www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c
35.201.76.131302 Found 340 B URL User Request GET HTTP/2 www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c
IP 35.201.76.131:443
Certificate IssuerStarfield Technologies, Inc.
Subjectlmbahsj2.com
Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53
ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
File type HTML document, ASCII text, with very long lines (338)
Hash 5cf0a48fa4ccad6e61b77732f152da92
52e3ef43d919624d39acae6f0859f0187f90fc3f
368333f4187cb81b780a775f0d3f3dead288403b5ffd94c052be9ffef21f72f8
GET /29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Thu, 07 Dec 2023 19:08:15 GMT
content-type: text/html; charset=utf-8
content-length: 340
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
location: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
set-cookie: uniqueClick_83KB7S=2256fe4d-4ebf-40bd-abb1-10c297468972:1701976095; Path=/; Expires=Fri, 08 Dec 2023 19:08:15 GMT; Secure; SameSite=None
transaction_id=3e601e8a03ad4f64ada14990f917fba6; Path=/; Expires=Wed, 06 Mar 2024 19:08:15 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 7a1b21de-89b0-4be4-ac4a-dd11e25a161f
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
content.quickencompare.com/qc/refi-images/QC-Logo.png
104.18.29.109200 OK 58 kB URL GET HTTP/2 content.quickencompare.com/qc/refi-images/QC-Logo.png
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type PNG image data, 1084 x 400, 8-bit/color RGBA, non-interlaced\012- data
Hash 521752a26258e4864b241e2d53ffe6fb
197a15424a4f1def49ad620d2e5efc5fc1629829
c361b0d16f182441c533ead38d28a79b93c42473cfb5fbd0f5eebc2e64ea18a5
GET /qc/refi-images/QC-Logo.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: image/png
content-length: 58295
last-modified: Thu, 23 Nov 2023 14:00:50 GMT
x-amz-server-side-encryption: AES256
etag: "521752a26258e4864b241e2d53ffe6fb"
x-cache: Hit from cloudfront
via: 1.1 660625642e0df86c41275db1ce1ac922.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: U8pU3G3HW7WBe2VyT8NlgJNZtgvXi-MtAZmVk3BVW5dxeJihjEpY1A==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e724c5fb51d-OSL
X-Firefox-Spdy: h2
content.quickencompare.com/nmn/logo/qc-financial-control.png
104.18.29.109200 OK 13 kB URL GET HTTP/2 content.quickencompare.com/nmn/logo/qc-financial-control.png
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type PNG image data, 281 x 168, 8-bit/color RGBA, non-interlaced\012- data
Hash d9164fb30114b13fdb91bd8011b5f71b
45307fb107b9e0ec642b98d3b2153467cb00b633
442b0856c633c8a41e1566de5aea94873cfa27b85e74e2fb2df4c92b55ab5608
GET /nmn/logo/qc-financial-control.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: image/png
content-length: 12630
last-modified: Thu, 23 Nov 2023 14:00:50 GMT
x-amz-server-side-encryption: AES256
etag: "d9164fb30114b13fdb91bd8011b5f71b"
x-cache: Hit from cloudfront
via: 1.1 7f7d86a250c539fe4431535882cf4e4e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: zfxTiOIo3IJzwm1cRVtMH4HPWz4K38uiW_ZFnPNXB5Nj7-eBTUyoLQ==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e724c63b51d-OSL
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.41 2.1 kB IP 192.124.249.41:0
Hash 4f63e20e6c85c3420ae4d0084f77231b
32956a1ad35804a56d5263848065be8bc4baeac3
4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 07 Dec 2023 19:08:17 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT
Expires: Fri, 08 Dec 2023 07:56:09 GMT
ETag: "32956a1ad35804a56d5263848065be8bc4baeac3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
use.typekit.net/msd8xng.css
23.36.76.122200 OK 680 B URL GET HTTP/2 use.typekit.net/msd8xng.css
IP 23.36.76.122:443
ASN #20940 Akamai International B.V.
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (516)
Hash 20203a97a8fb7c1ce2353ecc67ea540d
69dd242bcc9927260938d83c99e59453871ebba4
56af1865c3c674da77191c0c3f9c9a01789e64b2851675d878cb03b5bc57a353
GET /msd8xng.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 680
date: Thu, 07 Dec 2023 19:08:17 GMT
X-Firefox-Spdy: h2
static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js
104.18.4.105200 OK 198 kB URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js
IP 104.18.4.105:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectenhancedrefinow.com
FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56
ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Size 198 kB (197803 bytes)
Hash ca318eae9ebc93537a732a02e7480171
5e1d79ca2ab46dbe389da59faacfed537f20be8f
6e1b68716a442691cbddf674a27da4c627a52f33242f144c662872d3cd94a36f
GET /vendor.67a1d66e4ad0509192e9.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: application/javascript
last-modified: Thu, 16 Nov 2023 10:47:04 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
etag: W/"0e80b2b8d6f895c55fb9aefe511479b6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5a96272b81254403ef5ef083d36ce62a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: VEL_ZSoR_Lsi5mfBiIbZUYwyJ8gM1-0s3fly79AqbuPeB9p5H3tAVA==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=J8I58jEdE723DWoM9yJPwOESdNpGkCXDKFM3d7d54Jo-1701976097-0-ATcG9ZWxPaOA9wKLtBmE1n0n/FvXprnx2Nw0luaWpn7lS7NlOPKM9vb+3nBY1QHEofN3312pQWIcmh6T+9/ceEM=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e72a85d0b61-OSL
X-Firefox-Spdy: h2
static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js
104.18.4.105200 OK 6.9 kB URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js
IP 104.18.4.105:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectenhancedrefinow.com
FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56
ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash 185ae165419f988556e8f161a8af651e
41c9a599d8a852da9f32059bec561e90d1deec42
f8be0b0780a89d38c6d43ae2e85f4a75bd8bf7b9850bde0769f57b0831260c1b
GET /manifest.d7f9016d0e5da5649c5f.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2023 19:49:34 GMT
etag: W/"ab05865229c4be0e25398c314b00a787"
x-amz-server-side-encryption: AES256
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: j6xQDrVNaIhrWO44n7p_cS7sPJVO2HTWlWu5NqGBxiq0BcirAWMkGA==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=rOXw1A0odcAxVV7b8xvQTMc.9EixAVYuz0.5I8mOwC4-1701976097-0-AZWaIwnFDzZOvck1gea9xPjW0Gt5L0HdeRh24Q3UbOwJa4gd2ZzNeDVHXBWWxCAEuPO7+VIjzCbQ65TWYLg8VHM=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e7288420b61-OSL
X-Firefox-Spdy: h2
static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js
104.18.4.105200 OK 139 kB URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js
IP 104.18.4.105:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectenhancedrefinow.com
FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56
ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Size 139 kB (139279 bytes)
Hash 39afe8697e97e95c6dab844a01ffeae9
a5904d12c3c6efd15013c943f2b307742ba10788
1a90d9bfe52144bb482a9a0e95dee857632d6aaa5780906bb435fd4e2f99aec7
GET /main.93e3cac8409e105ab51a.js HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: application/javascript
last-modified: Mon, 13 Nov 2023 19:49:34 GMT
etag: W/"dec41562bede99a23e8a683bb0b2c7a7"
x-amz-server-side-encryption: AES256
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EJy6PytxORPNYh-TGOTN6W-_ThcOjbKUjHTMw5tSApe4obskrYLi1A==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=8N5lKNPUpNM0nYnsMsaQRO_8ZSD.eZt8kTpSc.3XlbE-1701976097-0-AUaw5moRl3efQH4oRiU5vL3YLwyOz0w5CJosJse3jXl2Q8njLCeTOJ6SMdv9Y0j1pnQq9q28qdP9B664YWGBnP0=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e72a85c0b61-OSL
X-Firefox-Spdy: h2
cs-cdn.deviceatlas.com/dacs.js
52.58.191.183200 OK 22 kB URL GET HTTP/2 cs-cdn.deviceatlas.com/dacs.js
IP 52.58.191.183:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoDaddy.com, Inc.
Subject*.deviceatlas.com
Fingerprint24:8E:6E:64:30:97:51:E1:A5:07:DB:42:13:5B:15:27:BA:6F:10:C2
ValiditySat, 04 Mar 2023 07:26:21 GMT - Thu, 04 Apr 2024 07:26:21 GMT
File type ASCII text, with very long lines (21816)
Hash 610a4ab640dd5cfa6750aa2623357f51
6f425451f0dffa8b2a418857da82c5d28e2db9e8
fe49fc14b70cfc4f3edbc08e58087ca0f6e948a953c3eaeabdc7e78f512e5a22
GET /dacs.js HTTP/1.1
Host: cs-cdn.deviceatlas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.17.9
date: Thu, 07 Dec 2023 19:08:18 GMT
content-type: application/javascript
content-length: 21909
last-modified: Thu, 09 Nov 2023 13:50:26 GMT
etag: "610a4ab640dd5cfa6750aa2623357f51"
expires: Thu, 07 Dec 2023 19:08:17 GMT
cache-control: no-cache
x-cache: HIT
accept-ch: DPR,Width,Viewport-Width,Viewport-Height,Device-Memory,RTT,Downlink,ECT,Lang,Sec-CH-DPR,Sec-CH-Width,Sec-CH-Viewport-Width,Sec-CH-Viewport-Height,Sec-CH-Device-Memory,Sec-CH-RTT,Sec-CH-Downlink,Sec-CH-ECT,Sec-CH-Lang,Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Bitness,Sec-CH-UA-WoW64,Sec-CH-Prefers-Reduced-Motion,Sec-CH-Prefers-Reduced-Transparency,Sec-CH-Prefers-Contrast,Sec-CH-Forced-Colors,Sec-CH-Prefers-Color-Scheme,Sec-CH-Prefers-Reduced-Data
accept-ranges: bytes
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png
104.18.13.43200 OK 551 B URL GET HTTP/2 content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png
IP 104.18.13.43:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectrefinance.quickenloans.com
Fingerprint1C:BA:47:A1:B9:5E:06:39:AC:47:A6:A8:49:17:24:B4:31:E4:F0:75
ValidityMon, 20 Nov 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT
File type PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced\012- data
Hash 90732fd581b4624530c995d70d3f17a8
6704549936ece70f840129dcca57a5e56ff0cac5
8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a
GET /msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png HTTP/1.1
Host: content.refinance.quickenloans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:18 GMT
content-type: image/png
content-length: 551
last-modified: Fri, 17 Nov 2023 05:34:25 GMT
x-amz-server-side-encryption: AES256
etag: "90732fd581b4624530c995d70d3f17a8"
x-cache: Hit from cloudfront
via: 1.1 a52c33748955378f279062b7fc7ef91e.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: bs_FMuQrXpr4E6RFzDrM-xp7z-EnND8iJht3e1YQEgYSxE7PQx6mdQ==
cf-cache-status: HIT
age: 3828
expires: Thu, 07 Dec 2023 23:08:18 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
set-cookie: __cf_bm=v4VuCF.Cm6JfOIUnYn1UeyAyNU8Fv.2GTpmHWJ_gPjk-1701976098-0-AeLXczbmEcSnpIOX5yz6JuDaCjoW340FAj5GQsh09klHlKryEsY8eB4u8+ZFw2+yMMz7HtVY1t3FGS61rUU2DmE=; path=/; expires=Thu, 07-Dec-23 19:38:18 GMT; domain=.refinance.quickenloans.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e773cd1b4f9-OSL
X-Firefox-Spdy: h2
ocsp.starfieldtech.com/
192.124.249.24 2.1 kB IP 192.124.249.24:0
Hash 4f63e20e6c85c3420ae4d0084f77231b
32956a1ad35804a56d5263848065be8bc4baeac3
4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 07 Dec 2023 19:08:18 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT
Expires: Fri, 08 Dec 2023 07:56:09 GMT
ETag: "32956a1ad35804a56d5263848065be8bc4baeac3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png
104.18.29.109200 OK 60 kB URL GET HTTP/2 content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type PNG image data, 2980 x 820, 8-bit/color RGBA, non-interlaced\012- data
Hash 0b525d003df460ee3ef27bb82defdb43
0e1f1b12bc01d745e847d91f64727e1bde0cf019
78f6112cc353f90b0f71f3b1c2a5571b1b620290dd2048dc073eb91217c590e7
GET /qc/refi-images/BG-BLUE-ICON-WHITE.png HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://static-lre.refinance.enhancedrefinow.com/
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:19 GMT
content-type: image/png
content-length: 60242
last-modified: Mon, 27 Nov 2023 15:34:00 GMT
x-amz-server-side-encryption: AES256
etag: "0b525d003df460ee3ef27bb82defdb43"
x-cache: RefreshHit from cloudfront
via: 1.1 f6020f10d519a41b0c116dad7dcb2798.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Z0TvvSdbNGuv03uzzFkfV90xM-LN3oC_ofnT5p9t4TKs4kTK_5WgiA==
cf-cache-status: HIT
age: 2112
expires: Thu, 07 Dec 2023 23:08:19 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e7c8994b51d-OSL
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap
142.250.74.106200 OK 11 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap
IP 142.250.74.106:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type gzip compressed data, max compression\012- data
Hash e0b9be691de9c162efddaaaf9512e38c
24a21824b2bfb11779d4e36ec5ede41ab47a4f12
4ae2326c367c47a854f2ab361c4a7f55dc7b561c554b6a8a561d0027fb57c5d0
GET /css2?family=Montserrat:wght@400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 07 Dec 2023 19:08:17 GMT
date: Thu, 07 Dec 2023 19:08:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
23.36.76.122200 OK 11 kB URL GET HTTP/2 use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
IP 23.36.76.122:443
ASN #20940 Akamai International B.V.
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 10552, version 1.0\012- data
Hash dfd4158df5a1e052abac4fbd93e09fb1
9db6d016f4c8b240634f9334ec8c11b27a8926fd
d3a3bb6d91875a850f5ab1dd85446084933aefde6a0c183689ce585e568f4ee3
GET /af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 10552
etag: "3ffc31f2c2e0e0a0bd3e7a4f831f835ccfabcbde"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 07 Dec 2023 19:08:19 GMT
X-Firefox-Spdy: h2
use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
23.36.76.122200 OK 11 kB URL GET HTTP/2 use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
IP 23.36.76.122:443
ASN #20940 Akamai International B.V.
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 10888, version 1.0\012- data
Hash 865a9070be41e8b5d8258be1bf57cab1
2f7e1a72d4897a263394a4f07892c9389b954212
eaa07ae8e4a20bddf808a50bb9e635664a986e2878e458899442b156c7a49e50
GET /af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 10888
etag: "b7140404e35689beadfbc7c2c96a907cf5aaa352"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 07 Dec 2023 19:08:19 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 33 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0\012- data
Hash 057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 23:21:56 GMT
expires: Fri, 29 Nov 2024 23:21:56 GMT
cache-control: public, max-age=31536000
age: 589583
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.redditstatic.com/ads/pixel.js
151.101.193.140200 OK 7.4 kB URL GET HTTP/2 www.redditstatic.com/ads/pixel.js
IP 151.101.193.140:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectwww.redditstatic.com
Fingerprint5B:10:93:15:D0:06:B8:27:DD:C8:15:7C:8A:49:4B:AD:06:D3:8E:15
ValidityFri, 25 Aug 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (23776)
Hash 78b6c68984a6ce5b3fcac1c6a9cad00c
02e1d366a17506cea8adfe5a15949aca89719a02
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
GET /ads/pixel.js HTTP/1.1
Host: www.redditstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=60
content-encoding: gzip
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 07 Dec 2023 19:08:19 GMT
vary: Accept-Encoding,Origin
server: snooserv
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-length: 7409
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-319191520
142.250.74.168200 OK 75 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-319191520
IP 142.250.74.168:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 03fdcd9a9aae042005e5f53e183330fe
4870732f63ef1ee84320cdb44eaaa3614140af93
4bb54c594893757b8558eb72a645dfaf1963440c5194a4f3963e71b72134f8f2
GET /gtag/js?id=AW-319191520 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Dec 2023 19:08:20 GMT
expires: Thu, 07 Dec 2023 19:08:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75422
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-10865694633
142.250.74.168200 OK 75 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10865694633
IP 142.250.74.168:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 27bdf417ab917b5252ee1e23b2efeec9
2974a9e918d306820eadc1855b084aea313d8d44
47f7bb6ad52a0578f746525d79246e664c5c269f8c80c0305c5c8e46c46920e5
GET /gtag/js?id=AW-10865694633 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Dec 2023 19:08:20 GMT
expires: Thu, 07 Dec 2023 19:08:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75388
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=AW-11411986938
142.250.74.168200 OK 81 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-11411986938
IP 142.250.74.168:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash 102f9a2a3775a8772ef8b1519157928d
d6aa31f8b606f05ae5155f38e52b5a51e71ef290
373ea88cef3e3f9c706127d4b908f9e35c71df87cbffe6e440469042027a5a28
GET /gtag/js?id=AW-11411986938 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Dec 2023 19:08:20 GMT
expires: Thu, 07 Dec 2023 19:08:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80987
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c
142.250.74.168200 OK 76 kB URL GET HTTP/3 www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash bf72064265b057dbf9b1453eb7754a6e
dcffaa782341af899a956b4701af4ba63a47ec24
c72911770606f6fb881ce756013d5950855f9b36bcb07ce2b945234289350d11
GET /gtag/destination?id=AW-320492720&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Dec 2023 19:08:20 GMT
expires: Thu, 07 Dec 2023 19:08:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75627
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.googletagmanager.com/gtag/js?id=AW-320492720
142.250.74.168200 OK 76 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=AW-320492720
IP 142.250.74.168:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT
File type ASCII text, with very long lines (4179)
Hash c80d74d2793072492a762ae5bbd99ba6
19a8f876c8146291e11983500ae3764c98d2fd2f
ea50c994accd65ab7fa57e1cd37a81072400e89fc32937766a1f5696c968a66a
GET /gtag/js?id=AW-320492720 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Dec 2023 19:08:20 GMT
expires: Thu, 07 Dec 2023 19:08:20 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 75545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.starfieldtech.com/
192.124.249.24 2.1 kB IP 192.124.249.24:0
Hash 4f63e20e6c85c3420ae4d0084f77231b
32956a1ad35804a56d5263848065be8bc4baeac3
4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 07 Dec 2023 19:08:20 GMT
Content-Type: application/ocsp-response
Content-Length: 2149
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT
Expires: Fri, 08 Dec 2023 07:56:09 GMT
ETag: "32956a1ad35804a56d5263848065be8bc4baeac3"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=
95.217.105.250200 OK 46 B URL GET HTTP/2 pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=
IP 95.217.105.250:443
ASN #24940 Hetzner Online GmbH
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerSectigo Limited
Subject*.revjet.com
Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81
ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash f6ce8dc63925c8d5f0d57d6ce42f43e1
a89ad2e8361ef3867b5ecee557acae6c5447b448
bceae18f848b9d727a55d73fc08a3e83e8e2debf8e774bc60cb45b8ae4b4e481
GET /track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= HTTP/1.1
Host: pix.revjet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: text/javascript
content-length: 46
set-cookie: trx=4777369244942618106; Max-Age=63072000; Expires=Sat, 06 Dec 2025 19:08:20 GMT; Path=/; Domain=.revjet.com; Secure; SameSite=None
X-Firefox-Spdy: h2
rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300
3.233.153.123200 OK 2 B URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300
IP 3.233.153.123:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.logs.datadoghq.com
Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99
ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15826
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914
3.233.153.123200 OK 2 B URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914
IP 3.233.153.123:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.logs.datadoghq.com
Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99
ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 14052
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325
207.189.124.43200 4.9 kB URL GET HTTP/1.1 a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325
IP 207.189.124.43:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerSectigo Limited
Subject*.actonservice.com
FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E
ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT
Hash d32293f4e34e7342102ca2ac51d01301
beff67b596539668798cec2270dcea508c43b82e
4cceda7cf27c7acc53c753e884b47d3b981448fe29d600e87748343bbf1e6ff1
GET /cdnr/forpci43/acton/bn/tracker/44325 HTTP/1.1
Host: a44325.actonservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/"
Set-Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDgNssDDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1
Content-Type: application/javascript;charset=utf-8
Content-Length: 4850
Date: Thu, 07 Dec 2023 19:08:20 GMT
X-Cnection: close
Strict-Transport-Security: max-age=16070400
bat.bing.com/bat.js
13.107.21.200200 OK 13 kB IP 13.107.21.200:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
File type Unicode text, UTF-8 text, with very long lines (46103), with no line terminators
Hash 7f75f159026f3a2c8cccda487b43157b
021cf5c854db063cd79bf0394c24eb994e095640
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 13175
content-type: application/javascript
content-encoding: gzip
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ranges: bytes
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0E02E86D14B44D749518F442F0D57DB3 Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:20Z
date: Thu, 07 Dec 2023 19:08:20 GMT
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
142.250.74.132302 Found 63 B URL GET HTTP/2 www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 142.250.74.132:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1
ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT
File type ASCII text, with no line terminators
Hash ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
GET /pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 19:08:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png
104.18.29.109200 OK 11 kB URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 33459eb6a3bd646afe5d2b592d70a184
3dbe306f999a2d9d3ac37fcbd664100e3dc9e4dd
a3cbfe4e63c8a005a557d34d2bf2041a470c86c629429b4ec9d695a59c951fce
GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png HTTP/1.1
Host: www.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; _rdt_uuid=1701976106531.5152ea6e-3782-48d8-8ac9-ae0b9bcfc8eb; _gcl_au=1.1.1520612321.1701976107
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: image/png
content-length: 10913
cache-control: public, max-age=31622400
etag: "646f8388-2aa1"
expires: Sat, 07 Dec 2024 19:08:20 GMT
last-modified: Thu, 25 May 2023 15:49:28 GMT
strict-transport-security: max-age=2592000
x-pantheon-styx-hostname: styx-fe1-a-685d4d5969-p4htw
x-styx-req-id: 32d64d26-67a0-11ee-8ab1-a68b0bac51fb
x-served-by: cache-chi-kigq8000146-CHI, cache-bma1675-BMA
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1701973987.519388,VS0,VE126
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 2114
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e871e6eb51d-OSL
X-Firefox-Spdy: h2
www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png
104.18.29.109200 OK 1.5 kB URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 08c465daeab64895569e93e51c762db7
06d83a5d5da54777459439485a5a410776f22375
1bf8b66be3259665a6d9791e0dfbd82bd2f574a01bad981e3d4e66d71f137e78
GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png HTTP/1.1
Host: www.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; _rdt_uuid=1701976106531.5152ea6e-3782-48d8-8ac9-ae0b9bcfc8eb; _gcl_au=1.1.1520612321.1701976107
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: image/png
content-length: 1462
cache-control: public, max-age=31622400
etag: "646f8388-5b6"
expires: Sat, 07 Dec 2024 19:08:20 GMT
last-modified: Thu, 25 May 2023 15:49:28 GMT
strict-transport-security: max-age=2592000
x-pantheon-styx-hostname: styx-fe1-a-b8448654b-5nhpm
x-styx-req-id: fcf64b0f-565f-11ee-9089-d2e2ed9d6f4f
x-served-by: cache-chi-klot8100095-CHI, cache-bma1667-BMA
x-cache: HIT, MISS
x-cache-hits: 1, 0
x-timer: S1701701162.825696,VS0,VE131
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 194281
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e871e6fb51d-OSL
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
87.248.119.252200 OK 6.3 kB IP 87.248.119.252:443
ASN #203220 Yahoo! UK Services Limited
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (18187), with no line terminators
Hash 5c6ed25dce803fd84288922b8928409e
3ccc10546ae12f160bacac1e9e422af091ea4a41
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: ZWM3zDv3YQ6iPPRWFaQnqI7NYPwouttY2RBEAet5A6wasIQ0VR5ZEpFfcB6Ld+V2QZiVFwrDnGo=
x-amz-request-id: 8KHWBP3S1MHRYCTC
date: Thu, 07 Dec 2023 18:26:03 GMT
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "5c6ed25dce803fd84288922b8928409e-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 2539
content-encoding: gzip
content-length: 6262
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2
a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0
207.189.124.43200 43 B URL GET HTTP/1.1 a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0
IP 207.189.124.43:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerSectigo Limited
Subject*.actonservice.com
FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E
ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash f7f26805de1a1f270e665bf7873d7e19
c32085898c6e36d361d4b8017087de90e1b8465c
2188414d64d2930eb54f4731b6eb9a931358ba625d1cd7535a889409218609d2
GET /acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0 HTTP/1.1
Host: a44325.actonservice.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDgNssDDD"
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Set-Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDYAYCBVHU-YCIW-XTII-CLBI-MXHAMVITJWLBDjNpJrLgJhtiHkL_JhtDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1
P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/"
Content-Type: image/gif
Content-Length: 43
Date: Thu, 07 Dec 2023 19:08:21 GMT
X-Cnection: close
Strict-Transport-Security: max-age=16070400
Vary: Accept-Encoding
s.yimg.com/wi/config/10194306.json
87.248.119.252200 OK 46 B URL GET HTTP/2 s.yimg.com/wi/config/10194306.json
IP 87.248.119.252:443
ASN #203220 Yahoo! UK Services Limited
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6
ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 87d7a3e6ca5844729c849e28a1fdffda
cf1c60dd594971896ff423177ad4991403928429
e8a12726ee07f3a17f43d5715b0f1c49c2548baf3ce450d2880701034c75700b
GET /wi/config/10194306.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-amz-id-2: hiTsyAV/NmuI6ml6nk1lHxs2jQwneURY8C/ohUouQ9S1nxFa1zfc4Sg+s4JvwAEF4grXvPVEoJQ=
x-amz-request-id: H9CRNQ6SXXB2Q7T2
date: Thu, 07 Dec 2023 18:58:22 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Thu, 07 Dec 2023 17:43:45 GMT
x-amz-expiration: expiry-date="Sat, 11 Jan 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
x-amz-server-side-encryption: AES256
x-amz-version-id: dO8Tl50koPrsXhalRV1v86FHib.3Gug1
accept-ranges: bytes
content-type: application/json
server: ATS
content-length: 46
referrer-policy: no-referrer-when-downgrade
etag: "87d7a3e6ca5844729c849e28a1fdffda"
age: 600
ats-carp-promotion: 1
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
bat.bing.com/p/action/146000783.js
13.107.21.200204 No Content 0 B URL GET HTTP/2 bat.bing.com/p/action/146000783.js
IP 13.107.21.200:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/146000783.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8F092F876504A5F97CC4E0535D4CC0E Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:21Z
date: Thu, 07 Dec 2023 19:08:20 GMT
X-Firefox-Spdy: h2
ads.anura.io/showads.js?670681914326
54.230.111.16200 OK 20 B URL GET HTTP/2 ads.anura.io/showads.js?670681914326
IP 54.230.111.16:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerAmazon
Subjectads.anura.io
Fingerprint69:66:FA:26:E2:E4:89:00:9A:F7:DE:2C:F6:5A:C2:B9:58:04:5D:E6
ValidityTue, 30 May 2023 00:00:00 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /showads.js?670681914326 HTTP/1.1
Host: ads.anura.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Wed, 06 Dec 2023 19:40:27 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5dtk_CkloKHn-R2sY-c5iLDNoqHGqyfCSZSIZzZMsp7Q_JiKrEfAKg==
age: 84474
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y
142.250.74.67200 OK 63 B URL GET HTTP/2 www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y
IP 142.250.74.67:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT
File type ASCII text, with no line terminators
Hash ad8b6f08655797587cdec719a94efe59
182adf5a140796f81e930649d05654dbf22fd5b7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
GET /pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1>m=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS>m_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 07 Dec 2023 19:08:21 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json
35.201.76.131200 OK 87 B URL GET HTTP/3 www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json
IP 35.201.76.131:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerStarfield Technologies, Inc.
Subjectlmbahsj2.com
Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53
ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
File type JSON data\012- , ASCII text
Hash 86571f1a7627d9de2e3b56e039d9a262
95f7811f34a0a7fb692cc7efdb3b502bbd0bbd33
bfea8c5323b0c6b9ed1fa94004c7b44583bfc13e67af2c043b43d0a84c588084
GET /sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
server: nginx
date: Thu, 07 Dec 2023 19:08:21 GMT
content-type: application/json; charset=utf-8
content-length: 87
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
access-control-allow-credentials: true
access-control-allow-origin: https://money.quickencompare.com
set-cookie: uniqueClick=448725a3-572a-4f5d-ade4-5eea9f673d2d:1701976101; Path=/; Expires=Fri, 08 Dec 2023 19:08:21 GMT; Secure; SameSite=None
transaction_id=3e601e8a03ad4f64ada14990f917fba6; Path=/; Expires=Wed, 06 Mar 2024 19:08:21 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 0148111d-ec0b-4e04-84d0-dcbefe351c35
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032
3.233.153.123200 OK 2 B URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032
IP 3.233.153.123:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.logs.datadoghq.com
Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99
ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032 HTTP/1.1
Host: rum-http-intake.logs.datadoghq.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15051
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:21 GMT
content-type: application/json
content-length: 2
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587
3.10.186.13200 OK 56 kB URL GET HTTP/2 script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587
IP 3.10.186.13:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerAmazon
Subjectscript.anura.io
Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20
ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT
File type ASCII text, with very long lines (1912)
Hash 15f51890083306fc58cac543b29621b9
b9ce10a3cf27103c2fcc5ce505ae14abd0bbef0f
afae8a486b0ddb0b77ce3b46da9798cb7a924b0c4181be14db485909a57f07a6
GET /request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587 HTTP/1.1
Host: script.anura.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: application/javascript; charset=utf-8
server: nginx
vary: Accept-Encoding
expires: Sun, 28 Dec 1980 18:57:00 EST
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
23.36.76.122200 OK 10 kB URL GET HTTP/2 use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
IP 23.36.76.122:443
ASN #20940 Akamai International B.V.
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 10520, version 1.0\012- data
Hash 9c062dccf131a3086c8150e06794fe67
0030407cafb86d8e591e93904d1c070c3b9c08ae
19aefb2c51bd12339798e6877c1317ca2edd1ccf827b9cddb622dc094031a8f0
GET /af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 10520
etag: "2be4f5725e5a1282789d7f7270687fcf4d372bef"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 07 Dec 2023 19:08:19 GMT
X-Firefox-Spdy: h2
money.quickencompare.com/visitor
104.18.29.109200 OK 231 B URL POST HTTP/2 money.quickencompare.com/visitor
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 6a151c831d874e450fc3e7e79dcd56ac
412cdb2fc8ae0e18847d6edccd55c9c2a826ba77
fd987f3ef7fdc8c302e760f4fe48c5bb1a158fe178feb1ab228489776099048b
POST /visitor HTTP/1.1
Host: money.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Content-Type: application/json
Content-Length: 1520
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0|scsVersion:2.4.5|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.av1:1|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1bE:0"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:19 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
etag: W/"e7-E94HlkUBYr5bJCf3eiJzP+KGCyc"
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e7e6bc0b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled
104.18.29.109200 OK 4 B URL GET HTTP/2 money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash b326b5062b2f0e69046810717534cb09
5ffe533b830f08a0326348a9160afafc8ada44db
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
GET /app-configuration/?path=/lendingLeadGen/fraud/anura/enabled HTTP/1.1
Host: money.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0|scsVersion:2.4.5|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.av1:1|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949bE:0"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e7f7d27b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
104.18.29.109200 OK 25 kB URL User Request GET HTTP/2 money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
IP 104.18.29.109:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 HTTP/1.1
Host: money.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
cf-cache-status: DYNAMIC
set-cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; Domain=.quickencompare.com; Path=/; Expires=Fri, 06 Dec 2024 19:08:16 GMT
sourceId=affl_everflow_qc-mon_143_809; Path=/; Expires=Thu, 14 Dec 2023 19:08:16 GMT
connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; Path=/; Expires=Thu, 14 Dec 2023 19:08:17 GMT; HttpOnly
BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; path=/; Httponly; Secure
__cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e657cd5b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css
104.18.4.105200 OK 176 kB URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css
IP 104.18.4.105:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectenhancedrefinow.com
FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56
ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
File type ASCII text, with very long lines (45544)
Size 176 kB (175557 bytes)
Hash 51281ef41f6e2e58b368816515b69b7b
0c82a25d8cc39e108175154e244bcb2490b18b0d
64cc6c3ae44025a0b21f96431acbdc5fe1601b19e27cfd4dfa0651dbb6776f33
GET /main.93e3cac8409e105ab51a.css HTTP/1.1
Host: static-lre.refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: text/css
last-modified: Mon, 13 Nov 2023 19:49:34 GMT
etag: W/"51281ef41f6e2e58b368816515b69b7b"
x-amz-server-side-encryption: AES256
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: cQWHkrqEyqhTeJXjNNmvwKJQWJN5-Z9Ogl1iTx76tVdfXcT0CRjncw==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
set-cookie: __cf_bm=gm0jkAuMBoxJhRMXqqCiZTYjjCBY_h6x2Ci0NYZcfsA-1701976097-0-AQZW2QUWkz9JwAvT12MQOoTiG8G7D8qv53zMcWw1YThtH31Y4aYuYwt8U8qw/GvNbJBuHTJgPhBuu5mQy5rFw6E=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e72984b0b61-OSL
X-Firefox-Spdy: h2
money.quickencompare.com/track
104.18.29.109200 OK 246 B URL POST HTTP/2 money.quickencompare.com/track
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 0494e98f9be9e0a834195389f2971083
fd490abaffef02693d551998f374c21a5722e9ba
0ca341bb8e9a9e7b0d37825a3fbde328f49960128a066f7d12c07d2096d702c4
POST /track HTTP/1.1
Host: money.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Content-Type: application/json
Content-Length: 464
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0|scsVersion:2.4.5|bcookieSupport:1|bcss.animations:1|bcss.columns:1|bcss.transforms:1|bcss.transitions:1|sdeviceAspectRatio:1280/1024|sdevicePixelRatio:1|idisplayColorDepth:24|bflashCapable:0|bhtml.audio.ogg:1|bhtml.audio.mp3:1|bhtml.audio.wav:1|bhtml.audio.m4a:1|bhtml.canvas:1|bhtml.inlinesvg:1|bhtml.svg:1|bhtml.video.ap4x:0|bhtml.video.av1:1|bhtml.video.ogg:1|bhtml.video.h264:1|bhtml.video.webm:1|bjs.accessDom:1|bjs.applicationCache:0|bjs.deviceMotion:1|bjs.geoLocation:1|bjs.indexedDB:1|bjs.json:1|bjs.localStorage:1|bjs.modifyCss:1|bjs.modifyDom:1|bjs.querySelector:1|bjs.sessionStorage:1|bjs.supportBasicJavaScript:1|bjs.supportConsoleLog:1|bjs.supportEventListener:1|bjs.supportEvents:1|bjs.webGl:1|bjs.webSockets:1|bjs.webSqlDatabase:0|bjs.webWorkers:1|bjs.xhr:1|srendererRef:02919241789|sscreenWidthHeight:1280/1024|stimeZone:UTC|buserMedia:1|saudioRef:25450949bE:0"; _dd_s=rum=1&id=ffa29c93-ef4d-488c-83f9-5f68a2682363&created=1701976106283&expire=1701977006283
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: application/json; charset=utf-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: no-store
etag: W/"f6-qawp2eBhBBvM1cK1I6LinEzILnU"
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e80deceb51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css
184.51.252.189200 OK 5 B URL GET HTTP/2 p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css
IP 184.51.252.189:443
ASN #20940 Akamai International B.V.
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subjectuse.typekit.net
Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B
ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 825e67eeb6b4bfac7536fc639a56ec43
574a45385ae62544c7424e6f06417f0370b1a532
c10ff60fd741e3b2b97479f16f45e5fa57449629f4d032f647fd23041a6ad7b1
GET /p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: text/css
content-length: 5
last-modified: Fri, 14 Jul 2023 12:45:58 GMT
etag: "64b14386-5"
cache-control: public, max-age=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
date: Thu, 07 Dec 2023 19:08:18 GMT
X-Firefox-Spdy: h2
script.anura.io/response.json
3.10.186.13200 OK 151 B URL POST HTTP/2 script.anura.io/response.json
IP 3.10.186.13:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerAmazon
Subjectscript.anura.io
Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20
ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash d3b5e25c2421b935df7b14a3a4d9f37c
a6904fa92cce1333021c2003ad2b123e44c20c12
982615e86e13940fe146f83ecc30dc050cd2bb72651d1b4c6a4fd3b131612c7b
POST /response.json HTTP/1.1
Host: script.anura.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 5448
Origin: https://money.quickencompare.com
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:21 GMT
content-type: application/json; charset=utf-8
server: nginx
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: POST
expires: Sun, 28 Dec 1980 18:57:00 EST
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg
104.18.29.109200 OK 7.6 kB URL GET HTTP/2 content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg
IP 104.18.29.109:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4
ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7675), with no line terminators
Hash 9c7fa5ca9ac7adf457a83b5aed9fe269
d527d4db3df8b0adb6af6408d9ab45c3ec67dc02
f647b5bacc626969604abca8928075eb34accf47048b1ffa58e2cc56c08b0d3a
GET /nmn/logo/dollar-money-icon-small.svg HTTP/1.1
Host: content.quickencompare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
DNT: 1
Connection: keep-alive
Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:17 GMT
content-type: image/svg+xml
last-modified: Thu, 23 Nov 2023 14:00:50 GMT
x-amz-server-side-encryption: AES256
etag: W/"3b280fb1b5f603b076383e1ca6ea531f"
x-cache: Hit from cloudfront
via: 1.1 6528f10684ec39317f94ed2a540d88b4.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Ani-paQksdVynqIW9BXjlj0Gx7_MvsMOT21oA0uKpKBIop_r2N12Ew==
cf-cache-status: HIT
age: 2113
expires: Thu, 07 Dec 2023 23:08:17 GMT
cache-control: public, max-age=14400
vary: Accept-Encoding
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e724c61b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.datadoghq-browser-agent.com/datadog-rum-v3.js
54.230.111.221200 OK 118 kB URL GET HTTP/2 www.datadoghq-browser-agent.com/datadog-rum-v3.js
IP 54.230.111.221:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerDigiCert Inc
Subject*.datadoghq-browser-agent.com
FingerprintFC:83:1B:FF:12:98:28:60:E5:F1:DC:73:0D:BC:6F:81:22:A7:F1:6D
ValiditySat, 14 Jan 2023 00:00:00 GMT - Tue, 16 Jan 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 118 kB (117677 bytes)
Hash 647fda9a4d3d74344732d76cf1fff47c
01720d421ce3373f1a1958a1d85edfae5ab5f442
4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b
GET /datadog-rum-v3.js HTTP/1.1
Host: www.datadoghq-browser-agent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 16:36:14 GMT
server: AmazonS3
content-encoding: br
date: Thu, 07 Dec 2023 19:08:19 GMT
cache-control: max-age=14400, s-maxage=60
etag: W/"647fda9a4d3d74344732d76cf1fff47c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fR7DFeTmQJYPzGzx6spPk13ZO7Lk7P7ppg67PemW6cs_vIagqJtpUw==
age: 28
timing-allow-origin: *
X-Firefox-Spdy: h2
www.lmbahsj2.com/scripts/sdk/everflow.js
35.201.76.131200 OK 61 kB URL GET HTTP/2 www.lmbahsj2.com/scripts/sdk/everflow.js
IP 35.201.76.131:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerStarfield Technologies, Inc.
Subjectlmbahsj2.com
Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53
ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/sdk/everflow.js HTTP/1.1
Host: www.lmbahsj2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: text/javascript
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
cache-control: max-age=14400
vary: Origin
x-eflow-request-id: bb68e999-0ef3-4017-9c1c-24e37d7642c8
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=<=5675&evt=pageLoad&sv=1&rn=195118
13.107.21.200204 No Content 0 B URL GET HTTP/2 bat.bing.com/action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=<=5675&evt=pageLoad&sv=1&rn=195118
IP 13.107.21.200:443
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=<=5675&evt=pageLoad&sv=1&rn=195118 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3E9C6BBF5A8A69AE0476785F5BDD68C1; domain=.bing.com; expires=Tue, 31-Dec-2024 19:08:21 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B2AF329BC7C14732A177592DD9C1F636 Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:21Z
date: Thu, 07 Dec 2023 19:08:20 GMT
X-Firefox-Spdy: h2
ads.revjet.com/analytics?acu=6680
65.21.20.219200 OK 20 kB URL GET HTTP/2 ads.revjet.com/analytics?acu=6680
IP 65.21.20.219:443
ASN #24940 Hetzner Online GmbH
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerSectigo Limited
Subject*.revjet.com
Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81
ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (1311)
Hash 26ec352468322f70910e03feb9b8b8fb
18878e8adcd809ad7a4850c8698efd24b22c04e5
2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb
GET /analytics?acu=6680 HTTP/1.1
Host: ads.revjet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 07 Dec 2023 19:08:20 GMT
content-type: application/javascript
last-modified: Tue, 05 Sep 2023 20:38:57 GMT
etag: W/"64f791e1-4c14"
expires: Thu, 07 Dec 2023 19:18:20 GMT
cache-control: max-age=600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js
104.18.4.105200 OK 154 kB URL GET HTTP/2 cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js
IP 104.18.4.105:443
Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Certificate IssuerCloudflare, Inc.
Subjectenhancedrefinow.com
FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56
ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT
Size 154 kB (153814 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel-616e834028d94a75ecaf.js HTTP/1.1
Host: cdn-refinance.enhancedrefinow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://money.quickencompare.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 07 Dec 2023 19:08:19 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: off
strict-transport-security: max-age=2592000
x-download-options: noopen
referrer-policy: same-origin
cache-control: public, max-age=14400
last-modified: Tue, 05 Dec 2023 23:29:25 GMT
etag: W/"258d6-18c3c509e09"
cf-cache-status: MISS
expires: Thu, 07 Dec 2023 23:08:18 GMT
set-cookie: __cf_bm=ZjMm1TQsQ1tWp4ZWi0KhaCuHn95OlSYgWGa_nuLg3Iw-1701976098-0-Aarl6Oaq+3TWa0TlRT5FS1XG7BZ0AVjRb6epm5V99yepyF1N6lZ5T6FT8yKGfE9WhZZ/IpobQhJ9xOTbov/MPp4=; path=/; expires=Thu, 07-Dec-23 19:38:18 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 831f0e7298500b61-OSL
content-encoding: gzip
X-Firefox-Spdy: h2