 OK | 21 kB |
URL User Request GET HTTP/2home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 IP104.18.8.131:443
CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:24 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
cf-cache-status: DYNAMIC
set-cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; Path=/; Expires=Sun, 22 Sep 2024 14:19:24 GMT
sourceId=affl_everflow_lre-rfl_155_809; Path=/; Expires=Sat, 30 Sep 2023 14:19:24 GMT
connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; Path=/; Expires=Sat, 30 Sep 2023 14:19:24 GMT; HttpOnly
__cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; path=/; expires=Sat, 23-Sep-23 14:49:24 GMT; domain=.refily.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c207df656af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| home.refily.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled | 104.18.8.131 | 200 OK | 4 B |
URL GET HTTP/2home.refily.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled IP104.18.8.131:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectrefily.com Fingerprint30:90:38:0B:0A:63:AB:59:F9:C5:42:F8:08:BC:92:CA:AA:73:05:E4 ValidityThu, 10 Nov 2022 00:00:00 GMT - Fri, 10 Nov 2023 23:59:59 GMT
File typeASCII text, with no line terminators Hashb326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /app-configuration/?path=/lendingLeadGen/fraud/anura/enabled HTTP/1.1
Host: home.refily.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2
DNT: 1
Connection: keep-alive
Cookie: visitorId=1ff7f61e-4747-458a-93ac-6fc24e853ad8; sourceId=affl_everflow_lre-rfl_155_809; connect.sid=s%3AZDJZ3w2yUW9EUApUO1TuDkn-CKl2vOje.aeUQmkAE8%2F3DhGnpS7D2pY0%2Fp244VDmjjrOoNRJD%2Fp8; __cf_bm=Obn7oGN4BmutdXKdZ6H2b7qGzPD8Uh8koGypDOLHzrI-1695478764-0-Ac1Z21Uonlmz2kkyolbKkg7gvngZFwHkC0SG+uDsXqQfDqYTAgCvJu9Wl53bAAFrBia7WF0DvT43IhMHSYBq2ZY=; DAPROPS="bS:0|scsVersion:2.4.3|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|bE:0"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c350d7456af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| static-lre.refinance.enhancedrefinow.com/main.beeac9c60f11ef610c23.js | 104.18.5.105 | 200 OK | 742 kB |
URL GET HTTP/2static-lre.refinance.enhancedrefinow.com/main.beeac9c60f11ef610c23.js IP104.18.5.105:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
Size742 kB (742087 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /main.beeac9c60f11ef610c23.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:25 GMT
content-type: application/javascript
last-modified: Tue, 05 Sep 2023 07:26:41 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
etag: W/"a0dfd9c99f459443e9492505502a7560"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2f7792bdc67f7953e2dce93aea1bb9ee.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: jdPIkVA1RBRrlaU8E9koTIYIhKi09znbh04xj7gIZcAATZvlHQgk5g==
cf-cache-status: HIT
age: 442
expires: Sat, 23 Sep 2023 18:19:25 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=iwJ.2xMzBALfv6nWlFLxWsNmzq5o8Cm1MD4V03c0dKA-1695478765-0-AX/KbLyCg/sfS8iZ7r6qnUB10/yklJ51KcZCKzicBewqGeM9zgLznUr3Vb3LBdmyfZWYiPsq16I5UmLEZcXwuw0=; path=/; expires=Sat, 23-Sep-23 14:49:25 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 80b36c2aca0fb4f3-OSL
X-Firefox-Spdy: h2
|
|
| script.anura.io/request.js?instance=3439535758&exid=f6e9224e-e344-59b1-b085-e432f23ddcec&source=affl_everflow_lre-rfl_155_809&campaign=2&29094992352 | 13.40.91.234 | 200 OK | 56 kB |
URL GET HTTP/2script.anura.io/request.js?instance=3439535758&exid=f6e9224e-e344-59b1-b085-e432f23ddcec&source=affl_everflow_lre-rfl_155_809&campaign=2&29094992352 IP13.40.91.234:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerAmazon Subjectscript.anura.io Fingerprint00:49:D0:33:40:DB:54:FC:F3:AC:1E:42:4F:49:8F:4B:46:5A:A8:66 ValidityMon, 12 Jun 2023 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT
File typeASCII text, with very long lines (1912) Hash3653725a25325459bd07439bd634bd11 90a1c01904205572b2fe20a458981d6aa5fd12d6 93affee1836f309b279d019ccc38ba69b1cb6abfe9956f68f5bb23cf3b6c347b
GET /request.js?instance=3439535758&exid=f6e9224e-e344-59b1-b085-e432f23ddcec&source=affl_everflow_lre-rfl_155_809&campaign=2&29094992352 HTTP/1.1
Host: script.anura.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 23 Sep 2023 14:19:27 GMT
content-type: application/javascript; charset=utf-8
server: nginx
vary: Accept-Encoding
expires: Sun, 28 Dec 1980 18:57:00 EST
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.datadoghq-browser-agent.com/datadog-rum-v3.js | 54.230.111.221 | 200 OK | 118 kB |
URL GET HTTP/2www.datadoghq-browser-agent.com/datadog-rum-v3.js IP54.230.111.221:443
Requested byhttps://home.refily.com/?moid=314646&sourceid=affl_everflow_lre-rfl_155_809&pkey1=809&pkey2=2&pkey3=bc805b829ef849478351eeabe32f80e2&sid=155&cmpid=155&crtid=&oid=155&affid=809&_ef_transaction_id=bc805b829ef849478351eeabe32f80e2 CertificateIssuerDigiCert Inc Subject*.datadoghq-browser-agent.com FingerprintFC:83:1B:FF:12:98:28:60:E5:F1:DC:73:0D:BC:6F:81:22:A7:F1:6D ValiditySat, 14 Jan 2023 00:00:00 GMT - Tue, 16 Jan 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size118 kB (117677 bytes) Hash647fda9a4d3d74344732d76cf1fff47c 01720d421ce3373f1a1958a1d85edfae5ab5f442 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b
GET /datadog-rum-v3.js HTTP/1.1
Host: www.datadoghq-browser-agent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 16:36:14 GMT
server: AmazonS3
content-encoding: gzip
date: Sat, 23 Sep 2023 14:18:58 GMT
cache-control: max-age=14400, s-maxage=60
etag: W/"647fda9a4d3d74344732d76cf1fff47c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tTJ_JmOUc023Jc69CGUp8-x6KQzkUkIqC9i0f0991qHjomfiYb4OWQ==
age: 30
timing-allow-origin: *
X-Firefox-Spdy: h2
|
|