Report - www.lmbahsj2.com/DQ7MW8/83KB7S/?source

Report Overview

Submitted URL
www.lmbahsj2.com/DQ7MW8/83KB7S/?source_id=EGM&sub1=SECCAPS-A
IP
35.201.76.131
ASN
#15169 GOOGLE
Submitted
2023-12-08 14:36:18
Access
public
Website Title
QuickenCompare Money - QUESTIONS
Final URL
money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-12-08	482 B	77 kB	142.250.74.106
www.datadoghq-browser-agent.com	3490	2019-03-26	2019-04-26	2023-12-07	446 B	118 kB	54.230.111.221
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-12-08	549 B	34 kB	216.58.207.227
pix.revjet.com	4646	2008-09-14	2015-09-01	2023-11-18	1.0 kB	314 B	5.9.20.98
www.quickencompare.com	unknown	2021-01-21	2022-07-11	2023-11-15	2.1 kB	14 kB	104.18.29.109
script.anura.io	43801	2016-03-22	2017-05-19	2023-12-07	1.1 kB	27 kB	3.8.43.133
money.quickencompare.com	unknown	2021-01-21	2023-02-10	2023-11-20	7.2 kB	29 kB	104.18.29.109
p.typekit.net	620	2010-08-02	2012-05-23	2023-12-08	490 B	340 B	23.36.76.184
use.typekit.net	494	2010-08-02	2012-07-05	2023-12-08	2.3 kB	34 kB	23.36.76.122
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-12-08	2.3 kB	522 kB	142.250.74.168
www.lmbahsj2.com	unknown	2021-09-21	2022-05-13	2023-12-05	1.6 kB	64 kB	35.201.76.131
cs-cdn.deviceatlas.com	unknown	2007-11-29	2019-07-10	2023-11-18	425 B	23 kB	52.58.191.183
content.quickencompare.com	unknown	2021-01-21	2022-08-17	2023-11-17	3.5 kB	142 kB	104.18.29.109
ads.anura.io	75730	2016-03-22	2016-10-30	2023-12-07	470 B	464 B	54.230.111.55
cdn-refinance.enhancedrefinow.com	unknown	2019-11-14	2022-07-21	2023-11-17	460 B	155 kB	104.18.5.105
www.redditstatic.com	1440	2011-11-09	2012-06-30	2023-12-07	428 B	8.4 kB	151.101.129.140
rum-http-intake.logs.datadoghq.com	3196	2010-07-09	2019-08-02	2023-12-05	2.1 kB	921 B	3.233.159.178
s.yimg.com	375	1997-05-14	2012-05-21	2023-12-07	884 B	20 kB	87.248.119.252
content.refinance.quickenloans.com	unknown	1998-07-24	2022-03-18	2023-11-13	511 B	1.7 kB	104.18.13.43
bat.bing.com	387	1996-01-29	2014-04-08	2023-12-08	1.9 kB	15 kB	13.107.21.200
www.google.com	7	1997-09-15	2015-05-10	2023-11-19	1.1 kB	1.5 kB	142.250.74.100
a44325.actonservice.com	unknown	2006-08-04	2023-05-11	2023-11-17	1.3 kB	5.8 kB	207.189.124.43
ads.revjet.com	2924	2008-09-14	2015-08-11	2023-12-07	430 B	20 kB	65.109.98.106
ocsp.starfieldtech.com	6616	2003-03-06	2012-06-22	2023-12-08	1.0 kB	8.0 kB	192.124.249.24
static-lre.refinance.enhancedrefinow.com	unknown	2019-11-14	2022-02-28	2023-11-17	1.9 kB	1.2 MB	104.18.5.105
www.google.no	25607	2001-02-26	2016-04-05	2023-12-08	1.1 kB	758 B	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-08 14:36:10	low	Client IP	18.159.105.57	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (48)

	URL	Size	First Seen	Last Seen
	cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js	154 kB	2023-12-06	2023-12-08
Pretty URL cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js IP 104.18.5.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-06 00:34:34 Last Seen2023-12-08 15:36:20 Times Seen7 Hash 725ec28cfe869b33faa17168c8edda5b be7280685ddccc0d7fd14728407f2f23e0f63cd0 0a099c572e6793ac14cd77cb23fbcb1184f9b0e98ee11d0b8bd91f07ca5c35cb Loading...

	unknown	328 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash b4018d89d46acbb34fa9c74d9d001cdf abbd4922b4b0c42f23d2788e72a6b1560fc8e2a9 cea6a6cdebdac3a6b465c00fd67ed575acc816184ec3df4f75115da18e9319d0 Loading...

	bat.bing.com/bat.js	46 kB	2023-11-10	2024-03-18
Pretty URL bat.bing.com/bat.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-10 23:20:50 Last Seen2024-03-18 06:27:41 Times Seen24241 Hash 7f75f159026f3a2c8cccda487b43157b 021cf5c854db063cd79bf0394c24eb994e095640 5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214 Loading...

	unknown	543 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash e451ef8df4c33b515475ac8cd3a74941 61d9758731d8a5cff6ed60c4ce5983e463a9d5ca b2c0f15102fda61a2edcfcf5d995ee39d9b248d100eb6d06e0b92b82c4369c42 Loading...

	ads.revjet.com/analytics?acu=6680	20 kB	2023-03-12	2024-07-27
Pretty URL ads.revjet.com/analytics?acu=6680 IP 65.109.98.106 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:30:56 Last Seen2024-07-27 00:25:02 Times Seen836 Hash 26ec352468322f70910e03feb9b8b8fb 18878e8adcd809ad7a4850c8698efd24b22c04e5 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb Loading...

	www.googletagmanager.com/gtag/js?id=AW-11411986938	234 kB	2023-12-08	2023-12-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-11411986938 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash 5212802d4b2599af71c5e5c9bf52b94c c2d36c63dd8c22600299c4de627c0ebce0b244b2 0c6cd51fe549c9c27dfe788d063313c4868db3e21ea807f255624832d8615198 Loading...

	bat.bing.com/p/action/146000783.js	0 B	2023-03-07	2024-07-27
Pretty URL bat.bing.com/p/action/146000783.js IP 13.107.21.200 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 03:39:55 Times Seen41184142 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b	239 B	2023-03-26	2024-07-23
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:25 Times Seen145 Hash 280e199c65ca1e2edebe9be82aa0d129 0705c43fc9e588d9d39fcc5a93aa84bd5370eb37 4eb2645c75b71ee7ffc414de8d2d0891c100ab1ee521f4abe230de015cc43fa4 Loading...

	unknown	376 B	2023-05-11	2024-02-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-02-06 20:27:08 Times Seen129 Hash 96397ea4add0bd55c9e6a8bb82dd9336 3467535f371c39973ccd249e0a63535b7df27666 5a0fc340c17b356e22140a5e162ae2fcd5979d64af9d99b7d15e52daafbff4ee Loading...

	www.redditstatic.com/ads/pixel.js	24 kB	2023-06-15	2024-05-02
Pretty URL www.redditstatic.com/ads/pixel.js IP 151.101.129.140 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-15 23:22:15 Last Seen2024-05-02 22:13:05 Times Seen10749 Hash 78b6c68984a6ce5b3fcac1c6a9cad00c 02e1d366a17506cea8adfe5a15949aca89719a02 e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f Loading...

	unknown	197 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash fb2ce45397d04da684bfbfc83bc8f3ad 610a2fcbb3bc06efef2e07f11584b68568caeea5 c6b100b14c1db0c481b7abed90f6a8cf258651bc86e32d00e5702da7a9f2d79f Loading...

	www.googletagmanager.com/gtag/js?id=AW-10865694633	211 kB	2023-12-08	2023-12-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-10865694633 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash 660961a3f9cc31fd27449dd0c07c6107 5d4c2198be6fcd7fdbd58d465f616d5a749bde4d 8dfb98b7cced2dfc953565ea0fc1f2074f7c2f9f5fa9510a02a8f17e014d143b Loading...

	pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1702046169178&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=	46 B	2023-12-08	2023-12-08
Pretty URL pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1702046169178&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= IP 5.9.20.98 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash ba43362c32b7c63d1291479b4f4d9020 dbcda434072be7dffb609f222b60e1ebfc194b16 8c421b4080c183ef1aed880e63dd511d3c195e0f911a6cbe973ec81c6e402e63 Loading...

	cs-cdn.deviceatlas.com/dacs.js	22 kB	2023-11-09	2024-01-01
Pretty URL cs-cdn.deviceatlas.com/dacs.js IP 52.58.191.183 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 19:54:48 Last Seen2024-01-01 19:59:28 Times Seen76 Hash 610a4ab640dd5cfa6750aa2623357f51 6f425451f0dffa8b2a418857da82c5d28e2db9e8 fe49fc14b70cfc4f3edbc08e58087ca0f6e948a953c3eaeabdc7e78f512e5a22 Loading...

	www.lmbahsj2.com/scripts/sdk/everflow.js	61 kB	2023-11-15	2024-02-06
Pretty URL www.lmbahsj2.com/scripts/sdk/everflow.js IP 35.201.76.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2024-02-06 20:27:09 Times Seen26 Hash 6a636b6eebf5b8e8d86fd79ce19d28fd 1639511a82c32d506d65d737ea4c6c2d0033907d 00bfb9da74d6c2c325c27e60fc9aea44f272cba1b072ad7b2ba4a805c3e8d555 Loading...

	www.googletagmanager.com/gtag/js?id=AW-320492720	212 kB	2023-12-08	2023-12-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-320492720 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash 0e15cb67511eb360a6083c279210d336 bf591fae4451caaacb9cd51e5c80da7958b3b34d 01c8da48c092f25f31db23c09f69d9adb8c7ee6e1e7ee05544d5e1bce4d24e5c Loading...

	unknown	410 B	2023-03-07	2024-07-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:25:40 Last Seen2024-07-24 05:48:34 Times Seen318 Hash d4b9aa4bd1158d2a90b163079af10fce f7555ee73aea2afd73b1e3a62e0b830060409efb 1e10c7052444bdadef594f3cbc761f53daaea5e2ebd3cf803626f2339136eb88 Loading...

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js	811 kB	2023-11-15	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js IP 104.18.5.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2023-12-10 17:57:27 Times Seen20 Hash dec41562bede99a23e8a683bb0b2c7a7 86106751c4e52e628127241dcf062bb1b6f08403 8695c4e2c1b44b9e56e54ae8b5a75311ed905cfd10d262e443ab9df4312a2ac2 Loading...

	unknown	79 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash aed8ad1460119edd6f3ae9e3da680f06 3a365f816045964b7a0d15fd6fa8cafe890f0cad 6bf537957ed6e2d65646624d1b32df206e345add7b3bda73cd786204d119f777 Loading...

	unknown	429 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash b67dd64cff5f517bcb984779e825646a 5859c78aceac531afac0c2e41c83075e86a22407 e19cfc6f666ced2c792c99db05035bbd99a6b48a44bb83c848e7e910a0fde5ce Loading...

	unknown	380 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 8079758ba6a78d277502bd77d0d2810f 10e90523f06ca6f3abc7781de64e8e10e907815b 21c4c591f2f5fc722cfe3bde9f800996f9107e6ca0cc4cd813e80def50c336d8 Loading...

	unknown	853 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 883283af89b92923b7ce78ecaaeaaba6 988fd393a2358008bbec5c9ffbd1e1bef17599ec d5a5210319d9ce7b18c12ba56bd37be8ebad434ec751a7cbf62ee6ceb456a569 Loading...

	unknown	417 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash 51f5d8192cd24bafc246831cc82d8299 22ab7d0a33db6eb45f4aa19c8fd67704e6682a5d 5fa0e3d2a47c1ddb28027ab5cf2c8ccbdf6d0b8d3c05fad9113817efd08afa4f Loading...

	unknown	153 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash b968bb49597418ec6bf81800f25e4f5b 68c16a530975b926e2ae34938af4068a2905e820 eed94d8bc522fecac47a2ad784db6499b5b188041684272f1aa9e748157a1bb2 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b	599 B	2023-12-08	2023-12-08
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:20 Times Seen1 Hash 7d9865a913a63ccc2c787cec0b47cbb1 637aeafa66bdbb870170c3f1dc5bea264ca67bed 5561b67d3c4ad6bcce4b16c9b77319cba3766b3bd172356660c9c0302d209362 Loading...

	www.datadoghq-browser-agent.com/datadog-rum-v3.js	118 kB	2023-03-07	2024-07-27
Pretty URL www.datadoghq-browser-agent.com/datadog-rum-v3.js IP 54.230.111.221 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:55:13 Last Seen2024-07-27 00:25:02 Times Seen1082 Hash 647fda9a4d3d74344732d76cf1fff47c 01720d421ce3373f1a1958a1d85edfae5ab5f442 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b Loading...

	www.googletagmanager.com/gtag/js?id=AW-319191520	211 kB	2023-12-08	2023-12-08
Pretty URL www.googletagmanager.com/gtag/js?id=AW-319191520 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:20 Times Seen2 Hash 81b5bb8bd24c0da562cfecb35cfc9c2d 99966e6fa329a49bb9b20e6889342edaa474db62 efdea119456ca38b17c2652aafcc0027d56006654fa31c393ddab0ea3e15f58e Loading...

	www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c	212 kB	2023-12-08	2023-12-08
Pretty URL www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash a10d0f77e45f198744f8acf3cf52b076 6e21e1c72b1c5d702b8487c87d5503ce5638d65a 0bd9f4988ec56677ed91ce284b3dadf83f22a86c240fde2f951e95dee1b1bc3f Loading...

	script.anura.io/request.js?instance=3439535758&exid=031df85b-9801-5331-badd-1ad7b5917356&source=affl_everflow_qc-mon_143_259&campaign=SECCAPS-A&651020434517	56 kB	2023-12-08	2023-12-08
Pretty URL script.anura.io/request.js?instance=3439535758&exid=031df85b-9801-5331-badd-1ad7b5917356&source=affl_everflow_qc-mon_143_259&campaign=SECCAPS-A&651020434517 IP 3.8.43.133 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:20 Times Seen1 Hash 662177d4086a5564103a116ba871304f bbd47c439130274f5d1575fc7c704975fbabca31 1e297df8900a1e063fe8af47bb1a52b29ba047b6ef848ca3a1d0d5568d0b33cb Loading...

	s.yimg.com/wi/ytc.js	18 kB	2023-06-26	2024-07-10
Pretty URL s.yimg.com/wi/ytc.js IP 87.248.119.252 ASN #203220 Yahoo! UK Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 11:33:35 Last Seen2024-07-10 16:35:01 Times Seen17043 Hash 5c6ed25dce803fd84288922b8928409e 3ccc10546ae12f160bacac1e9e422af091ea4a41 480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91 Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b	1.0 kB	2023-12-04	2023-12-08
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-04 16:37:02 Last Seen2023-12-08 15:36:20 Times Seen3 Hash aefaa4da79f32540c4960082eb074be8 87e2d0b546ff6c2b5ee6b5902f815b49fa4a2655 3255edfde01430157b06339f89a3770d0a38c856de25e364f2709148e691b2b7 Loading...

	unknown	378 B	2023-05-11	2024-02-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-02-06 20:27:09 Times Seen129 Hash a81d387d85e55dd05dbfc30cd52bc028 06edfc684e43599690f4ca58f9f58bbb18d8f008 94d35cc88496407b118a1e35bfe7ce15de8c8146a5a740f5ef299cd0f650b611 Loading...

	unknown	197 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:44 Last Seen2024-07-23 18:42:26 Times Seen136 Hash a493268deb7794088fdef0eeb2ba1de0 c9ab54357ed4a1f96091e4859e5e11165b383e8d a43f8a07c89161e2d9696f0f1bbb3875fda84f47ed8ea7fedf6ec70465251572 Loading...

	a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325	4.9 kB	2023-12-08	2023-12-08
Pretty URL a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 IP 207.189.124.43 ASN #13649 ASN-VINS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:21 Times Seen2 Hash bed2e43e5eb10b25eefe40693d0de4a1 5a0acb09cf5fb693d35d2e57e815c291a335d89d 13ce417e4b20037e99ac2621fb3bb79be4b77aaf13f00c388d40c3d32992e45f Loading...

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b	9.5 kB	2023-12-08	2023-12-08
Pretty URL money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b IP 104.18.29.109 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-08 15:36:20 Last Seen2023-12-08 15:36:20 Times Seen1 Hash 633c4221f5a0be5e88fe76b125205828 4850fa28a3d009d906ac41bc073017616cf76932 53dacb3a9207a3a5801bac5a2c49bb478e239b2d52f9da08709f42d8be47a646 Loading...

	static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js	13 kB	2023-11-15	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js IP 104.18.5.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 15:41:45 Last Seen2023-12-10 17:57:27 Times Seen32 Hash ab05865229c4be0e25398c314b00a787 ffabd971a1d77d782aec1370f52e8f1d83769c82 a261d93839339ffe4e77dead49be5380abb6b61fdbd67d735e01ccd17bae918f Loading...

	static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js	619 kB	2023-08-24	2023-12-10
Pretty URL static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js IP 104.18.5.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-24 15:19:24 Last Seen2023-12-10 17:57:27 Times Seen108 Hash 0e80b2b8d6f895c55fb9aefe511479b6 0384d450cbefee60914a876a238e95570aa1eb59 e314c1e197eb15609d015265d6099200f7cfa6cb952e71af9fe891251570d67d Loading...

	unknown	64 B	2023-03-26	2024-07-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 08:07:59 Last Seen2024-07-27 00:25:01 Times Seen463 Hash d07d98b97154701a99faef3fa639fb02 1e79f33e4ac6e24c09350babd9a65a70debc7a5b 517d26aac757304b7e1461562acad2c6b49585ed2e7be78d197e11a39763d555 Loading...

	unknown	165 B	2023-03-26	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 13:16:58 Last Seen2024-07-23 18:42:26 Times Seen144 Hash 3f373025d049c1b35741d7d875ddc6b0 a486f147997b72143ddb50c3e889b62b843802fa c10f0e610812f22aa3cf23610f64b0cf2c2efee9fccdf794435aaa47f4549093 Loading...

	unknown	458 B	2023-05-11	2024-07-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-11 17:31:45 Last Seen2024-07-23 18:42:26 Times Seen136 Hash 5ca2d5159edcf9d277c901fc61767337 324ae4f0e4d6e89adbb0d38ccf6e1304fe3eece2 5cd314022e7dfc4f88f29e1e9749888925460c8d37cfa9379ca161cfbbe37aeb Loading...

	www.google.com/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	43 B	2023-03-07	2024-04-28
Pretty URL www.google.com/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.100 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-28 19:11:07 Times Seen63971 Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 Loading...

		Size	First Seen	Last Seen
	#1 Write - 18f6c5915df0ee9e990a9ed34e7e4c9e	81 B	2023-03-26	2024-07-27
Pretty Observations First Seen2023-03-26 08:07:59 Last Seen2024-07-27 00:25:01 Times Seen470 Hash 18f6c5915df0ee9e990a9ed34e7e4c9e 12ca6d04aca4a6c2d3c35d7bb3e0b17ee2b40eaf 8a68328caf368d532d46b3f92810fc12cca5aa75b37860bd64de60c540ad8844 Loading...

	#2 Write - 0efa13d18e21e1c280569064dccd2d9f	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-07-27 00:25:01 Times Seen1269 Hash 0efa13d18e21e1c280569064dccd2d9f 0656901371cc259791bd253dc8835dc44b0575fd 69eb3111ab6500088bcc0f5cb043f452bd7b7801bdcd7b0e478c2fc454fdba0a Loading...

	#3 Write - bc1d3a136e6f54eff73adaf5669b9be3	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 01:02:09 Last Seen2024-07-27 00:25:01 Times Seen1273 Hash bc1d3a136e6f54eff73adaf5669b9be3 1a0f53998a4dd4c3f5e9a6fbadc64d21046d1295 9aabfd165cfb96fc5e170862e4fd9c90cfa2a5705af401617c836f152398fce1 Loading...

	#4 Write - a0bf95a38cb701564c34134431943259	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen1364 Hash a0bf95a38cb701564c34134431943259 0187395c6d7697a45f0464905d967396748b2194 124207d84bdc8a107cbcc04212a091e85157e09d7bf208f7afb4839498fef083 Loading...

	#5 Write - 308065b5078a49f986fc3c9f9b66e5d3	7 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen7051 Hash 308065b5078a49f986fc3c9f9b66e5d3 be1628c3c7d88ddfb243f216545e780b98cc4386 fdfe0993e6e9e9917554bb95b1137af5870146fd38da5f13bea1b530ac05b296 Loading...

	#6 Write - 166248a6129a1e4370d20adc2d4c23f3	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen6814 Hash 166248a6129a1e4370d20adc2d4c23f3 0fe0bb445f51fad57f3fc4115d7c66cf18545107 b7d082ee12e91b756ea22e8513b8594eebcf5d39fab813da3cb55794dc888ad7 Loading...

	#7 Write - babd0daf38a8ba8a6c33c4d1d354eb56	6 B	2023-03-07	2024-07-27
Pretty Observations First Seen2023-03-07 12:56:09 Last Seen2024-07-27 00:25:01 Times Seen1217 Hash babd0daf38a8ba8a6c33c4d1d354eb56 c64904f4f0bdb995912fdd1667d538cff4dee6e2 ce519cccc38cf22bd82579910ddfdcb00f5726373dae5af87048b157303e8f27 Loading...

HTTP Transactions (54)

	URL	IP	Response	Size
	ocsp.starfieldtech.com/	192.124.249.24		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.24:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 81524bf8c38f6d7590f9a035187264d5 b4fd4f392378cfc7750c82f8e820a47b8b0e7416 bcba702d34b4addaf917a58f33b9b9f0ef0bfc98ddbf33b105bbc8ad5e746087 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Fri, 08 Dec 2023 14:35:57 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 15024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Fri, 08 Dec 2023 07:58:17 GMT Expires: Sat, 09 Dec 2023 07:58:17 GMT ETag: "b4fd4f392378cfc7750c82f8e820a47b8b0e7416" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.lmbahsj2.com/DQ7MW8/83KB7S/?source_id=EGM&sub1=SECCAPS-A	35.201.76.131	302 Found	316 B
URL User Request GET HTTP/2 www.lmbahsj2.com/DQ7MW8/83KB7S/?source_id=EGM&sub1=SECCAPS-A IP 35.201.76.131:443 ASN #15169 GOOGLE Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type HTML document, ASCII text, with very long lines (314) Size 316 B (316 bytes) Hash 013c61b38b142a9d3fcc1fc4cdcca88f 91299edec5e2554edeb3747a4357c1e9b611a2b1 10e216a345fe75e4df8998fb445ea6acf48adb74f4f19365db8f4aa3847b0729 HTTP Headers GET /DQ7MW8/83KB7S/?source_id=EGM&sub1=SECCAPS-A HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Fri, 08 Dec 2023 14:35:58 GMT content-type: text/html; charset=utf-8 content-length: 316 accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model location: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b set-cookie: uniqueClick_83KB7S=38544cc0-c64d-4915-83f5-57fba02ff3d6:1702046158; Path=/; Expires=Sat, 09 Dec 2023 14:35:58 GMT; Secure; SameSite=None transaction_id=92bc792a678d4d3aac6777601f10fd8b; Path=/; Expires=Thu, 07 Mar 2024 14:35:58 GMT; Secure; SameSite=None vary: Origin x-eflow-request-id: c196deea-ca6e-4e8c-b416-80e0cd8dd794 via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.starfieldtech.com/	192.124.249.23		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.23:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 81524bf8c38f6d7590f9a035187264d5 b4fd4f392378cfc7750c82f8e820a47b8b0e7416 bcba702d34b4addaf917a58f33b9b9f0ef0bfc98ddbf33b105bbc8ad5e746087 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Fri, 08 Dec 2023 14:35:58 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 15023 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Fri, 08 Dec 2023 07:58:17 GMT Expires: Sat, 09 Dec 2023 07:58:17 GMT ETag: "b4fd4f392378cfc7750c82f8e820a47b8b0e7416" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png	104.18.13.43	200 OK	551 B
URL GET HTTP/2 content.refinance.quickenloans.com/msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png IP 104.18.13.43:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectrefinance.quickenloans.com Fingerprint1C:BA:47:A1:B9:5E:06:39:AC:47:A6:A8:49:17:24:B4:31:E4:F0:75 ValidityMon, 20 Nov 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT File type PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced\012- data Size 551 B (551 bytes) Hash 90732fd581b4624530c995d70d3f17a8 6704549936ece70f840129dcca57a5e56ff0cac5 8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a HTTP Headers `GET /msql/Testimonial_Stars_-_LMB_LRE_FNL_00015.png HTTP/1.1 Host: content.refinance.quickenloans.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: image/png content-length: 551 last-modified: Fri, 17 Nov 2023 05:34:25 GMT x-amz-server-side-encryption: AES256 etag: "90732fd581b4624530c995d70d3f17a8" x-cache: Hit from cloudfront via: 1.1 a52c33748955378f279062b7fc7ef91e.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: bs_FMuQrXpr4E6RFzDrM-xp7z-EnND8iJht3e1YQEgYSxE7PQx6mdQ== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 accept-ranges: bytes set-cookie: __cf_bm=YAJLybJY7.JbO0yx2AfSt7yPIuT8XX0ZOPaiyamD1eA-1702046160-0-AeY6rfvaL8x4H/Bz5zvVl25WsOyYnfy6L8JKo2tp7lw889QT/oJq9AkaJ0EJYgK/7NouKI/9g19oCcsqYwVucSA=; path=/; expires=Fri, 08-Dec-23 15:06:00 GMT; domain=.refinance.quickenloans.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3a8b856c0-OSL X-Firefox-Spdy: h2

	use.typekit.net/msd8xng.css	23.36.76.122	200 OK	680 B
URL GET HTTP/2 use.typekit.net/msd8xng.css IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Unicode text, UTF-8 text, with very long lines (516) Size 680 B (680 bytes) Hash 20203a97a8fb7c1ce2353ecc67ea540d 69dd242bcc9927260938d83c99e59453871ebba4 56af1865c3c674da77191c0c3f9c9a01789e64b2851675d878cb03b5bc57a353 HTTP Headers `GET /msd8xng.css HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: text/css;charset=utf-8 vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains; cache-control: private, max-age=600, stale-while-revalidate=604800 timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin content-encoding: gzip content-length: 680 date: Fri, 08 Dec 2023 14:36:00 GMT X-Firefox-Spdy: h2`

	cs-cdn.deviceatlas.com/dacs.js	52.58.191.183	200 OK	22 kB
URL GET HTTP/2 cs-cdn.deviceatlas.com/dacs.js IP 52.58.191.183:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoDaddy.com, Inc. Subject.deviceatlas.com Fingerprint24:8E:6E:64:30:97:51:E1:A5:07:DB:42:13:5B:15:27:BA:6F:10:C2 ValiditySat, 04 Mar 2023 07:26:21 GMT - Thu, 04 Apr 2024 07:26:21 GMT File type ASCII text, with very long lines (21816) Size 22 kB (21909 bytes) Hash 610a4ab640dd5cfa6750aa2623357f51 6f425451f0dffa8b2a418857da82c5d28e2db9e8 fe49fc14b70cfc4f3edbc08e58087ca0f6e948a953c3eaeabdc7e78f512e5a22 HTTP Headers `GET /dacs.js HTTP/1.1 Host: cs-cdn.deviceatlas.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.17.9 date: Fri, 08 Dec 2023 14:36:00 GMT content-type: application/javascript content-length: 21909 last-modified: Thu, 09 Nov 2023 13:50:26 GMT etag: "610a4ab640dd5cfa6750aa2623357f51" expires: Fri, 08 Dec 2023 14:35:59 GMT cache-control: no-cache x-cache: HIT accept-ch: DPR,Width,Viewport-Width,Viewport-Height,Device-Memory,RTT,Downlink,ECT,Lang,Sec-CH-DPR,Sec-CH-Width,Sec-CH-Viewport-Width,Sec-CH-Viewport-Height,Sec-CH-Device-Memory,Sec-CH-RTT,Sec-CH-Downlink,Sec-CH-ECT,Sec-CH-Lang,Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Bitness,Sec-CH-UA-WoW64,Sec-CH-Prefers-Reduced-Motion,Sec-CH-Prefers-Reduced-Transparency,Sec-CH-Prefers-Contrast,Sec-CH-Forced-Colors,Sec-CH-Prefers-Color-Scheme,Sec-CH-Prefers-Reduced-Data accept-ranges: bytes strict-transport-security: max-age=31536000 X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js	104.18.5.105	200 OK	197 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/vendor.67a1d66e4ad0509192e9.js IP 104.18.5.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 197 kB (197336 bytes) Hash af6349f4c32ba3c91c24c427bdbacbc0 1563256da36c7ad66418d765be98421750d4d447 d94ea0bc30d8e1ccbba258dcf282ae1db1071795b3caf38903c8b4cb577db1bb HTTP Headers `GET /vendor.67a1d66e4ad0509192e9.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: application/javascript last-modified: Thu, 16 Nov 2023 10:47:04 GMT x-amz-server-side-encryption: AES256 content-encoding: gzip etag: W/"0e80b2b8d6f895c55fb9aefe511479b6" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5a96272b81254403ef5ef083d36ce62a.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: VEL_ZSoR_Lsi5mfBiIbZUYwyJ8gM1-0s3fly79AqbuPeB9p5H3tAVA== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=Omb0xUvu.P8YpTmWJ1R5NKL8rkUzVjfTJdK.YaSrDQw-1702046160-0-AXtW0l7qDRM1KRdpWdaYzCdkUQ82mGE/9MZZ6f9vUswq+2XEjVzVOTpbLxU+SqWuSoM9FjbPJE7MWIyoEsVPj1s=; path=/; expires=Fri, 08-Dec-23 15:06:00 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3dc5d56c9-OSL X-Firefox-Spdy: h2

	content.quickencompare.com/qc/refi-images/QC-Logo.png	104.18.29.109	200 OK	58 kB
URL GET HTTP/2 content.quickencompare.com/qc/refi-images/QC-Logo.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 1084 x 400, 8-bit/color RGBA, non-interlaced\012- data Size 58 kB (58295 bytes) Hash 521752a26258e4864b241e2d53ffe6fb 197a15424a4f1def49ad620d2e5efc5fc1629829 c361b0d16f182441c533ead38d28a79b93c42473cfb5fbd0f5eebc2e64ea18a5 HTTP Headers GET /qc/refi-images/QC-Logo.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: image/png content-length: 58295 last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: "521752a26258e4864b241e2d53ffe6fb" x-cache: Hit from cloudfront via: 1.1 660625642e0df86c41275db1ce1ac922.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: U8pU3G3HW7WBe2VyT8NlgJNZtgvXi-MtAZmVk3BVW5dxeJihjEpY1A== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3aa220afe-OSL X-Firefox-Spdy: h2

	content.quickencompare.com/nmn/logo/qc-financial-control.png	104.18.29.109	200 OK	13 kB
URL GET HTTP/2 content.quickencompare.com/nmn/logo/qc-financial-control.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 281 x 168, 8-bit/color RGBA, non-interlaced\012- data Size 13 kB (12630 bytes) Hash d9164fb30114b13fdb91bd8011b5f71b 45307fb107b9e0ec642b98d3b2153467cb00b633 442b0856c633c8a41e1566de5aea94873cfa27b85e74e2fb2df4c92b55ab5608 HTTP Headers GET /nmn/logo/qc-financial-control.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: image/png content-length: 12630 last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: "d9164fb30114b13fdb91bd8011b5f71b" x-cache: Hit from cloudfront via: 1.1 7f7d86a250c539fe4431535882cf4e4e.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: zfxTiOIo3IJzwm1cRVtMH4HPWz4K38uiW_ZFnPNXB5Nj7-eBTUyoLQ== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3aa1f0afe-OSL X-Firefox-Spdy: h2

	use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3	23.36.76.122	200 OK	11 kB
URL GET HTTP/2 use.typekit.net/af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10552, version 1.0\012- data Size 11 kB (10552 bytes) Hash dfd4158df5a1e052abac4fbd93e09fb1 9db6d016f4c8b240634f9334ec8c11b27a8926fd d3a3bb6d91875a850f5ab1dd85446084933aefde6a0c183689ce585e568f4ee3 HTTP Headers GET /af/5066eb/00000000000000007735fdbb/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10552 etag: "3ffc31f2c2e0e0a0bd3e7a4f831f835ccfabcbde" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Fri, 08 Dec 2023 14:36:01 GMT X-Firefox-Spdy: h2`

	use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3	23.36.76.122	200 OK	10 kB
URL GET HTTP/2 use.typekit.net/af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10520, version 1.0\012- data Size 10 kB (10520 bytes) Hash 9c062dccf131a3086c8150e06794fe67 0030407cafb86d8e591e93904d1c070c3b9c08ae 19aefb2c51bd12339798e6877c1317ca2edd1ccf827b9cddb622dc094031a8f0 HTTP Headers GET /af/bf384f/00000000000000007735fdb7/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10520 etag: "2be4f5725e5a1282789d7f7270687fcf4d372bef" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Fri, 08 Dec 2023 14:36:01 GMT X-Firefox-Spdy: h2`

	use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3	23.36.76.122	200 OK	11 kB
URL GET HTTP/2 use.typekit.net/af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 IP 23.36.76.122:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 10888, version 1.0\012- data Size 11 kB (10888 bytes) Hash 865a9070be41e8b5d8258be1bf57cab1 2f7e1a72d4897a263394a4f07892c9389b954212 eaa07ae8e4a20bddf808a50bb9e635664a986e2878e458899442b156c7a49e50 HTTP Headers GET /af/070c63/00000000000000007735fdb6/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3 HTTP/1.1 Host: use.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx content-type: application/font-woff2 content-length: 10888 etag: "b7140404e35689beadfbc7c2c96a907cf5aaa352" timing-allow-origin: * access-control-allow-origin: * cross-origin-resource-policy: cross-origin cache-control: public, max-age=31536000 date: Fri, 08 Dec 2023 14:36:01 GMT X-Firefox-Spdy: h2`

	fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2	216.58.207.227	200 OK	33 kB
URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 IP 216.58.207.227:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0\012- data Size 33 kB (33092 bytes) Hash 057478083c1d55ea0c2182b24f6dd72f caf557cd276a76992084efc4c8857b66791a6b7f bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b HTTP Headers GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 33092 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 07 Dec 2023 23:21:56 GMT expires: Fri, 06 Dec 2024 23:21:56 GMT cache-control: public, max-age=31536000 age: 54845 last-modified: Wed, 13 Sep 2023 22:51:58 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png	104.18.29.109	200 OK	60 kB
URL GET HTTP/2 content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 2980 x 820, 8-bit/color RGBA, non-interlaced\012- data Size 60 kB (60242 bytes) Hash 0b525d003df460ee3ef27bb82defdb43 0e1f1b12bc01d745e847d91f64727e1bde0cf019 78f6112cc353f90b0f71f3b1c2a5571b1b620290dd2048dc073eb91217c590e7 HTTP Headers GET /qc/refi-images/BG-BLUE-ICON-WHITE.png HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://static-lre.refinance.enhancedrefinow.com/ Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:01 GMT content-type: image/png content-length: 60242 last-modified: Mon, 27 Nov 2023 15:34:00 GMT x-amz-server-side-encryption: AES256 etag: "0b525d003df460ee3ef27bb82defdb43" x-cache: RefreshHit from cloudfront via: 1.1 f6020f10d519a41b0c116dad7dcb2798.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: Z0TvvSdbNGuv03uzzFkfV90xM-LN3oC_ofnT5p9t4TKs4kTK_5WgiA== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:01 GMT cache-control: public, max-age=14400 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcff8a990afe-OSL X-Firefox-Spdy: h2

	www.redditstatic.com/ads/pixel.js	151.101.129.140	200 OK	7.4 kB
URL GET HTTP/2 www.redditstatic.com/ads/pixel.js IP 151.101.129.140:443 ASN #54113 FASTLY Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectwww.redditstatic.com Fingerprint5B:10:93:15:D0:06:B8:27:DD:C8:15:7C:8A:49:4B:AD:06:D3:8E:15 ValidityFri, 25 Aug 2023 00:00:00 GMT - Wed, 21 Feb 2024 23:59:59 GMT File type ASCII text, with very long lines (23776) Size 7.4 kB (7409 bytes) Hash 78b6c68984a6ce5b3fcac1c6a9cad00c 02e1d366a17506cea8adfe5a15949aca89719a02 e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f HTTP Headers `GET /ads/pixel.js HTTP/1.1 Host: www.redditstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK last-modified: Thu, 15 Jun 2023 20:49:59 GMT etag: "4a205643a240cb95fa82289d62b5af7e" x-amz-server-side-encryption: AES256 cache-control: public, max-age=60 content-encoding: gzip content-type: application/javascript via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Fri, 08 Dec 2023 14:36:02 GMT vary: Accept-Encoding,Origin server: snooserv report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} content-length: 7409 X-Firefox-Spdy: h2

	ocsp.starfieldtech.com/	192.124.249.24		2.1 kB
URL ocsp.starfieldtech.com/ IP 192.124.249.24:0 ASN #30148 SUCURI-SEC File type data Size 2.1 kB (2149 bytes) Hash 81524bf8c38f6d7590f9a035187264d5 b4fd4f392378cfc7750c82f8e820a47b8b0e7416 bcba702d34b4addaf917a58f33b9b9f0ef0bfc98ddbf33b105bbc8ad5e746087 HTTP Headers `POST / HTTP/1.1 Host: ocsp.starfieldtech.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 76 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: Sucuri/Cloudproxy Date: Fri, 08 Dec 2023 14:36:02 GMT Content-Type: application/ocsp-response Content-Length: 2149 Connection: keep-alive X-Sucuri-ID: 15024 Content-Transfer-Encoding: Binary Cache-Control: public, no-transform, must-revalidate Last-Modified: Fri, 08 Dec 2023 07:58:17 GMT Expires: Sat, 09 Dec 2023 07:58:17 GMT ETag: "b4fd4f392378cfc7750c82f8e820a47b8b0e7416" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"`

	www.googletagmanager.com/gtag/js?id=AW-319191520	142.250.74.168	200 OK	75 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-319191520 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 75 kB (75414 bytes) Hash 81b5bb8bd24c0da562cfecb35cfc9c2d 99966e6fa329a49bb9b20e6889342edaa474db62 efdea119456ca38b17c2652aafcc0027d56006654fa31c393ddab0ea3e15f58e HTTP Headers `GET /gtag/js?id=AW-319191520 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 08 Dec 2023 14:36:02 GMT expires: Fri, 08 Dec 2023 14:36:02 GMT cache-control: private, max-age=900 last-modified: Fri, 08 Dec 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75414 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap	142.250.74.106	200 OK	76 kB
URL GET HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap IP 142.250.74.106:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42 ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type gzip compressed data, max compression\012- data Size 76 kB (76124 bytes) Hash 221796c019303a2c51f2f73d7ad03a9c 3e8f5f47fed88688c6c61e3b9072af01649a6d0d 4d20e794ccf7e702b352d4820bcf2ae767e6ca0b24a670605eece9d3e6853e29 HTTP Headers `GET /css2?family=Montserrat:wght@400;500;700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Fri, 08 Dec 2023 14:35:59 GMT date: Fri, 08 Dec 2023 14:35:59 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-11411986938	142.250.74.168	200 OK	81 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-11411986938 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 81 kB (80917 bytes) Hash 5212802d4b2599af71c5e5c9bf52b94c c2d36c63dd8c22600299c4de627c0ebce0b244b2 0c6cd51fe549c9c27dfe788d063313c4868db3e21ea807f255624832d8615198 HTTP Headers `GET /gtag/js?id=AW-11411986938 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 08 Dec 2023 14:36:02 GMT expires: Fri, 08 Dec 2023 14:36:02 GMT cache-control: private, max-age=900 last-modified: Fri, 08 Dec 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 80917 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-10865694633	142.250.74.168	200 OK	76 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-10865694633 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 76 kB (75509 bytes) Hash 660961a3f9cc31fd27449dd0c07c6107 5d4c2198be6fcd7fdbd58d465f616d5a749bde4d 8dfb98b7cced2dfc953565ea0fc1f2074f7c2f9f5fa9510a02a8f17e014d143b HTTP Headers `GET /gtag/js?id=AW-10865694633 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 08 Dec 2023 14:36:02 GMT expires: Fri, 08 Dec 2023 14:36:02 GMT cache-control: private, max-age=900 last-modified: Fri, 08 Dec 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75509 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c	142.250.74.168	200 OK	76 kB
URL GET HTTP/3 www.googletagmanager.com/gtag/destination?id=AW-320492720&l=dataLayer&cx=c IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 76 kB (75638 bytes) Hash a10d0f77e45f198744f8acf3cf52b076 6e21e1c72b1c5d702b8487c87d5503ce5638d65a 0bd9f4988ec56677ed91ce284b3dadf83f22a86c240fde2f951e95dee1b1bc3f HTTP Headers `GET /gtag/destination?id=AW-320492720&l=dataLayer&cx=c HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 08 Dec 2023 14:36:02 GMT expires: Fri, 08 Dec 2023 14:36:02 GMT cache-control: private, max-age=900 last-modified: Fri, 08 Dec 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75638 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046168956	3.233.159.178	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046168956 IP 3.233.159.178:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046168956 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 15339 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1702046169178&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=	5.9.20.98	200 OK	46 B
URL GET HTTP/2 pix.revjet.com/track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1702046169178&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= IP 5.9.20.98:443 ASN #24940 Hetzner Online GmbH Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerSectigo Limited Subject.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 46 B (46 bytes) Hash ba43362c32b7c63d1291479b4f4d9020 dbcda434072be7dffb609f222b60e1ebfc194b16 8c421b4080c183ef1aed880e63dd511d3c195e0f911a6cbe973ec81c6e402e63 HTTP Headers GET /track/pd3521?__noscript=false&__cbf=revjet.callbacks.cb1702046169178&location=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&referrer=&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose= HTTP/1.1 Host: pix.revjet.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: text/javascript content-length: 46 set-cookie: trx=6760958590264762246; Max-Age=63072000; Expires=Sun, 07 Dec 2025 14:36:02 GMT; Path=/; Domain=.revjet.com; Secure; SameSite=None X-Firefox-Spdy: h2`

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046169418	3.233.159.178	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046169418 IP 3.233.159.178:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046169418 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 15948 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325	207.189.124.43	200	4.9 kB
URL GET HTTP/1.1 a44325.actonservice.com/cdnr/forpci43/acton/bn/tracker/44325 IP 207.189.124.43:443 ASN #13649 ASN-VINS Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerSectigo Limited Subject.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT File type Unicode text, UTF-8 text Size 4.9 kB (4850 bytes) Hash bed2e43e5eb10b25eefe40693d0de4a1 5a0acb09cf5fb693d35d2e57e815c291a335d89d 13ce417e4b20037e99ac2621fb3bb79be4b77aaf13f00c388d40c3d32992e45f HTTP Headers `GET /cdnr/forpci43/acton/bn/tracker/44325 HTTP/1.1 Host: a44325.actonservice.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/" Set-Cookie: wp44325="XXWVYDDDDDDTVUZXWMW-HTXW-XBYL-CZIC-LMAZTLKXTIZBDgNssDDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1 Content-Type: application/javascript;charset=utf-8 Content-Length: 4850 Date: Fri, 08 Dec 2023 14:36:02 GMT X-Cnection: close Strict-Transport-Security: max-age=16070400`

	www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png	104.18.29.109	200 OK	11 kB
URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Size 11 kB (10913 bytes) Hash 33459eb6a3bd646afe5d2b592d70a184 3dbe306f999a2d9d3ac37fcbd664100e3dc9e4dd a3cbfe4e63c8a005a557d34d2bf2041a470c86c629429b4ec9d695a59c951fce HTTP Headers GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-192x192.png HTTP/1.1 Host: www.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; _rdt_uuid=1702046169133.cbf79ccb-3675-4c4d-b743-3c3a20a1acb6; _gcl_au=1.1.1264768823.1702046169 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:03 GMT content-type: image/png content-length: 10913 cache-control: public, max-age=31622400 etag: "646f8388-2aa1" expires: Sun, 08 Dec 2024 14:36:03 GMT last-modified: Thu, 25 May 2023 15:49:28 GMT strict-transport-security: max-age=2592000 x-pantheon-styx-hostname: styx-fe1-a-685d4d5969-p4htw x-styx-req-id: 32d64d26-67a0-11ee-8ab1-a68b0bac51fb x-served-by: cache-chi-kigq8000146-CHI, cache-bma1675-BMA x-cache: HIT, MISS x-cache-hits: 1, 0 x-timer: S1701973987.519388,VS0,VE126 via: 1.1 varnish, 1.1 varnish cf-cache-status: HIT age: 72177 accept-ranges: bytes vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bd0708810afe-OSL X-Firefox-Spdy: h2

	bat.bing.com/bat.js	13.107.21.200	200 OK	13 kB
URL GET HTTP/2 bat.bing.com/bat.js IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Unicode text, UTF-8 text, with very long lines (46103), with no line terminators Size 13 kB (13175 bytes) Hash 7f75f159026f3a2c8cccda487b43157b 021cf5c854db063cd79bf0394c24eb994e095640 5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214 HTTP Headers `GET /bat.js HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK cache-control: private,max-age=1800 content-length: 13175 content-type: application/javascript content-encoding: gzip last-modified: Fri, 10 Nov 2023 20:09:55 GMT accept-ranges: bytes etag: "80abcdf1114da1:0" vary: Accept-Encoding strict-transport-security: max-age=31536000; includeSubDomains; preload x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: B52F01F818F1424480EDA8AAD6474927 Ref B: OSL30EDGE0317 Ref C: 2023-12-08T14:36:03Z date: Fri, 08 Dec 2023 14:36:02 GMT X-Firefox-Spdy: h2

	www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png	104.18.29.109	200 OK	1.5 kB
URL GET HTTP/2 www.quickencompare.com/wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data Size 1.5 kB (1462 bytes) Hash 08c465daeab64895569e93e51c762db7 06d83a5d5da54777459439485a5a410776f22375 1bf8b66be3259665a6d9791e0dfbd82bd2f574a01bad981e3d4e66d71f137e78 HTTP Headers GET /wp-content/uploads/2022/05/cropped-QC_Icotype_Circle_Red-32x32.png HTTP/1.1 Host: www.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; _rdt_uuid=1702046169133.cbf79ccb-3675-4c4d-b743-3c3a20a1acb6; _gcl_au=1.1.1264768823.1702046169 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:03 GMT content-type: image/png content-length: 1462 cache-control: public, max-age=31622400 etag: "646f8388-5b6" expires: Sun, 08 Dec 2024 14:36:03 GMT last-modified: Thu, 25 May 2023 15:49:28 GMT strict-transport-security: max-age=2592000 x-pantheon-styx-hostname: styx-fe1-a-b8448654b-5nhpm x-styx-req-id: fcf64b0f-565f-11ee-9089-d2e2ed9d6f4f x-served-by: cache-chi-klot8100095-CHI, cache-bma1667-BMA x-cache: HIT, MISS x-cache-hits: 1, 0 x-timer: S1701701162.825696,VS0,VE131 via: 1.1 varnish, 1.1 varnish cf-cache-status: HIT age: 264344 accept-ranges: bytes vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bd07087d0afe-OSL X-Firefox-Spdy: h2

	www.google.com/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4	142.250.74.100	302 Found	63 B
URL GET HTTP/2 www.google.com/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 IP 142.250.74.100:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subjectwww.google.com FingerprintB0:8E:97:10:7E:30:90:F6:42:A1:32:63:5C:78:27:D3:A8:F1:05:D1 ValidityMon, 23 Oct 2023 11:24:57 GMT - Mon, 15 Jan 2024 11:24:56 GMT File type ASCII text, with no line terminators Size 63 B (63 bytes) Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 HTTP Headers GET /pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Fri, 08 Dec 2023 14:36:03 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate location: https://www.google.no/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y content-type: text/javascript; charset=UTF-8 content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip server: cafe content-length: 63 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b&oid=143&affid=259&__cc=&async=json	35.201.76.131	200 OK	87 B
URL GET HTTP/3 www.lmbahsj2.com/sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b&oid=143&affid=259&__cc=&async=json IP 35.201.76.131:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type JSON data\012- , ASCII text Size 87 B (87 bytes) Hash be8ec018b20dc81844ac027ae9ca0a21 25970722e18a46a65b644b2a46083d31a9fa4000 7939806ffd6b5d6fd215d472d42fc70ec7b920c9dc6b2479d740bdbf0bb3972f HTTP Headers GET /sdk/click?effp=725a9a464860515bcdb576360962c546&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b&oid=143&affid=259&__cc=&async=json HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK server: nginx date: Fri, 08 Dec 2023 14:36:03 GMT content-type: application/json; charset=utf-8 content-length: 87 accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model access-control-allow-credentials: true access-control-allow-origin: https://money.quickencompare.com set-cookie: uniqueClick=5a0ba9cb-1097-487c-9bf0-a461f6983257:1702046163; Path=/; Expires=Sat, 09 Dec 2023 14:36:03 GMT; Secure; SameSite=None transaction_id=92bc792a678d4d3aac6777601f10fd8b; Path=/; Expires=Thu, 07 Mar 2024 14:36:03 GMT; Secure; SameSite=None vary: Origin x-eflow-request-id: 020372ad-0db9-4397-98ff-0b05083dd6ee via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&ref=&v=2&ts=1702046169011&nc=0	207.189.124.43	200	43 B
URL GET HTTP/1.1 a44325.actonservice.com/acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&ref=&v=2&ts=1702046169011&nc=0 IP 207.189.124.43:443 ASN #13649 ASN-VINS Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerSectigo Limited Subject.actonservice.com FingerprintEE:F0:2F:E8:AA:FB:08:13:5C:9C:84:FB:04:6E:60:5B:4D:EB:B0:2E ValidityWed, 31 May 2023 00:00:00 GMT - Sat, 29 Jun 2024 23:59:59 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash f7f26805de1a1f270e665bf7873d7e19 c32085898c6e36d361d4b8017087de90e1b8465c 2188414d64d2930eb54f4731b6eb9a931358ba625d1cd7535a889409218609d2 HTTP Headers GET /acton/bn/44325?target=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&ref=&v=2&ts=1702046169011&nc=0 HTTP/1.1 Host: a44325.actonservice.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Cookie: wp44325="XXWVYDDDDDDTVUZXWMW-HTXW-XBYL-CZIC-LMAZTLKXTIZBDgNssDDD" Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 Set-Cookie: wp44325="XXWVYDDDDDDTVUZXWMW-HTXW-XBYL-CZIC-LMAZTLKXTIZBDLVTXKBTZ-WMWJ-XVVI-ITWY-AXKMKJWLXLYHDjNpJrLgJhtiHkL_JhtDD"; Path=/; Max-Age=31536000; Domain=.actonservice.com; SameSite=None; Secure; Version=1 P3P: CP="Act-On does not have a P3P policy. Learn why here: https://act-on.com/p3p-policy/" Content-Type: image/gif Content-Length: 43 Date: Fri, 08 Dec 2023 14:36:02 GMT X-Cnection: close Strict-Transport-Security: max-age=16070400 Vary: Accept-Encoding`

	bat.bing.com/p/action/146000783.js	13.107.21.200	204 No Content	0 B
URL GET HTTP/2 bat.bing.com/p/action/146000783.js IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /p/action/146000783.js HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 204 No Content cache-control: private,max-age=1800 strict-transport-security: max-age=31536000; includeSubDomains; preload x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: 6F871225B0A44BE683E2FE51FE9B2FEB Ref B: OSL30EDGE0317 Ref C: 2023-12-08T14:36:03Z date: Fri, 08 Dec 2023 14:36:02 GMT X-Firefox-Spdy: h2`

	bat.bing.com/action/0?ti=146000783&Ver=2&mid=54528a34-bc11-4277-926b-64b89c2925df&sid=20f6945095d711ee80c7993d0622159e&vid=20f6985095d711eebf5c35ffd50bdc63&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&r=&lt=4566&evt=pageLoad&sv=1&rn=87939	13.107.21.200	204 No Content	0 B
URL GET HTTP/2 bat.bing.com/action/0?ti=146000783&Ver=2&mid=54528a34-bc11-4277-926b-64b89c2925df&sid=20f6945095d711ee80c7993d0622159e&vid=20f6985095d711eebf5c35ffd50bdc63&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&r=&lt=4566&evt=pageLoad&sv=1&rn=87939 IP 13.107.21.200:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerMicrosoft Corporation Subjectwww.bing.com FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /action/0?ti=146000783&Ver=2&mid=54528a34-bc11-4277-926b-64b89c2925df&sid=20f6945095d711ee80c7993d0622159e&vid=20f6985095d711eebf5c35ffd50bdc63&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=QuickenCompare%20Money%20-%20QUESTIONS&p=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&r=&lt=4566&evt=pageLoad&sv=1&rn=87939 HTTP/1.1 Host: bat.bing.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 204 No Content cache-control: no-cache, must-revalidate pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT set-cookie: MUID=0928B8256B616C2D0BBEABC46A366D75; domain=.bing.com; expires=Wed, 01-Jan-2025 14:36:03 GMT; path=/; SameSite=None; Secure; Priority=High; strict-transport-security: max-age=31536000; includeSubDomains; preload access-control-allow-origin: * x-cache: CONFIG_NOCACHE accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: 3C0D44A6D7E64D5384B74B0E5317350B Ref B: OSL30EDGE0317 Ref C: 2023-12-08T14:36:03Z date: Fri, 08 Dec 2023 14:36:02 GMT X-Firefox-Spdy: h2

	www.google.no/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y	142.250.74.163	200 OK	63 B
URL GET HTTP/2 www.google.no/pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y IP 142.250.74.163:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google.no Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32 ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT File type ASCII text, with no line terminators Size 63 B (63 bytes) Hash ad8b6f08655797587cdec719a94efe59 182adf5a140796f81e930649d05654dbf22fd5b7 77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6 HTTP Headers GET /pagead/1p-conversion/320492720/?random=1702046169322&cv=11&fst=1702046169322&bg=ffffff&guid=ON&async=1&gtm=45be3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1280&u_h=1024&url=https%3A%2F%2Fmoney.quickencompare.com%2F%3Fmoid%3D307646%26sourceid%3Daffl_everflow_qc-mon_143_259%26pkey1%3D259%26pkey2%3DSECCAPS-A%26pkey3%3D92bc792a678d4d3aac6777601f10fd8b%26pkey%3D%26sid%3D143%26cmpid%3D143%26crtid%3D%26oid%3D143%26affid%3D259%26_ef_transaction_id%3D92bc792a678d4d3aac6777601f10fd8b&label=xSwBCJum9PsCELCp6ZgB&hn=www.google.com&frm=0&tiba=QuickenCompare%20Money%20-%20QUESTIONS&gtm_ee=1&auid=1264768823.1702046169&data=event%3Dconversion&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Fri, 08 Dec 2023 14:36:03 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: text/javascript; charset=UTF-8 content-security-policy: script-src 'none'; object-src 'none' x-content-type-options: nosniff content-disposition: attachment; filename="f.txt" content-encoding: gzip server: cafe content-length: 63 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	script.anura.io/request.js?instance=3439535758&exid=031df85b-9801-5331-badd-1ad7b5917356&source=affl_everflow_qc-mon_143_259&campaign=SECCAPS-A&651020434517	3.8.43.133	200 OK	26 kB
URL GET HTTP/2 script.anura.io/request.js?instance=3439535758&exid=031df85b-9801-5331-badd-1ad7b5917356&source=affl_everflow_qc-mon_143_259&campaign=SECCAPS-A&651020434517 IP 3.8.43.133:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerAmazon Subjectscript.anura.io Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20 ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT File type ASCII text, with very long lines (9731) Size 26 kB (26224 bytes) Hash e06ce3e745ad4bd2246a32651a69b97c 8b4708fd18545f0ff9ab9c7e4bbe76a5265f0967 540ea53d585a8c8572d037d3f742b86adc72a61ff1254c21d99666132d7f96c3 HTTP Headers GET /request.js?instance=3439535758&exid=031df85b-9801-5331-badd-1ad7b5917356&source=affl_everflow_qc-mon_143_259&campaign=SECCAPS-A&651020434517 HTTP/1.1 Host: script.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:03 GMT content-type: application/javascript; charset=utf-8 server: nginx vary: Accept-Encoding expires: Sun, 28 Dec 1980 18:57:00 EST cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 pragma: no-cache x-content-type-options: nosniff content-encoding: gzip X-Firefox-Spdy: h2`

	s.yimg.com/wi/config/10194306.json	87.248.119.252	200 OK	22 B
URL GET HTTP/2 s.yimg.com/wi/config/10194306.json IP 87.248.119.252:443 ASN #203220 Yahoo! UK Services Limited Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.api.fantasysports.yahoo.com Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6 ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 22 B (22 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers `GET /wi/config/10194306.json HTTP/1.1 Host: s.yimg.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-origin: * access-control-allow-methods: GET vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding x-amz-request-id: CB4JNAN7J229ZYC4 x-amz-id-2: cGqBgNjckEUB+wBsD6G95EQMQBbMorbIlQr0xZRaTtzKnA2k7iQ5knf8zUzJ3McjC9OuxRGlfak= content-type: application/json date: Fri, 08 Dec 2023 14:36:03 GMT server: ATS referrer-policy: no-referrer-when-downgrade cache-control: public,max-age=3600 content-encoding: gzip content-length: 22 age: 0 strict-transport-security: max-age=31536000 expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection: 1; mode=block x-content-type-options: nosniff X-Firefox-Spdy: h2

	rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046170707	3.233.159.178	200 OK	2 B
URL POST HTTP/2 rum-http-intake.logs.datadoghq.com/v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046170707 IP 3.233.159.178:443 ASN #14618 AMAZON-AES Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.logs.datadoghq.com Fingerprint29:24:46:A8:06:E2:F4:15:BE:A6:74:80:B3:36:D5:3D:E7:D5:15:99 ValidityWed, 22 Mar 2023 00:00:00 GMT - Fri, 22 Mar 2024 23:59:59 GMT File type JSON data\012- , ASCII text, with no line terminators Size 2 B (2 bytes) Hash 99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a HTTP Headers POST /v1/input/pub6a529f19365581f6a44df4d3740084c6?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-ern-webapp%2Cversion%3A1.0.3%20d-M6NP3BZ42&batch_time=1702046170707 HTTP/1.1 Host: rum-http-intake.logs.datadoghq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: text/plain;charset=UTF-8 Content-Length: 16117 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:04 GMT content-type: application/json content-length: 2 cross-origin-resource-policy: cross-origin access-control-allow-origin: * x-content-type-options: nosniff strict-transport-security: max-age=31536000; includeSubDomains; preload X-Firefox-Spdy: h2`

	ads.anura.io/showads.js?90682510282	54.230.111.55	200 OK	0 B
URL GET HTTP/2 ads.anura.io/showads.js?90682510282 IP 54.230.111.55:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerAmazon Subjectads.anura.io Fingerprint69:66:FA:26:E2:E4:89:00:9A:F7:DE:2C:F6:5A:C2:B9:58:04:5D:E6 ValidityTue, 30 May 2023 00:00:00 GMT - Thu, 27 Jun 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /showads.js?90682510282 HTTP/1.1 Host: ads.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/javascript; charset=utf-8 date: Thu, 07 Dec 2023 19:40:31 GMT server: nginx access-control-allow-origin: * access-control-allow-methods: GET content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: Du6zb8Dv3-qXvua8ZYJwFyDg-swqmJLjpXnFJluEopaf1aWetHocnA== age: 68132 X-Firefox-Spdy: h2`

	content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg	104.18.29.109	200 OK	7.6 kB
URL GET HTTP/2 content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7675), with no line terminators Size 7.6 kB (7628 bytes) Hash 9c7fa5ca9ac7adf457a83b5aed9fe269 d527d4db3df8b0adb6af6408d9ab45c3ec67dc02 f647b5bacc626969604abca8928075eb34accf47048b1ffa58e2cc56c08b0d3a HTTP Headers GET /nmn/logo/dollar-money-icon-small.svg HTTP/1.1 Host: content.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: image/svg+xml last-modified: Thu, 23 Nov 2023 14:00:50 GMT x-amz-server-side-encryption: AES256 etag: W/"3b280fb1b5f603b076383e1ca6ea531f" x-cache: Hit from cloudfront via: 1.1 6528f10684ec39317f94ed2a540d88b4.cloudfront.net (CloudFront) x-amz-cf-pop: ARN54-C1 x-amz-cf-id: Ani-paQksdVynqIW9BXjlj0Gx7_MvsMOT21oA0uKpKBIop_r2N12Ew== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 vary: Accept-Encoding strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3aa210afe-OSL content-encoding: gzip X-Firefox-Spdy: h2

	cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js	104.18.5.105	200 OK	154 kB
URL GET HTTP/2 cdn-refinance.enhancedrefinow.com/pixel-616e834028d94a75ecaf.js IP 104.18.5.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type Size 154 kB (153814 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /pixel-616e834028d94a75ecaf.js HTTP/1.1 Host: cdn-refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:01 GMT content-type: application/javascript; charset=UTF-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: public, max-age=14400 last-modified: Tue, 05 Dec 2023 23:27:35 GMT etag: W/"258d6-18c3c4eef05" cf-cache-status: MISS expires: Fri, 08 Dec 2023 18:36:01 GMT set-cookie: __cf_bm=wlhDV6Jb7vPbOKJCloIQbJFeSWsSoCxcoesvm1Rdm6g-1702046161-0-AS2HQ0Q1Bps2AQB34MooSbOmxWs1rXLmMLQoPx9HY4NwKjo7asbWaMQlajUUkE7dmcLN9xgM8aFLJ4KnUiANpUI=; path=/; expires=Fri, 08-Dec-23 15:06:01 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3ac3556c9-OSL content-encoding: gzip X-Firefox-Spdy: h2

	money.quickencompare.com/visitor	104.18.29.109	200 OK	231 B
URL POST HTTP/2 money.quickencompare.com/visitor IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 231 B (231 bytes) Hash 820d81cea9c67c8563a00e4d9a9bb29b 84783805db35b2fe7f9519119def78c2a23e0528 b62ccaa7ef93881342e0d53749ac53fff15cad621425e7cc0c406d122daa6538 HTTP Headers POST /visitor HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Content-Type: application/json Content-Length: 1515 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; sourceId=affl_everflow_qc-mon_143_259; connect.sid=s%3AJs9j82OmSUWNQPNWsZpPBUI8NztNnPON.Vo8i3xL9apcWd%2BOBeYofRfIH%2BSr1RuDKkaINlUBKkis; BIGipServerpl.prod-lreernwapp-lnd=!v+/04d+r6BZa1xVYWO5LSMyMNc4rD1WfHvJ08XcY49RCKkreEUvB6U3MDW2rzb7xosxksDTr9LxJ0sk=; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1\|saudioRef:25450949bE:0" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: application/json; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store etag: W/"e7-xO6EJlDDN3o8NObj8SS8aKkI/Hw" cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bd01ac340afe-OSL content-encoding: gzip X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js	104.18.5.105	200 OK	13 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/manifest.d7f9016d0e5da5649c5f.js IP 104.18.5.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (12636), with no line terminators Size 13 kB (12636 bytes) Hash ab05865229c4be0e25398c314b00a787 ffabd971a1d77d782aec1370f52e8f1d83769c82 a261d93839339ffe4e77dead49be5380abb6b61fdbd67d735e01ccd17bae918f HTTP Headers `GET /manifest.d7f9016d0e5da5649c5f.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: application/javascript last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"ab05865229c4be0e25398c314b00a787" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: j6xQDrVNaIhrWO44n7p_cS7sPJVO2HTWlWu5NqGBxiq0BcirAWMkGA== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=mE82UF8ouwIu4QROgHVjW83uf_6lX5QyPR3UsPfJydo-1702046160-0-AclQZ8sr4jOa+QcnUU+jmAlC/9RVFA812we9XEFolEpAZLpuK8Psz4swaPKsDh9mWujyk6/SMbgjOk4bM/jzC/o=; path=/; expires=Fri, 08-Dec-23 15:06:00 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3dc5856c9-OSL X-Firefox-Spdy: h2

	www.lmbahsj2.com/scripts/sdk/everflow.js	35.201.76.131	200 OK	61 kB
URL GET HTTP/2 www.lmbahsj2.com/scripts/sdk/everflow.js IP 35.201.76.131:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerStarfield Technologies, Inc. Subjectlmbahsj2.com Fingerprint19:8A:1C:6D:15:5F:1E:82:A2:B6:F3:E1:A8:82:E4:C5:EE:3C:46:53 ValidityFri, 28 Apr 2023 21:05:02 GMT - Mon, 13 May 2024 15:10:13 GMT File type Size 61 kB (61234 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /scripts/sdk/everflow.js HTTP/1.1 Host: www.lmbahsj2.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Fri, 08 Dec 2023 14:36:02 GMT content-type: text/javascript accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model cache-control: max-age=14400 vary: Origin x-eflow-request-id: f25a8de9-fa2d-447c-ac1f-93bcab230399 content-encoding: gzip via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css	104.18.5.105	200 OK	176 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.css IP 104.18.5.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type ASCII text, with very long lines (45544) Size 176 kB (175557 bytes) Hash 51281ef41f6e2e58b368816515b69b7b 0c82a25d8cc39e108175154e244bcb2490b18b0d 64cc6c3ae44025a0b21f96431acbdc5fe1601b19e27cfd4dfa0651dbb6776f33 HTTP Headers `GET /main.93e3cac8409e105ab51a.css HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: text/css last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"51281ef41f6e2e58b368816515b69b7b" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: cQWHkrqEyqhTeJXjNNmvwKJQWJN5-Z9Ogl1iTx76tVdfXcT0CRjncw== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=jKeQf56y_Wctaavww7mGVkcmTmRjO1Lg8vG2bZFgrE8-1702046160-0-ATQcqv+C+k7Ec/JZVSdrmwZVNfEJeoTX24oQCmBSzizwO2LH6eBOI9eweHPI+r8k4vCqwdCmM1ykcsGKzgyPAiM=; path=/; expires=Fri, 08-Dec-23 15:06:00 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf39c1c56c9-OSL X-Firefox-Spdy: h2

	s.yimg.com/wi/ytc.js	87.248.119.252	200 OK	18 kB
URL GET HTTP/2 s.yimg.com/wi/ytc.js IP 87.248.119.252:443 ASN #203220 Yahoo! UK Services Limited Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.api.fantasysports.yahoo.com Fingerprint73:32:A8:90:C9:6F:41:1C:ED:AA:2A:95:41:24:4E:E2:B2:AB:FB:D6 ValidityMon, 06 Nov 2023 00:00:00 GMT - Wed, 27 Dec 2023 23:59:59 GMT File type ASCII text, with very long lines (18187), with no line terminators Size 18 kB (18187 bytes) Hash 5c6ed25dce803fd84288922b8928409e 3ccc10546ae12f160bacac1e9e422af091ea4a41 480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91 HTTP Headers `GET /wi/ytc.js HTTP/1.1 Host: s.yimg.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK x-amz-id-2: 6U7hpp8nI0ixD3Hc6+qLJWsj2b9iJPWCM/xKPOO0l70oFb+FRwyPoClRWpdDhNyEweJuo9OE5LJJRSzXTZZTdA== x-amz-request-id: A2T4WCSK39DYEF3H date: Fri, 08 Dec 2023 14:04:56 GMT last-modified: Mon, 26 Jun 2023 09:26:35 GMT x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle" etag: "5c6ed25dce803fd84288922b8928409e-df" x-amz-server-side-encryption: AES256 cache-control: public,max-age=3600 x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW accept-ranges: bytes content-type: application/javascript server: ATS referrer-policy: no-referrer-when-downgrade vary: Origin, Accept-Encoding age: 1868 content-encoding: gzip content-length: 6262 strict-transport-security: max-age=31536000 expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" x-xss-protection: 1; mode=block x-content-type-options: nosniff ats-carp-promotion: 1, 1 X-Firefox-Spdy: h2

	script.anura.io/response.json	3.8.43.133	200 OK	151 B
URL POST HTTP/2 script.anura.io/response.json IP 3.8.43.133:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerAmazon Subjectscript.anura.io Fingerprint83:CF:23:67:0B:B9:DB:BB:65:3F:31:44:AD:06:8B:B2:7E:B4:E1:20 ValidityMon, 16 Oct 2023 00:00:00 GMT - Wed, 13 Nov 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 151 B (151 bytes) Hash 2950c067f8f01afc63f2b7f35e3ebe8b 301a76c7f88913a1fa15761fdac22d39cac45b27 20c1e075f130969475cf05e65e3d6ff153fbbda360181b6f453406e377623caf HTTP Headers POST /response.json HTTP/1.1 Host: script.anura.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-type: application/x-www-form-urlencoded Content-Length: 5442 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:04 GMT content-type: application/json; charset=utf-8 server: nginx vary: Accept-Encoding access-control-allow-origin: * access-control-allow-methods: POST expires: Sun, 28 Dec 1980 18:57:00 EST cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0 pragma: no-cache x-content-type-options: nosniff content-encoding: gzip X-Firefox-Spdy: h2`

	money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b	104.18.29.109	200 OK	25 kB
URL User Request GET HTTP/2 money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type Size 25 kB (24889 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 08 Dec 2023 14:35:59 GMT content-type: text/html; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store cf-cache-status: DYNAMIC set-cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; Domain=.quickencompare.com; Path=/; Expires=Sat, 07 Dec 2024 14:35:58 GMT sourceId=affl_everflow_qc-mon_143_259; Path=/; Expires=Fri, 15 Dec 2023 14:35:58 GMT connect.sid=s%3AJs9j82OmSUWNQPNWsZpPBUI8NztNnPON.Vo8i3xL9apcWd%2BOBeYofRfIH%2BSr1RuDKkaINlUBKkis; Path=/; Expires=Fri, 15 Dec 2023 14:35:59 GMT; HttpOnly BIGipServerpl.prod-lreernwapp-lnd=!v+/04d+r6BZa1xVYWO5LSMyMNc4rD1WfHvJ08XcY49RCKkreEUvB6U3MDW2rzb7xosxksDTr9LxJ0sk=; path=/; Httponly; Secure __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; path=/; expires=Fri, 08-Dec-23 15:05:59 GMT; domain=.quickencompare.com; HttpOnly; Secure; SameSite=None content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bce91aaf0afe-OSL content-encoding: gzip X-Firefox-Spdy: h2

	static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js	104.18.5.105	200 OK	811 kB
URL GET HTTP/2 static-lre.refinance.enhancedrefinow.com/main.93e3cac8409e105ab51a.js IP 104.18.5.105:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectenhancedrefinow.com FingerprintCC:38:9A:93:4C:BD:74:FE:30:18:77:1F:80:24:AF:9E:02:FA:AB:56 ValidityFri, 03 Mar 2023 00:00:00 GMT - Fri, 01 Mar 2024 23:59:59 GMT File type Size 811 kB (810885 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /main.93e3cac8409e105ab51a.js HTTP/1.1 Host: static-lre.refinance.enhancedrefinow.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:00 GMT content-type: application/javascript last-modified: Mon, 13 Nov 2023 19:49:34 GMT etag: W/"dec41562bede99a23e8a683bb0b2c7a7" x-amz-server-side-encryption: AES256 content-encoding: gzip vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-C1 x-amz-cf-id: EJy6PytxORPNYh-TGOTN6W-_ThcOjbKUjHTMw5tSApe4obskrYLi1A== cf-cache-status: REVALIDATED expires: Fri, 08 Dec 2023 18:36:00 GMT cache-control: public, max-age=14400 set-cookie: __cf_bm=WC_tEWI_SUzlRB2fbhrJzt078gmHidYtsQb4gV46uOE-1702046160-0-AahJ+2rIh770dcpjL1xIJKeT2f9TE2H8XZbjJnsdFRNc6AB1Eq9cVn6tuQkOw53393tckPO/ZBGTgXgPlaokoeo=; path=/; expires=Fri, 08-Dec-23 15:06:00 GMT; domain=.enhancedrefinow.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000 content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bcf3dc5656c9-OSL X-Firefox-Spdy: h2

	money.quickencompare.com/track	104.18.29.109	200 OK	246 B
URL POST HTTP/2 money.quickencompare.com/track IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type troff or preprocessor input, ASCII text, with no line terminators Size 246 B (246 bytes) Hash 40cfec07d16b968ce99df15ef043e1ef 2d5be0b97509fa2589900410b5b2f7fbf3873d5e a9d7e021b6db3c6a82710e1d587e9c86b282b852944a1475642b25bdcc39f807 HTTP Headers POST /track HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Content-Type: application/json Content-Length: 472 Origin: https://money.quickencompare.com DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; sourceId=affl_everflow_qc-mon_143_259; connect.sid=s%3AJs9j82OmSUWNQPNWsZpPBUI8NztNnPON.Vo8i3xL9apcWd%2BOBeYofRfIH%2BSr1RuDKkaINlUBKkis; BIGipServerpl.prod-lreernwapp-lnd=!v+/04d+r6BZa1xVYWO5LSMyMNc4rD1WfHvJ08XcY49RCKkreEUvB6U3MDW2rzb7xosxksDTr9LxJ0sk=; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1\|saudioRef:25450949bE:0"; _dd_s=rum=1&id=35fc17e5-eaa0-49f4-886d-48b7227ce21b&created=1702046168945&expire=1702047068945; _rdt_uuid=1702046169133.cbf79ccb-3675-4c4d-b743-3c3a20a1acb6 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: application/json; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store etag: W/"f6-UWIDwLWjzlnvk1OPS1AVTNGVoxs" cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bd033d9a0afe-OSL content-encoding: gzip X-Firefox-Spdy: h2

	www.googletagmanager.com/gtag/js?id=AW-320492720	142.250.74.168	200 OK	212 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=AW-320492720 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34 ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT File type ASCII text, with very long lines (4179) Size 212 kB (211760 bytes) Hash 0e15cb67511eb360a6083c279210d336 bf591fae4451caaacb9cd51e5c80da7958b3b34d 01c8da48c092f25f31db23c09f69d9adb8c7ee6e1e7ee05544d5e1bce4d24e5c HTTP Headers `GET /gtag/js?id=AW-320492720 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 08 Dec 2023 14:36:02 GMT expires: Fri, 08 Dec 2023 14:36:02 GMT cache-control: private, max-age=900 last-modified: Fri, 08 Dec 2023 12:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 75529 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled	104.18.29.109	200 OK	4 B
URL GET HTTP/2 money.quickencompare.com/app-configuration/?path=/lendingLeadGen/fraud/anura/enabled IP 104.18.29.109:443 ASN #13335 CLOUDFLARENET Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint8A:4F:F5:9D:CC:0B:84:6F:19:29:53:3F:57:FA:AF:13:47:78:8C:D4 ValidityMon, 20 Feb 2023 00:00:00 GMT - Tue, 20 Feb 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 4 B (4 bytes) Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b HTTP Headers GET /app-configuration/?path=/lendingLeadGen/fraud/anura/enabled HTTP/1.1 Host: money.quickencompare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b DNT: 1 Connection: keep-alive Cookie: visitorId=976d9683-a360-401d-9aa2-6e62aa115154; sourceId=affl_everflow_qc-mon_143_259; connect.sid=s%3AJs9j82OmSUWNQPNWsZpPBUI8NztNnPON.Vo8i3xL9apcWd%2BOBeYofRfIH%2BSr1RuDKkaINlUBKkis; BIGipServerpl.prod-lreernwapp-lnd=!v+/04d+r6BZa1xVYWO5LSMyMNc4rD1WfHvJ08XcY49RCKkreEUvB6U3MDW2rzb7xosxksDTr9LxJ0sk=; __cf_bm=nReyGEUG_FM4juS9cJzu463S.6anTSx8yoCus4yrZZw-1702046159-0-ARJmq5htPamGHqacCiA9bHma8kCMehsPbAIi37DTkE7hwAewu5QoVemc7y4DY6/FeAb8lRDC/i/gCzNpKM+hxrQ=; DAPROPS="bS:0\|scsVersion:2.4.5\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdeviceAspectRatio:1280/1024\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio.ogg:1\|bhtml.audio.mp3:1\|bhtml.audio.wav:1\|bhtml.audio.m4a:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video.ap4x:0\|bhtml.video.av1:1\|bhtml.video.ogg:1\|bhtml.video.h264:1\|bhtml.video.webm:1\|bjs.accessDom:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|srendererRef:02919241789\|sscreenWidthHeight:1280/1024\|stimeZone:UTC\|buserMedia:1\|saudioRef:25450949bE:0" Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 08 Dec 2023 14:36:02 GMT content-type: text/html; charset=utf-8 x-dns-prefetch-control: off strict-transport-security: max-age=2592000 x-download-options: noopen referrer-policy: same-origin cache-control: no-store cf-cache-status: DYNAMIC content-security-policy: frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block server: cloudflare cf-ray: 8325bd01bc410afe-OSL content-encoding: gzip X-Firefox-Spdy: h2

	p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css	23.36.76.184	200 OK	5 B
URL GET HTTP/2 p.typekit.net/p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css IP 23.36.76.184:443 ASN #20940 Akamai International B.V. Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subjectuse.typekit.net Fingerprint42:82:CA:A5:EA:30:8F:60:60:37:2D:24:17:3D:52:62:54:D7:03:5B ValidityThu, 21 Sep 2023 00:00:00 GMT - Mon, 21 Oct 2024 23:59:59 GMT File type ASCII text, with no line terminators Size 5 B (5 bytes) Hash 825e67eeb6b4bfac7536fc639a56ec43 574a45385ae62544c7424e6f06417f0370b1a532 c10ff60fd741e3b2b97479f16f45e5fa57449629f4d032f647fd23041a6ad7b1 HTTP Headers `GET /p.css?s=1&k=msd8xng&ht=tk&f=37513.37518.37522&a=121980931&app=typekit&e=css HTTP/1.1 Host: p.typekit.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://use.typekit.net/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx content-type: text/css content-length: 5 last-modified: Tue, 07 Mar 2023 19:56:00 GMT etag: "640796d0-5" cache-control: public, max-age=604800 access-control-allow-origin: * cross-origin-resource-policy: cross-origin accept-ranges: bytes date: Fri, 08 Dec 2023 14:36:00 GMT X-Firefox-Spdy: h2`

	ads.revjet.com/analytics?acu=6680	65.109.98.106	200 OK	20 kB
URL GET HTTP/2 ads.revjet.com/analytics?acu=6680 IP 65.109.98.106:443 ASN #24940 Hetzner Online GmbH Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerSectigo Limited Subject.revjet.com Fingerprint03:20:65:55:CD:08:1C:F0:68:28:E7:A4:5F:21:09:76:87:BF:9D:81 ValidityMon, 20 Mar 2023 00:00:00 GMT - Thu, 11 Apr 2024 23:59:59 GMT File type ASCII text, with very long lines (1311) Size 20 kB (19476 bytes) Hash 26ec352468322f70910e03feb9b8b8fb 18878e8adcd809ad7a4850c8698efd24b22c04e5 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb HTTP Headers `GET /analytics?acu=6680 HTTP/1.1 Host: ads.revjet.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Fri, 08 Dec 2023 14:36:02 GMT content-type: application/javascript last-modified: Thu, 20 Jul 2023 16:46:10 GMT etag: W/"64b964d2-4c14" expires: Fri, 08 Dec 2023 14:46:02 GMT cache-control: max-age=600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	www.datadoghq-browser-agent.com/datadog-rum-v3.js	54.230.111.221	200 OK	118 kB
URL GET HTTP/2 www.datadoghq-browser-agent.com/datadog-rum-v3.js IP 54.230.111.221:443 ASN #16509 AMAZON-02 Requested by https://money.quickencompare.com/?moid=307646&sourceid=affl_everflow_qc-mon_143_259&pkey1=259&pkey2=SECCAPS-A&pkey3=92bc792a678d4d3aac6777601f10fd8b&pkey=&sid=143&cmpid=143&crtid=&oid=143&affid=259&_ef_transaction_id=92bc792a678d4d3aac6777601f10fd8b Certificate IssuerDigiCert Inc Subject.datadoghq-browser-agent.com FingerprintFC:83:1B:FF:12:98:28:60:E5:F1:DC:73:0D:BC:6F:81:22:A7:F1:6D ValiditySat, 14 Jan 2023 00:00:00 GMT - Tue, 16 Jan 2024 23:59:59 GMT File type ASCII text, with very long lines (65536), with no line terminators Size 118 kB (117677 bytes) Hash 647fda9a4d3d74344732d76cf1fff47c 01720d421ce3373f1a1958a1d85edfae5ab5f442 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b HTTP Headers `GET /datadog-rum-v3.js HTTP/1.1 Host: www.datadoghq-browser-agent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://money.quickencompare.com/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript last-modified: Mon, 03 Jan 2022 16:36:14 GMT server: AmazonS3 content-encoding: br date: Fri, 08 Dec 2023 14:36:01 GMT cache-control: max-age=14400, s-maxage=60 etag: W/"647fda9a4d3d74344732d76cf1fff47c" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: PTlERKfrnGZFdmJgeMmN2tF8DEvWCPfFE-fD0H_F2CmkPDKAHUcVdA== age: 14 timing-allow-origin: * X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (48)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations