Report - www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c

Report Overview

Submitted URL
www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c
IP
35.201.76.131
ASN
#15169 GOOGLE
Submitted
2023-12-07 19:08:34
Access
public
Website Title
QuickenCompare Money - QUESTIONS
Final URL
money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
pix.revjet.com	4646	2008-09-14	2015-09-01	2023-11-18	1.0 kB	314 B	95.217.105.250
www.quickencompare.com	unknown	2021-01-21	2022-07-11	2023-11-15	2.1 kB	14 kB	104.18.29.109
cdn-refinance.enhancedrefinow.com	unknown	2019-11-14	2022-07-21	2023-11-17	460 B	155 kB	104.18.4.105
p.typekit.net	620	2010-08-02	2012-05-23	2023-12-07	490 B	340 B	184.51.252.189
ads.revjet.com	2924	2008-09-14	2015-08-11	2023-12-05	430 B	20 kB	65.21.20.219
www.lmbahsj2.com	unknown	2021-09-21	2022-05-13	2023-12-05	1.6 kB	64 kB	35.201.76.131
content.quickencompare.com	unknown	2021-01-21	2022-08-17	2023-11-17	3.5 kB	142 kB	104.18.29.109
cs-cdn.deviceatlas.com	unknown	2007-11-29	2019-07-10	2023-11-18	425 B	23 kB	52.58.191.183
a44325.actonservice.com	unknown	2006-08-04	2023-05-11	2023-11-17	1.4 kB	5.8 kB	207.189.124.43
www.google.com	7	1997-09-15	2015-05-10	2023-11-19	1.1 kB	1.5 kB	142.250.74.132
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-12-07	549 B	34 kB	216.58.207.227
www.redditstatic.com	1440	2011-11-09	2012-06-30	2023-12-07	428 B	8.4 kB	151.101.193.140
rum-http-intake.logs.datadoghq.com	3196	2010-07-09	2019-08-02	2023-12-05	2.1 kB	921 B	3.233.153.123
money.quickencompare.com	unknown	2021-01-21	2023-02-10	2023-11-20	7.2 kB	29 kB	104.18.29.109
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22	2023-12-07	1.0 kB	8.0 kB	192.124.249.41
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-12-07	2.3 kB	386 kB	142.250.74.168
www.google.no	25607	2001-02-26	2016-04-05	2023-12-07	1.1 kB	758 B	142.250.74.67
use.typekit.net	494	2010-08-02	2012-07-05	2023-12-07	2.3 kB	34 kB	23.36.76.122
ads.anura.io	75730	2016-03-22	2016-10-30	2023-12-07	469 B	482 B	54.230.111.16
content.refinance.quickenloans.com	unknown	1998-07-24	2022-03-18	2023-11-13	497 B	1.7 kB	104.18.13.43
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-12-07	482 B	12 kB	142.250.74.106
s.yimg.com	375	1997-05-14	2012-05-21	2023-12-06	882 B	8.3 kB	87.248.119.252
static-lre.refinance.enhancedrefinow.com	unknown	2019-11-14	2022-02-28	2023-11-17	1.9 kB	524 kB	104.18.4.105
bat.bing.com	387	1996-01-29	2014-04-08	2023-12-07	1.9 kB	15 kB	13.107.21.200
script.anura.io	43801	2016-03-22	2017-05-19	2023-12-05	1.1 kB	57 kB	3.10.186.13
www.datadoghq-browser-agent.com	3490	2019-03-26	2019-04-26	2023-12-06	446 B	118 kB	54.230.111.221

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-07 19:08:27	low	Client IP	18.159.105.57	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
2023-12-07 19:08:29	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-07 19:08:34	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2023-12-07 19:08:36	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (48)

	URL	Size	First Seen	Last Seen
	unknown	165 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash 3f373025d049c1b35741d7d875ddc6b0 a486f147997b72143ddb50c3e889b62b843802fa c10f0e610812f22aa3cf23610f64b0cf2c2efee9fccdf794435aaa47f4549093 Loading...

	www.googletagmanager.com/gtag/js?id=AW-11411986938	234 kB	2023-12-07	2023-12-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-11411986938 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:36 Times Seen2 Hash 102f9a2a3775a8772ef8b1519157928d d6aa31f8b606f05ae5155f38e52b5a51e71ef290 373ea88cef3e3f9c706127d4b908f9e35c71df87cbffe6e440469042027a5a28 Loading...

	unknown	410 B	2023-03-07	2024-07-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:40 Last Seen2024-07-24 05:48:34 Times Seen318 Hash d4b9aa4bd1158d2a90b163079af10fce f7555ee73aea2afd73b1e3a62e0b830060409efb 1e10c7052444bdadef594f3cbc761f53daaea5e2ebd3cf803626f2339136eb88 Loading...

	www.lmbahsj2.com/scripts/sdk/everflow.js	61 kB	2023-11-15	2024-02-06
Pretty URL www.lmbahsj2.com/scripts/sdk/everflow.js IP 35.201.76.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2024-02-06 20:27:09 Times Seen26 Hash 6a636b6eebf5b8e8d86fd79ce19d28fd 1639511a82c32d506d65d737ea4c6c2d0033907d 00bfb9da74d6c2c325c27e60fc9aea44f272cba1b072ad7b2ba4a805c3e8d555 Loading...

	bat.bing.com/bat.js	46 kB	2023-11-10	2024-03-18
Pretty URL bat.bing.com/bat.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-10 23:20:50 Last Seen2024-03-18 06:27:41 Times Seen24241 Hash 7f75f159026f3a2c8cccda487b43157b 021cf5c854db063cd79bf0394c24eb994e095640 5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214 Loading...

	bat.bing.com/p/action/146000783.js	0 B	2023-03-07	2024-07-27
Pretty URL bat.bing.com/p/action/146000783.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 03:34:26 Times Seen41184134 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js	13 kB	2023-11-15	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js IP 104.18.4.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2023-12-10 17:57:27 Times Seen32 Hash ab05865229c4be0e25398c314b00a787 ffabd971a1d77d782aec1370f52e8f1d83769c82 a261d93839339ffe4e77dead49be5380abb6b61fdbd67d735e01ccd17bae918f Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6	239 B	2023-03-26	2024-07-23
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:25 Times Seen145 Hash 280e199c65ca1e2edebe9be82aa0d129 0705c43fc9e588d9d39fcc5a93aa84bd5370eb37 4eb2645c75b71ee7ffc414de8d2d0891c100ab1ee521f4abe230de015cc43fa4 Loading...

	unknown	458 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 5ca2d5159edcf9d277c901fc61767337 324ae4f0e4d6e89adbb0d38ccf6e1304fe3eece2 5cd314022e7dfc4f88f29e1e9749888925460c8d37cfa9379ca161cfbbe37aeb Loading...

	www.googletagmanager.com/gtag/js?id=AW-319191520	211 kB	2023-12-07	2023-12-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-319191520 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:36 Times Seen2 Hash 03fdcd9a9aae042005e5f53e183330fe 4870732f63ef1ee84320cdb44eaaa3614140af93 4bb54c594893757b8558eb72a645dfaf1963440c5194a4f3963e71b72134f8f2 Loading...

	www.googletagmanager.com/gtag/js?id=AW-10865694633	211 kB	2023-12-07	2023-12-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10865694633 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:36 Times Seen2 Hash 27bdf417ab917b5252ee1e23b2efeec9 2974a9e918d306820eadc1855b084aea313d8d44 47f7bb6ad52a0578f746525d79246e664c5c269f8c80c0305c5c8e46c46920e5 Loading...

	script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587	56 kB	2023-12-07	2023-12-07
Pretty URL script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587 IP 3.10.186.13 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:36 Times Seen2 Hash 15f51890083306fc58cac543b29621b9 b9ce10a3cf27103c2fcc5ce505ae14abd0bbef0f afae8a486b0ddb0b77ce3b46da9798cb7a924b0c4181be14db485909a57f07a6 Loading...

	cs-cdn.deviceatlas.com/dacs.js	22 kB	2023-11-09	2024-01-01
Pretty URL cs-cdn.deviceatlas.com/dacs.js IP 52.58.191.183 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 19:54:48 Last Seen2024-01-01 19:59:28 Times Seen76 Hash 610a4ab640dd5cfa6750aa2623357f51 6f425451f0dffa8b2a418857da82c5d28e2db9e8 fe49fc14b70cfc4f3edbc08e58087ca0f6e948a953c3eaeabdc7e78f512e5a22 Loading...

	unknown	417 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash 51f5d8192cd24bafc246831cc82d8299 22ab7d0a33db6eb45f4aa19c8fd67704e6682a5d 5fa0e3d2a47c1ddb28027ab5cf2c8ccbdf6d0b8d3c05fad9113817efd08afa4f Loading...

	unknown	543 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash e451ef8df4c33b515475ac8cd3a74941 61d9758731d8a5cff6ed60c4ce5983e463a9d5ca b2c0f15102fda61a2edcfcf5d995ee39d9b248d100eb6d06e0b92b82c4369c42 Loading...

	unknown	64 B	2023-03-26	2024-07-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 08:07:59 Last Seen2024-07-27 00:25:01 Times Seen463 Hash d07d98b97154701a99faef3fa639fb02 1e79f33e4ac6e24c09350babd9a65a70debc7a5b 517d26aac757304b7e1461562acad2c6b49585ed2e7be78d197e11a39763d555 Loading...

	www.redditstatic.com/ads/pixel.js	24 kB	2023-06-15	2024-05-02
Pretty URL www.redditstatic.com/ads/pixel.js IP 151.101.193.140 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-15 23:22:15 Last Seen2024-05-02 22:13:05 Times Seen10749 Hash 78b6c68984a6ce5b3fcac1c6a9cad00c 02e1d366a17506cea8adfe5a15949aca89719a02 e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f Loading...

	ads.revjet.com/analytics?acu=6680	20 kB	2023-03-12	2024-07-27
Pretty URL ads.revjet.com/analytics?acu=6680 IP 65.21.20.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:30:56 Last Seen2024-07-27 00:25:02 Times Seen836 Hash 26ec352468322f70910e03feb9b8b8fb 18878e8adcd809ad7a4850c8698efd24b22c04e5 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb Loading...

	unknown	197 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash a493268deb7794088fdef0eeb2ba1de0 c9ab54357ed4a1f96091e4859e5e11165b383e8d a43f8a07c89161e2d9696f0f1bbb3875fda84f47ed8ea7fedf6ec70465251572 Loading...

	www.googletagmanager.com/gtag/js?id=AW-320492720	212 kB	2023-12-07	2023-12-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-320492720 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:36 Times Seen2 Hash c80d74d2793072492a762ae5bbd99ba6 19a8f876c8146291e11983500ae3764c98d2fd2f ea50c994accd65ab7fa57e1cd37a81072400e89fc32937766a1f5696c968a66a Loading...

	cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js	154 kB	2023-12-06	2023-12-08
Pretty URL cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js IP 104.18.4.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 00:34:34 Last Seen2023-12-08 15:36:20 Times Seen7 Hash 725ec28cfe869b33faa17168c8edda5b be7280685ddccc0d7fd14728407f2f23e0f63cd0 0a099c572e6793ac14cd77cb23fbcb1184f9b0e98ee11d0b8bd91f07ca5c35cb Loading...

	unknown	197 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash fb2ce45397d04da684bfbfc83bc8f3ad 610a2fcbb3bc06efef2e07f11584b68568caeea5 c6b100b14c1db0c481b7abed90f6a8cf258651bc86e32d00e5702da7a9f2d79f Loading...

	www.datadoghq-browser-agent.com/datadog-rum-v3.js	118 kB	2023-03-07	2024-07-27
Pretty URL www.datadoghq-browser-agent.com/datadog-rum-v3.js IP 54.230.111.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:55:13 Last Seen2024-07-27 00:25:02 Times Seen1082 Hash 647fda9a4d3d74344732d76cf1fff47c 01720d421ce3373f1a1958a1d85edfae5ab5f442 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b Loading...

	unknown	853 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 883283af89b92923b7ce78ecaaeaaba6 988fd393a2358008bbec5c9ffbd1e1bef17599ec d5a5210319d9ce7b18c12ba56bd37be8ebad434ec751a7cbf62ee6ceb456a569 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6	599 B	2023-12-07	2023-12-07
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-07 20:08:35 Last Seen2023-12-07 20:08:35 Times Seen1 Hash 168a579b553c8fdd0bba45d0f042e4e3 7e997ca5bef149bf034f48267b32d7a492971b87 44adbbb1f0559b7355bc944d224ad2d4859b8cf39d478db1a5471649a1eda8d7 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6	1.0 kB	2023-11-15	2023-12-07
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-15 15:41:45 Last Seen2023-12-07 20:08:35 Times Seen10 Hash 29a170473b2e42f3e8abc6c90005d365 0e73b61e4a0fde52b9a80cd42115f55a489adcd8 fdca11a7b608f08c2885713cdfac98f6db05879a753fab63e69e050d0180fe07 Loading...

	unknown	376 B	2023-05-11	2024-02-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-02-06 20:27:08 Times Seen129 Hash 96397ea4add0bd55c9e6a8bb82dd9336 3467535f371c39973ccd249e0a63535b7df27666 5a0fc340c17b356e22140a5e162ae2fcd5979d64af9d99b7d15e52daafbff4ee Loading...

	unknown	429 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash b67dd64cff5f517bcb984779e825646a 5859c78aceac531afac0c2e41c83075e86a22407 e19cfc6f666ced2c792c99db05035bbd99a6b48a44bb83c848e7e910a0fde5ce Loading...

	unknown	380 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 8079758ba6a78d277502bd77d0d2810f 10e90523f06ca6f3abc7781de64e8e10e907815b 21c4c591f2f5fc722cfe3bde9f800996f9107e6ca0cc4cd813e80def50c336d8 Loading...

	www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c	212 kB	2023-12-07	2023-12-07
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:36 Last Seen2023-12-07 20:08:36 Times Seen2 Hash bf72064265b057dbf9b1453eb7754a6e dcffaa782341af899a956b4701af4ba63a47ec24 c72911770606f6fb881ce756013d5950855f9b36bcb07ce2b945234289350d11 Loading...

	s.yimg.com/wi/ytc.js	18 kB	2023-06-26	2024-07-10
Pretty URL s.yimg.com/wi/ytc.js IP 87.248.119.252 ASN #203220 Yahoo! UK Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 11:33:35 Last Seen2024-07-10 16:35:01 Times Seen17043 Hash 5c6ed25dce803fd84288922b8928409e 3ccc10546ae12f160bacac1e9e422af091ea4a41 480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6	9.4 kB	2023-12-07	2023-12-07
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-07 20:08:36 Last Seen2023-12-07 20:08:36 Times Seen1 Hash 2591701979e0019cd61ddf9029401dab 6655cc987d38dad83d84d737f72e1cabf96be44d 8a0402c16f0d25083536e21b0a45df7e79458641099af490b6b2053aafb58821 Loading...

	static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js	619 kB	2023-08-24	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js IP 104.18.4.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 15:19:24 Last Seen2023-12-10 17:57:27 Times Seen108 Hash 0e80b2b8d6f895c55fb9aefe511479b6 0384d450cbefee60914a876a238e95570aa1eb59 e314c1e197eb15609d015265d6099200f7cfa6cb952e71af9fe891251570d67d Loading...

	unknown	153 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash b968bb49597418ec6bf81800f25e4f5b 68c16a530975b926e2ae34938af4068a2905e820 eed94d8bc522fecac47a2ad784db6499b5b188041684272f1aa9e748157a1bb2 Loading...

	www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-28
Pretty URL www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-28 19:11:07 Times Seen63971 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js	811 kB	2023-11-15	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js IP 104.18.4.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2023-12-10 17:57:27 Times Seen20 Hash dec41562bede99a23e8a683bb0b2c7a7 86106751c4e52e628127241dcf062bb1b6f08403 8695c4e2c1b44b9e56e54ae8b5a75311ed905cfd10d262e443ab9df4312a2ac2 Loading...

	unknown	328 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash b4018d89d46acbb34fa9c74d9d001cdf abbd4922b4b0c42f23d2788e72a6b1560fc8e2a9 cea6a6cdebdac3a6b465c00fd67ed575acc816184ec3df4f75115da18e9319d0 Loading...

	unknown	79 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash aed8ad1460119edd6f3ae9e3da680f06 3a365f816045964b7a0d15fd6fa8cafe890f0cad 6bf537957ed6e2d65646624d1b32df206e345add7b3bda73cd786204d119f777 Loading...

	pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=	46 B	2023-12-07	2023-12-07
Pretty URL pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= IP 95.217.105.250 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:36 Last Seen2023-12-07 20:08:36 Times Seen2 Hash f6ce8dc63925c8d5f0d57d6ce42f43e1 a89ad2e8361ef3867b5ecee557acae6c5447b448 bceae18f848b9d727a55d73fc08a3e83e8e2debf8e774bc60cb45b8ae4b4e481 Loading...

	a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325	4.9 kB	2023-12-07	2023-12-07
Pretty URL a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 IP 207.189.124.43 ASN #13649 ASN-VINS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-07 20:08:36 Last Seen2023-12-07 20:08:36 Times Seen2 Hash d32293f4e34e7342102ca2ac51d01301 beff67b596539668798cec2270dcea508c43b82e 4cceda7cf27c7acc53c753e884b47d3b981448fe29d600e87748343bbf1e6ff1 Loading...

	unknown	378 B	2023-05-11	2024-02-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-02-06 20:27:09 Times Seen129 Hash a81d387d85e55dd05dbfc30cd52bc028 06edfc684e43599690f4ca58f9f58bbb18d8f008 94d35cc88496407b118a1e35bfe7ce15de8c8146a5a740f5ef299cd0f650b611 Loading...

		Size	First Seen	Last Seen
	#1 Write - 18f6c5915df0ee9e990a9ed34e7e4c9e	81 B	2023-03-26	2024-07-27
Pretty Observations First Seen2023-03-26 08:07:59 Last Seen2024-07-27 00:25:01 Times Seen470 Hash 18f6c5915df0ee9e990a9ed34e7e4c9e 12ca6d04aca4a6c2d3c35d7bb3e0b17ee2b40eaf 8a68328caf368d532d46b3f92810fc12cca5aa75b37860bd64de60c540ad8844 Loading...

	#2 Write - 0efa13d18e21e1c280569064dccd2d9f	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-07-27 00:25:01 Times Seen1269 Hash 0efa13d18e21e1c280569064dccd2d9f 0656901371cc259791bd253dc8835dc44b0575fd 69eb3111ab6500088bcc0f5cb043f452bd7b7801bdcd7b0e478c2fc454fdba0a Loading...

	#3 Write - bc1d3a136e6f54eff73adaf5669b9be3	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-07-27 00:25:01 Times Seen1273 Hash bc1d3a136e6f54eff73adaf5669b9be3 1a0f53998a4dd4c3f5e9a6fbadc64d21046d1295 9aabfd165cfb96fc5e170862e4fd9c90cfa2a5705af401617c836f152398fce1 Loading...

	#4 Write - a0bf95a38cb701564c34134431943259	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen1364 Hash a0bf95a38cb701564c34134431943259 0187395c6d7697a45f0464905d967396748b2194 124207d84bdc8a107cbcc04212a091e85157e09d7bf208f7afb4839498fef083 Loading...

	#5 Write - 308065b5078a49f986fc3c9f9b66e5d3	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen7051 Hash 308065b5078a49f986fc3c9f9b66e5d3 be1628c3c7d88ddfb243f216545e780b98cc4386 fdfe0993e6e9e9917554bb95b1137af5870146fd38da5f13bea1b530ac05b296 Loading...

	#6 Write - 166248a6129a1e4370d20adc2d4c23f3	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen6814 Hash 166248a6129a1e4370d20adc2d4c23f3 0fe0bb445f51fad57f3fc4115d7c66cf18545107 b7d082ee12e91b756ea22e8513b8594eebcf5d39fab813da3cb55794dc888ad7 Loading...

	#7 Write - babd0daf38a8ba8a6c33c4d1d354eb56	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen1217 Hash babd0daf38a8ba8a6c33c4d1d354eb56 c64904f4f0bdb995912fdd1667d538cff4dee6e2 ce519cccc38cf22bd82579910ddfdcb00f5726373dae5af87048b157303e8f27 Loading...

HTTP Transactions (54)

	URL	IP	Response	Size
	www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c	35.201.76.131	302 Found	340 B
URL User Request GET HTTP/2 www.lmbahsj2.com/29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c IP 35.201.76.131:443 ASN #15169 GOOGLE Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type HTML document, ASCII text, with very long lines (338) Size 340 B (340 bytes) Hash 5cf0a48fa4ccad6e61b77732f152da92 52e3ef43d919624d39acae6f0859f0187f90fc3f 368333f4187cb81b780a775f0d3f3dead288403b5ffd94c052be9ffef21f72f8 HTTP Headers GET /29PD1BG/83KB7S/?source_id=143&sub1=2&sub2=6608d798eb0b49089aa75baddb8f143c HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Thu, 07 Dec 2023 19:08:15 GMT content-type: text/html; charset=utf-8 content-length: 340 accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model location: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 set-cookie: uniqueClick_83KB7S=2256fe4d-4ebf-40bd-abb1-10c297468972:1701976095; Path=/; Expires=Fri, 08 Dec 2023 19:08:15 GMT; Secure; SameSite=None transaction_id=3e601e8a03ad4f64ada14990f917fba6; Path=/; Expires=Wed, 06 Mar 2024 19:08:15 GMT; Secure; SameSite=None vary: Origin x-eflow-request-id: 7a1b21de-89b0-4be4-ac4a-dd11e25a161f via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	content.quickencompare.com/qc/refi-images/QC-Logo.png	104.18.29.109	200 OK	58 kB
URL GET HTTP/2 content.quickencompare.com/qc/refi-images/QC-Logo.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 1084 x 400, 8-bit/color RGBA, non-interlaced\012- data Size 58 kB (58295 bytes) Hash 521752a26258e4864b241e2d53ffe6fb 197a15424a4f1def49ad620d2e5efc5fc1629829 c361b0d16f182441c533ead38d28a79b93c42473cfb5fbd0f5eebc2e64ea18a5 HTTP Headers GET /qc/refi-images/QC-Logo.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: image/png content-length: 58295 last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: "521752a26258e4864b241e2d53ffe6fb" x-cache: Hit from cloudfront via: 1.1 660625642e0df86c41275db1ce1ac922.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: U8pU3G3HW7WBe2VyT8NlgJNZtgvXi-MtAZmVk3BVW5dxeJihjEpY1A== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e724c5fb51d-OSL X-Firefox-Spdy: h2

	content.quickencompare.com/nmn/logo/qc-financial-control.png	104.18.29.109	200 OK	13 kB
URL GET HTTP/2 content.quickencompare.com/nmn/logo/qc-financial-control.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 281 x 168, 8-bit/color RGBA, non-interlaced\012- data Size 13 kB (12630 bytes) Hash d9164fb30114b13fdb91bd8011b5f71b 45307fb107b9e0ec642b98d3b2153467cb00b633 442b0856c633c8a41e1566de5aea94873cfa27b85e74e2fb2df4c92b55ab5608 HTTP Headers GET /nmn/logo/qc-financial-control.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: image/png content-length: 12630 last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: "d9164fb30114b13fdb91bd8011b5f71b" x-cache: Hit from cloudfront via: 1.1 7f7d86a250c539fe4431535882cf4e4e.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: zfxTiOIo3IJzwm1cRVtMH4HPWz4K38uiW_ZFnPNXB5Nj7-eBTUyoLQ== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e724c63b51d-OSL X-Firefox-Spdy: h2

	ocsp.starfieldtech.com/	192.124.249.41		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.41:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 4f63e20e6c85c3420ae4d0084f77231b 32956a1ad35804a56d5263848065be8bc4baeac3 4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 07 Dec 2023 19:08:17 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 19041 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT Expires: Fri, 08 Dec 2023 07:56:09 GMT ETag: "32956a1ad35804a56d5263848065be8bc4baeac3" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	use.typekit.net/msd8xng.css	23.36.76.122	200 OK	680 B
URL GET HTTP/2 use.typekit.net/msd8xng.css IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Unicode text, UTF-8 text, with very long lines (516) Size 680 B (680 bytes) Hash 20203a97a8fb7c1ce2353ecc67ea540d 69dd242bcc9927260938d83c99e59453871ebba4 56af1865c3c674da77191c0c3f9c9a01789e64b2851675d878cb03b5bc57a353 HTTP Headers `GET /msd8xng.css HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: text/css;charset=utf-8 vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains; cache-control: private, max-age=600, stale-while-revalidate=604800 timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin content-encoding: gzip content-length: 680 date: Thu, 07 Dec 2023 19:08:17 GMT X-Firefox-Spdy: h2`

	static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js	104.18.4.105	200 OK	198 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js IP 104.18.4.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 198 kB (197803 bytes) Hash ca318eae9ebc93537a732a02e7480171 5e1d79ca2ab46dbe389da59faacfed537f20be8f 6e1b68716a442691cbddf674a27da4c627a52f33242f144c662872d3cd94a36f HTTP Headers `GET /vendor.67a1d66e4ad0509192e9.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: application/javascript last-modified: Thu, 16 Nov 2023 10:47:04 GMT x-amz-server-side-encryption: AES256 content-encoding: gzip etag: W/"0e80b2b8d6f895c55fb9aefe511479b6" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5a96272b81254403ef5ef083d36ce62a.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: VEL_ZSoR_Lsi5mfBiIbZUYwyJ8gM1-0s3fly79AqbuPeB9p5H3tAVA== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=J8I58jEdE723DWoM9yJPwOESdNpGkCXDKFM3d7d54Jo-1701976097-0-ATcG9ZWxPaOA9wKLtBmE1n0n/FvXprnx2Nw0luaWpn7lS7NlOPKM9vb+3nBY1QHEofN3312pQWIcmh6T+9/ceEM=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e72a85d0b61-OSL X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js	104.18.4.105	200 OK	6.9 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js IP 104.18.4.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 6.9 kB (6886 bytes) Hash 185ae165419f988556e8f161a8af651e 41c9a599d8a852da9f32059bec561e90d1deec42 f8be0b0780a89d38c6d43ae2e85f4a75bd8bf7b9850bde0769f57b0831260c1b HTTP Headers `GET /manifest.d7f9016d0e5da5649c5f.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: application/javascript last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"ab05865229c4be0e25398c314b00a787" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: j6xQDrVNaIhrWO44n7p_cS7sPJVO2HTWlWu5NqGBxiq0BcirAWMkGA== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=rOXw1A0odcAxVV7b8xvQTMc.9EixAVYuz0.5I8mOwC4-1701976097-0-AZWaIwnFDzZOvck1gea9xPjW0Gt5L0HdeRh24Q3UbOwJa4gd2ZzNeDVHXBWWxCAEuPO7+VIjzCbQ65TWYLg8VHM=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e7288420b61-OSL X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js	104.18.4.105	200 OK	139 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js IP 104.18.4.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 139 kB (139279 bytes) Hash 39afe8697e97e95c6dab844a01ffeae9 a5904d12c3c6efd15013c943f2b307742ba10788 1a90d9bfe52144bb482a9a0e95dee857632d6aaa5780906bb435fd4e2f99aec7 HTTP Headers `GET /main.93e3cac8409e105ab51a.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: application/javascript last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"dec41562bede99a23e8a683bb0b2c7a7" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: EJy6PytxORPNYh-TGOTN6W-_ThcOjbKUjHTMw5tSApe4obskrYLi1A== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=8N5lKNPUpNM0nYnsMsaQRO_8ZSD.eZt8kTpSc.3XlbE-1701976097-0-AUaw5moRl3efQH4oRiU5vL3YLwyOz0w5CJosJse3jXl2Q8njLCeTOJ6SMdv9Y0j1pnQq9q28qdP9B664YWGBnP0=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e72a85c0b61-OSL X-Firefox-Spdy: h2

	cs-cdn.deviceatlas.com/dacs.js	52.58.191.183	200 OK	22 kB
URL GET HTTP/2 cs-cdn.deviceatlas.com/dacs.js IP 52.58.191.183:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoDaddy.com, Inc. Subject.deviceatlas.com Fingerprint24:8E:6E:64:30:97:51:E1:A5:07:DB:42:13:5B:15:27:BA:6F:10:C2 ValiditySat, 04 Mar 2023 07:26:21 GMT - Thu, 04 Apr 2024 07:26:21 GMT File type ASCII text, with very long lines (21816) Size 22 kB (21909 bytes) Hash 610a4ab640dd5cfa6750aa2623357f51 6f425451f0dffa8b2a418857da82c5d28e2db9e8 fe49fc14b70cfc4f3edbc08e58087ca0f6e948a953c3eaeabdc7e78f512e5a22 HTTP Headers `GET /dacs.js HTTP/1.1 Host: cs-cdn.deviceatlas.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.17.9 date: Thu, 07 Dec 2023 19:08:18 GMT content-type: application/javascript content-length: 21909 last-modified: Thu, 09 Nov 2023 13:50:26 GMT etag: "610a4ab640dd5cfa6750aa2623357f51" expires: Thu, 07 Dec 2023 19:08:17 GMT cache-control: no-cache x-cache: HIT accept-ch: DPR,Width,Viewport-Width,Viewport-Height,Device-Memory,RTT,Downlink,ECT,Lang,Sec-CH-DPR,Sec-CH-Width,Sec-CH-Viewport-Width,Sec-CH-Viewport-Height,Sec-CH-Device-Memory,Sec-CH-RTT,Sec-CH-Downlink,Sec-CH-ECT,Sec-CH-Lang,Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Bitness,Sec-CH-UA-WoW64,Sec-CH-Prefers-Reduced-Motion,Sec-CH-Prefers-Reduced-Transparency,Sec-CH-Prefers-Contrast,Sec-CH-Forced-Colors,Sec-CH-Prefers-Color-Scheme,Sec-CH-Prefers-Reduced-Data accept-ranges: bytes strict-transport-security: max-age=31536000 X-Firefox-Spdy: h2

	content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png	104.18.13.43	200 OK	551 B
URL GET HTTP/2 content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png IP 104.18.13.43:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectrefinance.quickenloans.com Fingerprint1C:BA:47:A1:B9:5E:06:39:AC:47:A6:A8:49:17:24:B4:31:E4:F0:75 ValidityMon, 20 Nov 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT File type PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced\012- data Size 551 B (551 bytes) Hash 90732fd581b4624530c995d70d3f17a8 6704549936ece70f840129dcca57a5e56ff0cac5 8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a HTTP Headers `GET /msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png HTTP/1.1 Host: content.refinance.quickenloans.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:18 GMT content-type: image/png content-length: 551 last-modified: Fri, 17 Nov 2023 05:34:25 GMT x-amz-server-side-encryption: AES256 etag: "90732fd581b4624530c995d70d3f17a8" x-cache: Hit from cloudfront via: 1.1 a52c33748955378f279062b7fc7ef91e.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: bs_FMuQrXpr4E6RFzDrM-xp7z-EnND8iJht3e1YQEgYSxE7PQx6mdQ== cf-cache-status: HIT age: 3828 expires: Thu, 07 Dec 2023 23:08:18 GMT cache-control: public, max-age=14400 accept-ranges: bytes set-cookie: __cf_bm=v4VuCF.Cm6JfOIUnYn1UeyAyNU8Fv.2GTpmHWJ_gPjk-1701976098-0-AeLXczbmEcSnpIOX5yz6JuDaCjoW340FAj5GQsh09klHlKryEsY8eB4u8+ZFw2+yMMz7HtVY1t3FGS61rUU2DmE=; path=/; expires=Thu, 07-Dec-23 19:38:18 GMT; domain=.refinance.quickenloans.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e773cd1b4f9-OSL X-Firefox-Spdy: h2

	ocsp.starfieldtech.com/	192.124.249.24		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.24:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 4f63e20e6c85c3420ae4d0084f77231b 32956a1ad35804a56d5263848065be8bc4baeac3 4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 07 Dec 2023 19:08:18 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 19024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT Expires: Fri, 08 Dec 2023 07:56:09 GMT ETag: "32956a1ad35804a56d5263848065be8bc4baeac3" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png	104.18.29.109	200 OK	60 kB
URL GET HTTP/2 content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 2980 x 820, 8-bit/color RGBA, non-interlaced\012- data Size 60 kB (60242 bytes) Hash 0b525d003df460ee3ef27bb82defdb43 0e1f1b12bc01d745e847d91f64727e1bde0cf019 78f6112cc353f90b0f71f3b1c2a5571b1b620290dd2048dc073eb91217c590e7 HTTP Headers GET /qc/refi-images/BG-BLUE-ICON-WHITE.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://static-lre.refinance.enhancedrefinow.com/ Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:19 GMT content-type: image/png content-length: 60242 last-modified: Mon, 27 Nov 2023 15:34:00 GMT x-amz-server-side-encryption: AES256 etag: "0b525d003df460ee3ef27bb82defdb43" x-cache: RefreshHit from cloudfront via: 1.1 f6020f10d519a41b0c116dad7dcb2798.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: Z0TvvSdbNGuv03uzzFkfV90xM-LN3oC_ofnT5p9t4TKs4kTK_5WgiA== cf-cache-status: HIT age: 2112 expires: Thu, 07 Dec 2023 23:08:19 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e7c8994b51d-OSL X-Firefox-Spdy: h2

	fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap	142.250.74.106	200 OK	11 kB
URL GET HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42 ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type gzip compressed data, max compression\012- data Size 11 kB (11115 bytes) Hash e0b9be691de9c162efddaaaf9512e38c 24a21824b2bfb11779d4e36ec5ede41ab47a4f12 4ae2326c367c47a854f2ab361c4a7f55dc7b561c554b6a8a561d0027fb57c5d0 HTTP Headers `GET /css2?family=Montserrat:wght@400;500;700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Thu, 07 Dec 2023 19:08:17 GMT date: Thu, 07 Dec 2023 19:08:17 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3	23.36.76.122	200 OK	11 kB
URL GET HTTP/2 use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10552, version 1.0\012- data Size 11 kB (10552 bytes) Hash dfd4158df5a1e052abac4fbd93e09fb1 9db6d016f4c8b240634f9334ec8c11b27a8926fd d3a3bb6d91875a850f5ab1dd85446084933aefde6a0c183689ce585e568f4ee3 HTTP Headers GET /af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10552 etag: "3ffc31f2c2e0e0a0bd3e7a4f831f835ccfabcbde" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Thu, 07 Dec 2023 19:08:19 GMT X-Firefox-Spdy: h2`

	use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3	23.36.76.122	200 OK	11 kB
URL GET HTTP/2 use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10888, version 1.0\012- data Size 11 kB (10888 bytes) Hash 865a9070be41e8b5d8258be1bf57cab1 2f7e1a72d4897a263394a4f07892c9389b954212 eaa07ae8e4a20bddf808a50bb9e635664a986e2878e458899442b156c7a49e50 HTTP Headers GET /af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10888 etag: "b7140404e35689beadfbc7c2c96a907cf5aaa352" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Thu, 07 Dec 2023 19:08:19 GMT X-Firefox-Spdy: h2`

	fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	216.58.207.227	200 OK	33 kB
URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0\012- data Size 33 kB (33092 bytes) Hash 057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b HTTP Headers GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 33092 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 23:21:56 GMT expires: Fri, 29 Nov 2024 23:21:56 GMT cache-control: public, max-age=31536000 age: 589583 last-modified: Wed, 13 Sep 2023 22:51:58 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.redditstatic.com/ads/pixel.js	151.101.193.140	200 OK	7.4 kB
URL GET HTTP/2 www.redditstatic.com/ads/pixel.js IP 151.101.193.140:443 ASN #54113 FASTLY Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectwww.redditstatic.com Fingerprint5B:10:93:15:D0:06:B8:27:DD:C8:15:7C:8A:49:4B:AD:06:D3:8E:15 ValidityFri, 25 Aug 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT File type ASCII text, with very long lines (23776) Size 7.4 kB (7409 bytes) Hash 78b6c68984a6ce5b3fcac1c6a9cad00c 02e1d366a17506cea8adfe5a15949aca89719a02 e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f HTTP Headers `GET /ads/pixel.js HTTP/1.1 Host: www.redditstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK last-modified: Thu, 15 Jun 2023 20:49:59 GMT etag: "4a205643a240cb95fa82289d62b5af7e" x-amz-server-side-encryption: AES256 cache-control: public, max-age=60 content-encoding: gzip content-type: application/javascript via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Thu, 07 Dec 2023 19:08:19 GMT vary: Accept-Encoding,Origin server: snooserv report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-length: 7409 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-319191520	142.250.74.168	200 OK	75 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-319191520 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 75 kB (75422 bytes) Hash 03fdcd9a9aae042005e5f53e183330fe 4870732f63ef1ee84320cdb44eaaa3614140af93 4bb54c594893757b8558eb72a645dfaf1963440c5194a4f3963e71b72134f8f2 HTTP Headers `GET /gtag/js?id=AW-319191520 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Thu, 07 Dec 2023 19:08:20 GMT expires: Thu, 07 Dec 2023 19:08:20 GMT cache-control: private, max-age=900 last-modified: Thu, 07 Dec 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75422 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-10865694633	142.250.74.168	200 OK	75 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10865694633 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 75 kB (75388 bytes) Hash 27bdf417ab917b5252ee1e23b2efeec9 2974a9e918d306820eadc1855b084aea313d8d44 47f7bb6ad52a0578f746525d79246e664c5c269f8c80c0305c5c8e46c46920e5 HTTP Headers `GET /gtag/js?id=AW-10865694633 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Thu, 07 Dec 2023 19:08:20 GMT expires: Thu, 07 Dec 2023 19:08:20 GMT cache-control: private, max-age=900 last-modified: Thu, 07 Dec 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75388 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-11411986938	142.250.74.168	200 OK	81 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-11411986938 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 81 kB (80987 bytes) Hash 102f9a2a3775a8772ef8b1519157928d d6aa31f8b606f05ae5155f38e52b5a51e71ef290 373ea88cef3e3f9c706127d4b908f9e35c71df87cbffe6e440469042027a5a28 HTTP Headers `GET /gtag/js?id=AW-11411986938 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Thu, 07 Dec 2023 19:08:20 GMT expires: Thu, 07 Dec 2023 19:08:20 GMT cache-control: private, max-age=900 last-modified: Thu, 07 Dec 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 80987 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c	142.250.74.168	200 OK	76 kB
URL GET HTTP/3 www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 76 kB (75627 bytes) Hash bf72064265b057dbf9b1453eb7754a6e dcffaa782341af899a956b4701af4ba63a47ec24 c72911770606f6fb881ce756013d5950855f9b36bcb07ce2b945234289350d11 HTTP Headers `GET /gtag/destination?id=AW-320492720&l=dataLayer&cx=c HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Thu, 07 Dec 2023 19:08:20 GMT expires: Thu, 07 Dec 2023 19:08:20 GMT cache-control: private, max-age=900 last-modified: Thu, 07 Dec 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75627 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	www.googletagmanager.com/gtag/js?id=AW-320492720	142.250.74.168	200 OK	76 kB
URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=AW-320492720 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 76 kB (75545 bytes) Hash c80d74d2793072492a762ae5bbd99ba6 19a8f876c8146291e11983500ae3764c98d2fd2f ea50c994accd65ab7fa57e1cd37a81072400e89fc32937766a1f5696c968a66a HTTP Headers `GET /gtag/js?id=AW-320492720 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Thu, 07 Dec 2023 19:08:20 GMT expires: Thu, 07 Dec 2023 19:08:20 GMT cache-control: private, max-age=900 last-modified: Thu, 07 Dec 2023 18:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75545 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	ocsp.starfieldtech.com/	192.124.249.24		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.24:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 4f63e20e6c85c3420ae4d0084f77231b 32956a1ad35804a56d5263848065be8bc4baeac3 4f6b22b39482307757a9cb879219b6104bb277c1ee487f3a19dfb55bb96e8c0f HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Thu, 07 Dec 2023 19:08:20 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 19024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Thu, 07 Dec 2023 07:56:09 GMT Expires: Fri, 08 Dec 2023 07:56:09 GMT ETag: "32956a1ad35804a56d5263848065be8bc4baeac3" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=	95.217.105.250	200 OK	46 B
URL GET HTTP/2 pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= IP 95.217.105.250:443 ASN #24940 Hetzner Online GmbH Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerSectigo Limited Subject.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 46 B (46 bytes) Hash f6ce8dc63925c8d5f0d57d6ce42f43e1 a89ad2e8361ef3867b5ecee557acae6c5447b448 bceae18f848b9d727a55d73fc08a3e83e8e2debf8e774bc60cb45b8ae4b4e481 HTTP Headers GET /track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1701976106653&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= HTTP/1.1 Host: pix.revjet.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: text/javascript content-length: 46 set-cookie: trx=4777369244942618106; Max-Age=63072000; Expires=Sat, 06 Dec 2025 19:08:20 GMT; Path=/; Domain=.revjet.com; Secure; SameSite=None X-Firefox-Spdy: h2`

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300	3.233.153.123	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300 IP 3.233.153.123:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106300 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 15826 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914	3.233.153.123	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914 IP 3.233.153.123:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976106914 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 14052 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325	207.189.124.43	200	4.9 kB
URL GET HTTP/1.1 a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 IP 207.189.124.43:443 ASN #13649 ASN-VINS Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerSectigo Limited Subject.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT File type Unicode text, UTF-8 text Size 4.9 kB (4850 bytes) Hash d32293f4e34e7342102ca2ac51d01301 beff67b596539668798cec2270dcea508c43b82e 4cceda7cf27c7acc53c753e884b47d3b981448fe29d600e87748343bbf1e6ff1 HTTP Headers `GET /cdnr/forpci43/acton/bn/tracker/44325 HTTP/1.1 Host: a44325.actonservice.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/" Set-Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDgNssDDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1 Content-Type: application/javascript;charset=utf-8 Content-Length: 4850 Date: Thu, 07 Dec 2023 19:08:20 GMT X-Cnection: close Strict-Transport-Security: max-age=16070400`

	bat.bing.com/bat.js	13.107.21.200	200 OK	13 kB
URL GET HTTP/2 bat.bing.com/bat.js IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Unicode text, UTF-8 text, with very long lines (46103), with no line terminators Size 13 kB (13175 bytes) Hash 7f75f159026f3a2c8cccda487b43157b 021cf5c854db063cd79bf0394c24eb994e095640 5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214 HTTP Headers `GET /bat.js HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK cache-control: private,max-age=1800 content-length: 13175 content-type: application/javascript content-encoding: gzip last-modified: Fri, 10 Nov 2023 20:09:55 GMT accept-ranges: bytes etag: "80abcdf1114da1:0" vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains; preload x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: 0E02E86D14B44D749518F442F0D57DB3 Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:20Z date: Thu, 07 Dec 2023 19:08:20 GMT X-Firefox-Spdy: h2

	www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	142.250.74.132	302 Found	63 B
URL GET HTTP/2 www.google.com/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.132:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1 ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT File type ASCII text, with no line terminators Size 63 B (63 bytes) Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 HTTP Headers GET /pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Thu, 07 Dec 2023 19:08:20 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate location: https://www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y content-type: text/javascript; charset=UTF-8 content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip server: cafe content-length: 63 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png	104.18.29.109	200 OK	11 kB
URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Size 11 kB (10913 bytes) Hash 33459eb6a3bd646afe5d2b592d70a184 3dbe306f999a2d9d3ac37fcbd664100e3dc9e4dd a3cbfe4e63c8a005a557d34d2bf2041a470c86c629429b4ec9d695a59c951fce HTTP Headers GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png HTTP/1.1 Host: www.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; _rdt_uuid=1701976106531.5152ea6e-3782-48d8-8ac9-ae0b9bcfc8eb; _gcl_au=1.1.1520612321.1701976107 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: image/png content-length: 10913 cache-control: public, max-age=31622400 etag: "646f8388-2aa1" expires: Sat, 07 Dec 2024 19:08:20 GMT last-modified: Thu, 25 May 2023 15:49:28 GMT strict-transport-security: max-age=2592000 x-pantheon-styx-hostname: styx-fe1-a-685d4d5969-p4htw x-styx-req-id: 32d64d26-67a0-11ee-8ab1-a68b0bac51fb x-served-by: cache-chi-kigq8000146-CHI, cache-bma1675-BMA x-cache: HIT, MISS x-cache-hits: 1, 0 x-timer: S1701973987.519388,VS0,VE126 via: 1.1 varnish, 1.1 varnish cf-cache-status: HIT age: 2114 accept-ranges: bytes vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e871e6eb51d-OSL X-Firefox-Spdy: h2

	www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png	104.18.29.109	200 OK	1.5 kB
URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Size 1.5 kB (1462 bytes) Hash 08c465daeab64895569e93e51c762db7 06d83a5d5da54777459439485a5a410776f22375 1bf8b66be3259665a6d9791e0dfbd82bd2f574a01bad981e3d4e66d71f137e78 HTTP Headers GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png HTTP/1.1 Host: www.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; _rdt_uuid=1701976106531.5152ea6e-3782-48d8-8ac9-ae0b9bcfc8eb; _gcl_au=1.1.1520612321.1701976107 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: image/png content-length: 1462 cache-control: public, max-age=31622400 etag: "646f8388-5b6" expires: Sat, 07 Dec 2024 19:08:20 GMT last-modified: Thu, 25 May 2023 15:49:28 GMT strict-transport-security: max-age=2592000 x-pantheon-styx-hostname: styx-fe1-a-b8448654b-5nhpm x-styx-req-id: fcf64b0f-565f-11ee-9089-d2e2ed9d6f4f x-served-by: cache-chi-klot8100095-CHI, cache-bma1667-BMA x-cache: HIT, MISS x-cache-hits: 1, 0 x-timer: S1701701162.825696,VS0,VE131 via: 1.1 varnish, 1.1 varnish cf-cache-status: HIT age: 194281 accept-ranges: bytes vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e871e6fb51d-OSL X-Firefox-Spdy: h2

	s.yimg.com/wi/ytc.js	87.248.119.252	200 OK	6.3 kB
URL GET HTTP/2 s.yimg.com/wi/ytc.js IP 87.248.119.252:443 ASN #203220 Yahoo! UK Services Limited Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.api.fantasysports.yahoo.com Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6 ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT File type ASCII text, with very long lines (18187), with no line terminators Size 6.3 kB (6262 bytes) Hash 5c6ed25dce803fd84288922b8928409e 3ccc10546ae12f160bacac1e9e422af091ea4a41 480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91 HTTP Headers `GET /wi/ytc.js HTTP/1.1 Host: s.yimg.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK x-amz-id-2: ZWM3zDv3YQ6iPPRWFaQnqI7NYPwouttY2RBEAet5A6wasIQ0VR5ZEpFfcB6Ld+V2QZiVFwrDnGo= x-amz-request-id: 8KHWBP3S1MHRYCTC date: Thu, 07 Dec 2023 18:26:03 GMT last-modified: Mon, 26 Jun 2023 09:26:35 GMT x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle" etag: "5c6ed25dce803fd84288922b8928409e-df" x-amz-server-side-encryption: AES256 cache-control: public,max-age=3600 x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW accept-ranges: bytes content-type: application/javascript server: ATS referrer-policy: no-referrer-when-downgrade vary: Origin, Accept-Encoding age: 2539 content-encoding: gzip content-length: 6262 strict-transport-security: max-age=31536000 expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection: 1; mode=block x-content-type-options: nosniff ats-carp-promotion: 1, 1 X-Firefox-Spdy: h2

	a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0	207.189.124.43	200	43 B
URL GET HTTP/1.1 a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0 IP 207.189.124.43:443 ASN #13649 ASN-VINS Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerSectigo Limited Subject.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash f7f26805de1a1f270e665bf7873d7e19 c32085898c6e36d361d4b8017087de90e1b8465c 2188414d64d2930eb54f4731b6eb9a931358ba625d1cd7535a889409218609d2 HTTP Headers GET /acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&ref=&v=2&ts=1701976106402&nc=0 HTTP/1.1 Host: a44325.actonservice.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDgNssDDD" Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 Set-Cookie: wp44325="XXWVYDDDDDDAXKYKMBZ-KXAZ-XMMT-HMUC-ZMLKMMLZKBYTDYAYCBVHU-YCIW-XTII-CLBI-MXHAMVITJWLBDjNpJrLgJhtiHkL_JhtDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1 P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/" Content-Type: image/gif Content-Length: 43 Date: Thu, 07 Dec 2023 19:08:21 GMT X-Cnection: close Strict-Transport-Security: max-age=16070400 Vary: Accept-Encoding`

	s.yimg.com/wi/config/10194306.json	87.248.119.252	200 OK	46 B
URL GET HTTP/2 s.yimg.com/wi/config/10194306.json IP 87.248.119.252:443 ASN #203220 Yahoo! UK Services Limited Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.api.fantasysports.yahoo.com Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6 ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 46 B (46 bytes) Hash 87d7a3e6ca5844729c849e28a1fdffda cf1c60dd594971896ff423177ad4991403928429 e8a12726ee07f3a17f43d5715b0f1c49c2548baf3ce450d2880701034c75700b HTTP Headers `GET /wi/config/10194306.json HTTP/1.1 Host: s.yimg.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK x-amz-id-2: hiTsyAV/NmuI6ml6nk1lHxs2jQwneURY8C/ohUouQ9S1nxFa1zfc4Sg+s4JvwAEF4grXvPVEoJQ= x-amz-request-id: H9CRNQ6SXXB2Q7T2 date: Thu, 07 Dec 2023 18:58:22 GMT access-control-allow-origin: * access-control-allow-methods: GET vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method last-modified: Thu, 07 Dec 2023 17:43:45 GMT x-amz-expiration: expiry-date="Sat, 11 Jan 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle" x-amz-server-side-encryption: AES256 x-amz-version-id: dO8Tl50koPrsXhalRV1v86FHib.3Gug1 accept-ranges: bytes content-type: application/json server: ATS content-length: 46 referrer-policy: no-referrer-when-downgrade etag: "87d7a3e6ca5844729c849e28a1fdffda" age: 600 ats-carp-promotion: 1 strict-transport-security: max-age=31536000 expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection: 1; mode=block x-content-type-options: nosniff X-Firefox-Spdy: h2

	bat.bing.com/p/action/146000783.js	13.107.21.200	204 No Content	0 B
URL GET HTTP/2 bat.bing.com/p/action/146000783.js IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /p/action/146000783.js HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 204 No Content cache-control: private,max-age=1800 strict-transport-security: max-age=31536000; includeSubDomains; preload x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: A8F092F876504A5F97CC4E0535D4CC0E Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:21Z date: Thu, 07 Dec 2023 19:08:20 GMT X-Firefox-Spdy: h2`

	ads.anura.io/showads.js?670681914326	54.230.111.16	200 OK	20 B
URL GET HTTP/2 ads.anura.io/showads.js?670681914326 IP 54.230.111.16:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerAmazon Subjectads.anura.io Fingerprint69:66:FA:26:E2:E4:89:00:9A:F7:DE:2C:F6:5A:C2:B9:58:04:5D:E6 ValidityTue, 30 May 2023 00:00:00 GMT - Thu, 27 Jun 2024 23:59:59 GMT File type gzip compressed data, max speed, from Unix\012- data Size 20 B (20 bytes) Hash a4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf HTTP Headers `GET /showads.js?670681914326 HTTP/1.1 Host: ads.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Wed, 06 Dec 2023 19:40:27 GMT server: nginx access-control-allow-origin: * access-control-allow-methods: GET content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 5dtk_CkloKHn-R2sY-c5iLDNoqHGqyfCSZSIZzZMsp7Q_JiKrEfAKg== age: 84474 X-Firefox-Spdy: h2`

	www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y	142.250.74.67	200 OK	63 B
URL GET HTTP/2 www.google.no/pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y IP 142.250.74.67:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerGoogle Trust Services LLC Subject.google.no Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32 ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT File type ASCII text, with no line terminators Size 63 B (63 bytes) Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 HTTP Headers GET /pagead/1p-conversion/320492720/?random=1701976106986&cv=11&fst=1701976106986&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1520612321.1701976107&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Thu, 07 Dec 2023 19:08:21 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: text/javascript; charset=UTF-8 content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip server: cafe content-length: 63 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json	35.201.76.131	200 OK	87 B
URL GET HTTP/3 www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json IP 35.201.76.131:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type JSON data\012- , ASCII text Size 87 B (87 bytes) Hash 86571f1a7627d9de2e3b56e039d9a262 95f7811f34a0a7fb692cc7efdb3b502bbd0bbd33 bfea8c5323b0c6b9ed1fa94004c7b44583bfc13e67af2c043b43d0a84c588084 HTTP Headers GET /sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6&oid=143&affid=809&__cc=&async=json HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK server: nginx date: Thu, 07 Dec 2023 19:08:21 GMT content-type: application/json; charset=utf-8 content-length: 87 accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model access-control-allow-credentials: true access-control-allow-origin: https://money.quickencompare.com set-cookie: uniqueClick=448725a3-572a-4f5d-ade4-5eea9f673d2d:1701976101; Path=/; Expires=Fri, 08 Dec 2023 19:08:21 GMT; Secure; SameSite=None transaction_id=3e601e8a03ad4f64ada14990f917fba6; Path=/; Expires=Wed, 06 Mar 2024 19:08:21 GMT; Secure; SameSite=None vary: Origin x-eflow-request-id: 0148111d-ec0b-4e04-84d0-dcbefe351c35 via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032	3.233.153.123	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032 IP 3.233.153.123:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-ASOUKJC12&batch_time=1701976108032 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 15051 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:21 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587	3.10.186.13	200 OK	56 kB
URL GET HTTP/2 script.anura.io/request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587 IP 3.10.186.13:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerAmazon Subjectscript.anura.io Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20 ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT File type ASCII text, with very long lines (1912) Size 56 kB (55844 bytes) Hash 15f51890083306fc58cac543b29621b9 b9ce10a3cf27103c2fcc5ce505ae14abd0bbef0f afae8a486b0ddb0b77ce3b46da9798cb7a924b0c4181be14db485909a57f07a6 HTTP Headers GET /request.js?instance=3439535758&exid=493ea870-6517-5fd7-a943-13c4f47e7245&source=affl_everflow_qc-mon_143_809&campaign=2&645838960587 HTTP/1.1 Host: script.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: application/javascript; charset=utf-8 server: nginx vary: Accept-Encoding expires: Sun, 28 Dec 1980 18:57:00 EST cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 pragma: no-cache x-content-type-options: nosniff content-encoding: gzip X-Firefox-Spdy: h2`

	use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3	23.36.76.122	200 OK	10 kB
URL GET HTTP/2 use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10520, version 1.0\012- data Size 10 kB (10520 bytes) Hash 9c062dccf131a3086c8150e06794fe67 0030407cafb86d8e591e93904d1c070c3b9c08ae 19aefb2c51bd12339798e6877c1317ca2edd1ccf827b9cddb622dc094031a8f0 HTTP Headers GET /af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10520 etag: "2be4f5725e5a1282789d7f7270687fcf4d372bef" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Thu, 07 Dec 2023 19:08:19 GMT X-Firefox-Spdy: h2`

	money.quickencompare.com/visitor	104.18.29.109	200 OK	231 B
URL POST HTTP/2 money.quickencompare.com/visitor IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 231 B (231 bytes) Hash 6a151c831d874e450fc3e7e79dcd56ac 412cdb2fc8ae0e18847d6edccd55c9c2a826ba77 fd987f3ef7fdc8c302e760f4fe48c5bb1a158fe178feb1ab228489776099048b HTTP Headers POST /visitor HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Content-Type: application/json Content-Length: 1520 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1bE:0" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:19 GMT content-type: application/json; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store etag: W/"e7-E94HlkUBYr5bJCf3eiJzP+KGCyc" cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e7e6bc0b51d-OSL content-encoding: gzip X-Firefox-Spdy: h2

	money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled	104.18.29.109	200 OK	4 B
URL GET HTTP/2 money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 4 B (4 bytes) Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b HTTP Headers GET /app-configuration/?path=/lendingLeadGen/fraud/anura/enabled HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1\|saudioRef:25450949bE:0" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: text/html; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e7f7d27b51d-OSL content-encoding: gzip X-Firefox-Spdy: h2

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6	104.18.29.109	200 OK	25 kB
URL User Request GET HTTP/2 money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type Size 25 kB (24882 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: text/html; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store cf-cache-status: DYNAMIC set-cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; Domain=.quickencompare.com; Path=/; Expires=Fri, 06 Dec 2024 19:08:16 GMT sourceId=affl_everflow_qc-mon_143_809; Path=/; Expires=Thu, 14 Dec 2023 19:08:16 GMT connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; Path=/; Expires=Thu, 14 Dec 2023 19:08:17 GMT; HttpOnly BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; path=/; Httponly; Secure __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e657cd5b51d-OSL content-encoding: gzip X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css	104.18.4.105	200 OK	176 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css IP 104.18.4.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (45544) Size 176 kB (175557 bytes) Hash 51281ef41f6e2e58b368816515b69b7b 0c82a25d8cc39e108175154e244bcb2490b18b0d 64cc6c3ae44025a0b21f96431acbdc5fe1601b19e27cfd4dfa0651dbb6776f33 HTTP Headers `GET /main.93e3cac8409e105ab51a.css HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: text/css last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"51281ef41f6e2e58b368816515b69b7b" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: cQWHkrqEyqhTeJXjNNmvwKJQWJN5-Z9Ogl1iTx76tVdfXcT0CRjncw== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=gm0jkAuMBoxJhRMXqqCiZTYjjCBY_h6x2Ci0NYZcfsA-1701976097-0-AQZW2QUWkz9JwAvT12MQOoTiG8G7D8qv53zMcWw1YThtH31Y4aYuYwt8U8qw/GvNbJBuHTJgPhBuu5mQy5rFw6E=; path=/; expires=Thu, 07-Dec-23 19:38:17 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e72984b0b61-OSL X-Firefox-Spdy: h2

	money.quickencompare.com/track	104.18.29.109	200 OK	246 B
URL POST HTTP/2 money.quickencompare.com/track IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 246 B (246 bytes) Hash 0494e98f9be9e0a834195389f2971083 fd490abaffef02693d551998f374c21a5722e9ba 0ca341bb8e9a9e7b0d37825a3fbde328f49960128a066f7d12c07d2096d702c4 HTTP Headers POST /track HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Content-Type: application/json Content-Length: 464 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; sourceId=affl_everflow_qc-mon_143_809; connect.sid=s%3AfSu5ILVUcbfaH4AKdQlQwaEUwUawSm7I.l8eskAabiOVw1nN1zesOBlc9L%2FDdzbQIUmUtlsMhf3U; BIGipServerpl.prod-lreernwapp-lnd=!5PtaEC5j85/X7SJYWO5LSMyMNc4rDyboWDTLzvEU/Y4gR3nbyfkGzRNyA2NHrEi2L3GOcTyZXevwoaE=; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1\|saudioRef:25450949bE:0"; _dd_s=rum=1&id=ffa29c93-ef4d-488c-83f9-5f68a2682363&created=1701976106283&expire=1701977006283 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:20 GMT content-type: application/json; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store etag: W/"f6-qawp2eBhBBvM1cK1I6LinEzILnU" cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e80deceb51d-OSL content-encoding: gzip X-Firefox-Spdy: h2

	p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css	184.51.252.189	200 OK	5 B
URL GET HTTP/2 p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css IP 184.51.252.189:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 5 B (5 bytes) Hash 825e67eeb6b4bfac7536fc639a56ec43 574a45385ae62544c7424e6f06417f0370b1a532 c10ff60fd741e3b2b97479f16f45e5fa57449629f4d032f647fd23041a6ad7b1 HTTP Headers `GET /p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css HTTP/1.1 Host: p.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: text/css content-length: 5 last-modified: Fri, 14 Jul 2023 12:45:58 GMT etag: "64b14386-5" cache-control: public, max-age=604800 access-control-allow-origin: * cross-origin-resource-policy: cross-origin accept-ranges: bytes date: Thu, 07 Dec 2023 19:08:18 GMT X-Firefox-Spdy: h2`

	script.anura.io/response.json	3.10.186.13	200 OK	151 B
URL POST HTTP/2 script.anura.io/response.json IP 3.10.186.13:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerAmazon Subjectscript.anura.io Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20 ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 151 B (151 bytes) Hash d3b5e25c2421b935df7b14a3a4d9f37c a6904fa92cce1333021c2003ad2b123e44c20c12 982615e86e13940fe146f83ecc30dc050cd2bb72651d1b4c6a4fd3b131612c7b HTTP Headers POST /response.json HTTP/1.1 Host: script.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-type: application/x-www-form-urlencoded Content-Length: 5448 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:21 GMT content-type: application/json; charset=utf-8 server: nginx vary: Accept-Encoding access-control-allow-origin: * access-control-allow-methods: POST expires: Sun, 28 Dec 1980 18:57:00 EST cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 pragma: no-cache x-content-type-options: nosniff content-encoding: gzip X-Firefox-Spdy: h2`

	content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg	104.18.29.109	200 OK	7.6 kB
URL GET HTTP/2 content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7675), with no line terminators Size 7.6 kB (7628 bytes) Hash 9c7fa5ca9ac7adf457a83b5aed9fe269 d527d4db3df8b0adb6af6408d9ab45c3ec67dc02 f647b5bacc626969604abca8928075eb34accf47048b1ffa58e2cc56c08b0d3a HTTP Headers GET /nmn/logo/dollar-money-icon-small.svg HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 DNT: 1 Connection: keep-alive Cookie: visitorId=d5a111b1-f2d5-4847-8052-a2447ec05d55; __cf_bm=6a2vUbq8X29F5ft1vNgukoHvMqkNFbBcU6g7w3n1fd4-1701976097-0-AedD0DNg3rBBM/ZoWGMg9iKYhEfDp634iq1N1lDtGMuf+pCNTb1O+DgQhXNTZkSw5sArwOFqgRiyfi3Ix3uS9mg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:17 GMT content-type: image/svg+xml last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: W/"3b280fb1b5f603b076383e1ca6ea531f" x-cache: Hit from cloudfront via: 1.1 6528f10684ec39317f94ed2a540d88b4.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: Ani-paQksdVynqIW9BXjlj0Gx7_MvsMOT21oA0uKpKBIop_r2N12Ew== cf-cache-status: HIT age: 2113 expires: Thu, 07 Dec 2023 23:08:17 GMT cache-control: public, max-age=14400 vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e724c61b51d-OSL content-encoding: gzip X-Firefox-Spdy: h2

	www.datadoghq-browser-agent.com/datadog-rum-v3.js	54.230.111.221	200 OK	118 kB
URL GET HTTP/2 www.datadoghq-browser-agent.com/datadog-rum-v3.js IP 54.230.111.221:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerDigiCert Inc Subject.datadoghq-browser-agent.com FingerprintFC:83:1B:FF:12:98:28:60:E5:F1:DC:73:0D:BC:6F:81:22:A7:F1:6D ValiditySat, 14 Jan 2023 00:00:00 GMT - Tue, 16 Jan 2024 23:59:59 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 118 kB (117677 bytes) Hash 647fda9a4d3d74344732d76cf1fff47c 01720d421ce3373f1a1958a1d85edfae5ab5f442 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b HTTP Headers `GET /datadog-rum-v3.js HTTP/1.1 Host: www.datadoghq-browser-agent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript last-modified: Mon, 03 Jan 2022 16:36:14 GMT server: AmazonS3 content-encoding: br date: Thu, 07 Dec 2023 19:08:19 GMT cache-control: max-age=14400, s-maxage=60 etag: W/"647fda9a4d3d74344732d76cf1fff47c" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: fR7DFeTmQJYPzGzx6spPk13ZO7Lk7P7ppg67PemW6cs_vIagqJtpUw== age: 28 timing-allow-origin: * X-Firefox-Spdy: h2

	www.lmbahsj2.com/scripts/sdk/everflow.js	35.201.76.131	200 OK	61 kB
URL GET HTTP/2 www.lmbahsj2.com/scripts/sdk/everflow.js IP 35.201.76.131:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type Size 61 kB (61234 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /scripts/sdk/everflow.js HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Thu, 07 Dec 2023 19:08:20 GMT content-type: text/javascript accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model cache-control: max-age=14400 vary: Origin x-eflow-request-id: bb68e999-0ef3-4017-9c1c-24e37d7642c8 content-encoding: gzip via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	bat.bing.com/action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=&lt=5675&evt=pageLoad&sv=1&rn=195118	13.107.21.200	204 No Content	0 B
URL GET HTTP/2 bat.bing.com/action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=&lt=5675&evt=pageLoad&sv=1&rn=195118 IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /action/0?ti=146000783&Ver=2&mid=e74912df-5519-4638-945f-f7c6655562a8&sid=00a7dad0953411eebed2418615a2d4b9&vid=00a7d190953411ee986bff2091246d9d&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D3e601e8a03ad4f64ada14990f917fba6%26pkey%3D6608d798eb0b49089aa75baddb8f143c%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D809%26_ef_transaction_id%3D3e601e8a03ad4f64ada14990f917fba6&r=&lt=5675&evt=pageLoad&sv=1&rn=195118 HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 204 No Content cache-control: no-cache, must-revalidate pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT set-cookie: MUID=3E9C6BBF5A8A69AE0476785F5BDD68C1; domain=.bing.com; expires=Tue, 31-Dec-2024 19:08:21 GMT; path=/; SameSite=None; Secure; Priority=High; strict-transport-security: max-age=31536000; includeSubDomains; preload access-control-allow-origin: * x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: B2AF329BC7C14732A177592DD9C1F636 Ref B: OSL30EDGE0308 Ref C: 2023-12-07T19:08:21Z date: Thu, 07 Dec 2023 19:08:20 GMT X-Firefox-Spdy: h2

	ads.revjet.com/analytics?acu=6680	65.21.20.219	200 OK	20 kB
URL GET HTTP/2 ads.revjet.com/analytics?acu=6680 IP 65.21.20.219:443 ASN #24940 Hetzner Online GmbH Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerSectigo Limited Subject.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT File type ASCII text, with very long lines (1311) Size 20 kB (19476 bytes) Hash 26ec352468322f70910e03feb9b8b8fb 18878e8adcd809ad7a4850c8698efd24b22c04e5 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb HTTP Headers `GET /analytics?acu=6680 HTTP/1.1 Host: ads.revjet.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Thu, 07 Dec 2023 19:08:20 GMT content-type: application/javascript last-modified: Tue, 05 Sep 2023 20:38:57 GMT etag: W/"64f791e1-4c14" expires: Thu, 07 Dec 2023 19:18:20 GMT cache-control: max-age=600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js	104.18.4.105	200 OK	154 kB
URL GET HTTP/2 cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js IP 104.18.4.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_809&pkey1=809&pkey2=2&pkey3=3e601e8a03ad4f64ada14990f917fba6&pkey=6608d798eb0b49089aa75baddb8f143c&sid=143&cmpid=143&crtid=&oid=143&affid=809&_ef_transaction_id=3e601e8a03ad4f64ada14990f917fba6 Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type Size 154 kB (153814 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /pixel-616e834028d94a75ecaf.js HTTP/1.1 Host: cdn-refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 07 Dec 2023 19:08:19 GMT content-type: application/javascript; charset=UTF-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: public, max-age=14400 last-modified: Tue, 05 Dec 2023 23:29:25 GMT etag: W/"258d6-18c3c509e09" cf-cache-status: MISS expires: Thu, 07 Dec 2023 23:08:18 GMT set-cookie: __cf_bm=ZjMm1TQsQ1tWp4ZWi0KhaCuHn95OlSYgWGa_nuLg3Iw-1701976098-0-Aarl6Oaq+3TWa0TlRT5FS1XG7BZ0AVjRb6epm5V99yepyF1N6lZ5T6FT8yKGfE9WhZZ/IpobQhJ9xOTbov/MPp4=; path=/; expires=Thu, 07-Dec-23 19:38:18 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 831f0e7298500b61-OSL content-encoding: gzip X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (48)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations