refinance.lowermybills.com Open in urlscan Pro
2606:4700::6812:129f Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY#qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfa...
Effective URL:
https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Submission: On December 18 via api (December 18th 2021, 9:57:52 am UTC) from BE — Scanned from US

Summary HTTP 103 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 30 IPs in 4 countries across 24 domains to perform 103 HTTP transactions. The main IP is 2606:4700::6812:129f, located in United States and belongs to CLOUDFLARENET, US. The main domain is refinance.lowermybills.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 10th 2021. Valid for: a year.

This is the only time refinance.lowermybills.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.218.225.0 52.218.225.0	16509 (AMAZON-02) (AMAZON-02)
1 1	103.47.210.186 103.47.210.186	63930 (READYSERV...) (READYSERVER-SG READY SERVER PTE LTD)
1	111.90.158.43 111.90.158.43	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
1 1	34.209.239.17 34.209.239.17	16509 (AMAZON-02) (AMAZON-02)
1 14	2606:4700::68... 2606:4700::6812:129f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
1	54.192.199.65 54.192.199.65	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2003	15169 (GOOGLE) (GOOGLE)
13	2607:f8b0:400... 2607:f8b0:4006:817::2008	15169 (GOOGLE) (GOOGLE)
1	74.217.31.248 74.217.31.248	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
1	151.101.248.157 151.101.248.157	54113 (FASTLY) (FASTLY)
4	142.250.65.226 142.250.65.226	15169 (GOOGLE) (GOOGLE)
2	104.19.136.78 104.19.136.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	142.250.65.198 142.250.65.198	15169 (GOOGLE) (GOOGLE)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
4 16	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:400... 2607:f8b0:4006:80a::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
1	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
1	216.223.26.59 216.223.26.59	14744 (INTERNAP-...) (INTERNAP-BLOCK-4)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
4	2600:1f18:24e... 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90	14618 (AMAZON-AES) (AMAZON-AES)
2	2607:f8b0:400... 2607:f8b0:4006:820::200e	15169 (GOOGLE) (GOOGLE)
1	142.251.35.162 142.251.35.162	15169 (GOOGLE) (GOOGLE)
2	142.250.31.156 142.250.31.156	15169 (GOOGLE) (GOOGLE)
1	142.250.80.98 142.250.80.98	15169 (GOOGLE) (GOOGLE)
1	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9a	15169 (GOOGLE) (GOOGLE)
4	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
103	30

1 52.218.225.0 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.47.210.186 (Singapore) 1 redirects

ASN63930 (READYSERVER-SG READY SERVER PTE LTD, SG)
PTR: ratioonly.com

gonelens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 111.90.158.43 (Kajang, Malaysia)

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: ohotka.herittions.net

wallintern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.209.239.17 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-209-239-17.us-west-2.compute.amazonaws.com

cdmtrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6812:129f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
refinance.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-lre.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-refinance.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
content.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:816::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.199.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-199-65.ewr53.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:817::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.217.31.248 (Secaucus, United States)

ASN29791 (VOXEL-DOT-NET, US)

ads.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.248.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.65.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.136.78 (None, )

ASN13335 (CLOUDFLARENET, US)

a.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.65.198 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f6.1e100.net

852807.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:81e::2002 (United States) 4 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:80a::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.223.26.59 (Secaucus, United States)

ASN14744 (INTERNAP-BLOCK-4, US)

pix.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:820::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.162 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net

849970183.privacysandbox.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.31.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f2.1e100.net

735544455.privacysandbox.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.162.21 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	doubleclick.net 8 redirects 852807.fls.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net bid.g.doubleclick.net stats.g.doubleclick.net	17 KB
17	google.com www.google.com adservice.google.com	3 KB
14	lowermybills.com 1 redirects www.lowermybills.com refinance.lowermybills.com static-lre.lowermybills.com cdn-refinance.lowermybills.com content.lowermybills.com cdn.lowermybills.com	215 KB
13	googletagmanager.com www.googletagmanager.com	531 KB
9	taboola.com cdn.taboola.com trc.taboola.com trc-events.taboola.com	32 KB
6	googleadservices.com www.googleadservices.com 849970183.privacysandbox.googleadservices.com 735544455.privacysandbox.googleadservices.com	34 KB
4	datadoghq.com rum-http-intake.logs.datadoghq.com	373 B
3	bing.com bat.bing.com	11 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	mgid.com a.mgid.com	4 KB
2	revjet.com ads.revjet.com pix.revjet.com	9 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	casalemedia.com dsum-sec.casalemedia.com	315 B
1	t.co t.co	471 B
1	yahoo.com sp.analytics.yahoo.com	717 B
1	twitter.com analytics.twitter.com	598 B
1	ads-twitter.com static.ads-twitter.com	6 KB
1	gstatic.com fonts.gstatic.com	20 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com	37 KB
1	cdmtrk.com 1 redirects cdmtrk.com	857 B
1	wallintern.com wallintern.com	513 B
1	gonelens.com 1 redirects gonelens.com	417 B
1	amazonaws.com s3-us-west-2.amazonaws.com	504 B
0	browser-intake-datadoghq.com Failed session-replay.browser-intake-datadoghq.com Failed
103	24

	Domain	Requested by
16	www.google.com
16	googleads.g.doubleclick.net	4 redirects www.googleadservices.com
13	www.googletagmanager.com	cdn-refinance.lowermybills.com www.googletagmanager.com
5	refinance.lowermybills.com	wallintern.com static-lre.lowermybills.com www.datadoghq-browser-agent.com
4	trc-events.taboola.com	cdn.taboola.com
4	rum-http-intake.logs.datadoghq.com	www.datadoghq-browser-agent.com
4	852807.fls.doubleclick.net	2 redirects refinance.lowermybills.com
4	www.googleadservices.com	cdn-refinance.lowermybills.com www.googletagmanager.com www.googleadservices.com
4	static-lre.lowermybills.com	refinance.lowermybills.com
3	cdn.taboola.com	s3-us-west-2.amazonaws.com cdn.taboola.com
3	bat.bing.com	s3-us-west-2.amazonaws.com bat.bing.com
2	bid.g.doubleclick.net	www.googleadservices.com
2	www.google-analytics.com	www.googletagmanager.com www.datadoghq-browser-agent.com
2	trc.taboola.com	cdn.taboola.com
2	ad.doubleclick.net	2 redirects
2	a.mgid.com	s3-us-west-2.amazonaws.com
2	fonts.googleapis.com	refinance.lowermybills.com
2	content.lowermybills.com	refinance.lowermybills.com
1	stats.g.doubleclick.net	www.datadoghq-browser-agent.com
1	dsum-sec.casalemedia.com	refinance.lowermybills.com
1	735544455.privacysandbox.googleadservices.com
1	849970183.privacysandbox.googleadservices.com
1	t.co	refinance.lowermybills.com
1	pix.revjet.com	ads.revjet.com
1	sp.analytics.yahoo.com	refinance.lowermybills.com
1	adservice.google.com	refinance.lowermybills.com
1	analytics.twitter.com	refinance.lowermybills.com
1	static.ads-twitter.com	s3-us-west-2.amazonaws.com
1	ads.revjet.com	s3-us-west-2.amazonaws.com
1	cdn.lowermybills.com	cdn-refinance.lowermybills.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.datadoghq-browser-agent.com	refinance.lowermybills.com
1	cdn-refinance.lowermybills.com	refinance.lowermybills.com
1	www.lowermybills.com	1 redirects
1	cdmtrk.com	1 redirects
1	wallintern.com	s3-us-west-2.amazonaws.com
1	gonelens.com	1 redirects
1	s3-us-west-2.amazonaws.com
0	session-replay.browser-intake-datadoghq.com Failed	www.datadoghq-browser-agent.com
103	39

This site contains links to these domains. Also see Links.

Domain
www.fhfaoig.gov
loanlookup.freddiemac.com
www.knowyouroptions.com

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com Amazon	`2021-03-26` - `2022-03-05`	a year	crt.sh
wallintern.com R3	`2021-11-22` - `2022-02-20`	3 months	crt.sh
lowermybills.com Cloudflare Inc ECC CA-3	`2021-12-10` - `2022-12-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.datadoghq-browser-agent.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-17` - `2022-03-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.revjet.com Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2022-04-10`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-01-18`	a year	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.privacysandbox.googleadservices.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh

This page contains 4 frames:

Frame: https://refinance.lowermybills.com/questions
Frame ID: 46BDE831BBE84B7CC74414F87AECFF67
Requests: 81 HTTP requests in this frame

Frame: https://cdn.lowermybills.com/lending-images/presentations/common/navapi/deviceAtlasLmb.min.js
Frame ID: 25E62128BCEA3B4E041D7CDFA402FAF3
Requests: 20 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 5B65FC948FB318F5A70E18B4DDB90F19
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: D9397C9EFF850C8B6ABA59123BEA5D4E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Refinance Mortgage, Refinancing Rates, Mortgage Rates - LowerMyBills

Page URL History Show full URLs

https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY Page URL
http://gonelens.com/qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfakcke... HTTP 302
https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_407... Page URL
https://cdmtrk.com/?E=Fg2gvGAiMXXBm2TINU5%2bJw%3d%3d&s1=350609&s2=649046572 HTTP 302
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&... HTTP 301
https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=184... Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

103
Requests

89 %
HTTPS

35 %
IPv6

24
Domains

39
Subdomains

30
IPs

4
Countries

940 kB
Transfer

2713 kB
Size

30
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.fhfaoig.gov/Content/Files/History%20of%20the%20Government%20Sponsored%20Enterprises.pdf
Title: https://www.fhfaoig.gov/Content/Files/History%20of%20the%20Government%20Sponsored%20Enterprises.pdf

Search URL Search Domain Scan URL

URL: https://loanlookup.freddiemac.com/
Title: https://loanlookup.freddiemac.com/

Search URL Search Domain Scan URL

URL: https://www.knowyouroptions.com/loanlookup
Title: https://www.knowyouroptions.com/loanlookup

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY Page URL
http://gonelens.com/qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfakckedacb HTTP 302
https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63 Page URL
https://cdmtrk.com/?E=Fg2gvGAiMXXBm2TINU5%2bJw%3d%3d&s1=350609&s2=649046572 HTTP 302
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6 HTTP 301
https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://gonelens.com/qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfakckedacb HTTP 302
https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63

Request Chain 34

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord= HTTP 302
https://852807.fls.doubleclick.net/activityi;dc_pre=CPjmwICL7fQCFZAGaAgd8wcFsQ;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=

Request Chain 36

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=3114152561

Request Chain 37

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63 HTTP 302
https://852807.fls.doubleclick.net/activityi;dc_pre=CN7rwICL7fQCFQ99DAod3EcC3w;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63

Request Chain 38

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=414991746

Request Chain 39

https://ad.doubleclick.net/ddm/activity/src=4818226;type=invmedia;cat=esvbxzky;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1

Request Chain 79

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=m7C9YbXaL5iUoPMPkMaokAk&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YbXaL5iUoPMPkMaokAk&cid=CAQSKQCNIrLMXsu0Z17CRE6_tMR4MxPqYy9VZ1uWLyDfbe3aPcUaIM1PIMBr&random=4146856958&resp=GooglemKTybQhCsO

Request Chain 81

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=m7C9YcngL8yNNanRlPAO&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YcngL8yNNanRlPAO&cid=CAQSKQCNIrLMNbbISzoOoY61RGsq6m3cohZx1CYXI8NXpOcK9abLP6OqWHDx&random=2502225918&resp=GooglemKTybQhCsO

103 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK T7OUcC3zmc0oY Show response
s3-us-west-2.amazonaws.com/cy6raln5b/ 148 B
504 B 496ms
142ms Document
text/html 52.218.225.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.225.0 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 796d51e183637a7786d5eea27b671259016e12b7c546b3359442ac84fc940916

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

x-amz-id-2: 55FhSe6Kzxxg7n1c0Ijk8xgiTfnJLdHaMIuKn+PDvRFSxHAGyFBOMJGyspMgRNEuIU/oBF3hqvk=
x-amz-request-id: HPMVFZKHVMBFVWBB
Date: Sat, 18 Dec 2021 09:57:40 GMT
Last-Modified: Fri, 17 Dec 2021 18:29:49 GMT
ETag: "3f23630b7ca43ce9e3eccd7d2fb9e52f"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 148

GET
H/1.1

200
OK

63
wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/
Redirect Chain

http://gonelens.com/qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfakckedacb
https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63

138 B
513 B

1947ms
1118ms

Document
text/html

111.90.158.43
SHINJIRU-MY-AS-AP...

General

Check archive.org

Show headers Download Go to

Full URL: https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.90.158.43 Kajang, Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY),
Reverse DNS: ohotka.herittions.net
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY#qs=r-addghafiiigfhccafcfigjhahkeghbgafbihjabafbihjabaheadbfaccakeeacbgfakckedacb

Response headers

date: Sat, 18 Dec 2021 09:57:43 GMT
content-type: text/html; charset=UTF-8
server: Apache
content-encoding: gzip
transfer-encoding: chunked
vary: Accept-Encoding

Redirect headers

Date: Sat, 18 Dec 2021 09:57:40 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
location: https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2

200

Primary Request / Show response
refinance.lowermybills.com/
Redirect Chain

https://cdmtrk.com/?E=Fg2gvGAiMXXBm2TINU5%2bJw%3d%3d&s1=350609&s2=649046572
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

9 KB
4 KB

785ms
773ms

Document
text/html

2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Requested by

Host: wallintern.com
URL: https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48131f2cd42c75e8b070bb587ca111b475450de15c89d8d9a4ff646e388985f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://wallintern.com/0/0/0/53719835f155eabb9d2d8ab08f553017/40768_6935605_11/2256_477754611_0_40768_0_4147586_63_1054_91932_6935605_10_933/63

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
content-type: text/html; charset=utf-8
cf-ray: 6bf7875a0f7eef02-MIA
cache-control: no-store
strict-transport-security: max-age=15552000; includeSubDomains
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
referrer-policy: same-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip

Redirect headers

date: Sat, 18 Dec 2021 09:57:44 GMT
content-length: 0
location: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
cf-ray: 6bf787578e1bef02-MIA
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare

GET
H2 200 main.fa0ef906a27fb7fdbe60.css
static-lre.lowermybills.com/ 40 KB
9 KB 66ms
53ms Stylesheet
text/css 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/main.fa0ef906a27fb7fdbe60.css
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf007d554e6dad2b0d664a6cce2111c81606834013d085bfd20431070677d8d7

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 945393cefc4bfc81e302c26bac47e4f1.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3473
cf-ray: 6bf7875f0a2fef02-MIA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 07:36:13 GMT
server: cloudflare
etag: W/"4badd04872d6460acb246d76f9e461a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: P6bCT5yFerZI7mJLDEOzFgkInRvS8M5q
cache-control: public, max-age=14400
x-amz-cf-pop: MIA3-C3
content-type: text/css
x-amz-cf-id: NLeDVs5sYUJYpZysPV-KnRIQmvMCi4-ZU1pa2fSEIs7dbecHv8v80w==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 pixel-add40748038f17c46b23.js Show response
cdn-refinance.lowermybills.com/ 282 KB
32 KB 584ms
573ms Script
application/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfbb68a607fce330b914b436c6b37095f903490dd5877179e3ce4878aebeb57e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 16 Dec 2021 18:19:57 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"468ef-17dc478e88d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 6bf7875f0a2eef02-MIA
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 deviceatlas-1.6.min.js Show response
content.lowermybills.com/deviceatlas-1.6/ 7 KB
3 KB 73ms
59ms Script
application/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://content.lowermybills.com/deviceatlas-1.6/deviceatlas-1.6.min.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 7b684daf68830c24a645afbee86b35aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 4945
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 19:31:45 GMT
server: cloudflare
etag: W/"67510dbcee1857a225b8f76bdc940c26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-cf-pop: MIA3-C5
cf-ray: 6bf7875f0a32ef02-MIA
x-amz-cf-id: yVhfv_D26_pNCwgvU4DQ5bK-6mBnNxpBUp7h-HvPbXjdqxA74_8keg==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 css
fonts.googleapis.com/ 820 B
486 B 222ms
81ms Stylesheet
text/css 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Shadows+Into+Light+Two&display=swap

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5d67b40783f583fa48ec3a8d7346bb2a7396407bb7fb4b5ad6a5bb3cab2dd53b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 08:17:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 18 Dec 2021 09:57:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 18 Dec 2021 09:57:45 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 221ms
80ms Stylesheet
text/css 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9c65db554d57f17a964bee80b4c94050e40f3a692852cf0ca2fdb9612c83273

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 08:36:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 18 Dec 2021 09:57:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 18 Dec 2021 09:57:45 GMT

GET
H2 200 continue.png
content.lowermybills.com/lre/ 5 KB
5 KB 49ms
48ms Image
image/png 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/continue.png
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b899e50c2015a1c2e3c6b10138755b33f249afcb60b340cbde60c89785d7e18

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 4bfb5bb8bc988f7af3321a7aa11bee76.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 4945
x-cache: Hit from cloudfront
content-length: 4932
last-modified: Wed, 08 Dec 2021 20:02:54 GMT
server: cloudflare
etag: "d028d77ea5b3745697cc424d3f465bc9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
x-amz-cf-pop: IAH50-C4
accept-ranges: bytes
cf-ray: 6bf787624bf1ef02-MIA
x-amz-cf-id: 1Nthykhq1uc8UmUL5Ov-5h4dF2QmQ7F3zkWB9KTLeHycPV3-wyaXkw==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 main.fa0ef906a27fb7fdbe60.js Show response
static-lre.lowermybills.com/ 126 KB
31 KB 59ms
59ms Script
application/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/main.fa0ef906a27fb7fdbe60.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 619189aee72b86bfd469b83e3c7260b30dc6e0ca222cd90fb3dbd25063b95ddd

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 d1c64d10e2bd86b43a04bfb63e7766c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3473
cf-ray: 6bf787605ae4ef02-MIA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 07:36:13 GMT
server: cloudflare
etag: W/"b06ee4152371834a281628d884c5a74c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: XQPyv51BmVPr.uEojZn_8blw9KPalDWb
cache-control: public, max-age=14400
x-amz-cf-pop: MIA3-C3
content-type: application/javascript
x-amz-cf-id: pVodC7xNbiNXEf5sAJQXoOr5Uwci-MLcq3rD8LxC551NNdXHJ9KKhQ==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 manifest.c92367a48898cee3653d.js Show response
static-lre.lowermybills.com/ 12 KB
5 KB 51ms
50ms Script
application/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/manifest.c92367a48898cee3653d.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1d63d900362680ba1baa9e476f03da875168e4b08a154df2f6a136e092ee060

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 0fb585f1ff1ff3e2a173c04ff76bf8ef.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3473
cf-ray: 6bf78760fb2bef02-MIA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 07:36:13 GMT
server: cloudflare
etag: W/"cb83c5dc70ceee660b86731125a0730e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: tYuFuOa2nvHwaXgm9lUmqxYjWOSYKUAg
cache-control: public, max-age=14400
x-amz-cf-pop: MIA3-C3
content-type: application/javascript
x-amz-cf-id: KMfqZCyUb0uJD0HMm3M7b3_pQqbH_QC5GMDzYGBB3hsTCFG8qq_b9w==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 vendor.a0f4e89afe7f91cc8f4d.js Show response
static-lre.lowermybills.com/ 382 KB
121 KB 63ms
63ms Script
application/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/vendor.a0f4e89afe7f91cc8f4d.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7f40dac6d30d1aedf50b58270e0578b4e5f4e6c9700f11f9bd03da5993f1a19

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:45 GMT
via: 1.1 cebfdc6d2f4a814559743884c0ccf616.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3473
cf-ray: 6bf787614b5def02-MIA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Wed, 15 Dec 2021 07:36:13 GMT
server: cloudflare
etag: W/"1ef644dd43da35aa388576b65c82beb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: Bp4jKJmb6d2t4ujJO56PicAqRcC3.QjT
cache-control: public, max-age=14400
x-amz-cf-pop: MIA3-C3
content-type: application/javascript
x-amz-cf-id: M3E--2KyiPQXRB7JlPnxXjpAXFwHuFm2NGFxOMjollU93mT7KaaFzA==
expires: Sat, 18 Dec 2021 13:57:45 GMT

GET
H2 200 datadog-rum-v3.js Show response
www.datadoghq-browser-agent.com/ 115 KB
37 KB 204ms
71ms Script
application/javascript 54.192.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.199.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-199-65.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ba25142ec99bba1e98486d8371c3cf7534ec8798ef4dab638ded05d5bb10a735

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:17 GMT
content-encoding: br
last-modified: Wed, 15 Dec 2021 12:45:17 GMT
server: AmazonS3
age: 29
etag: W/"6fa76f1f97c98116293017a1144e79e6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4b6e1bc9480bffb0b8980e408fffa59f.cloudfront.net (CloudFront)
cache-control: max-age=14400, s-maxage=60
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: xyStEjlQg3QP3hnqcwXg0qaKfYE1Qz7RqlsmT0tAqDpmpPAN51tqVQ==

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 207ms
65ms Font
font/woff2 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://refinance.lowermybills.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 17 Dec 2021 13:05:09 GMT
x-content-type-options: nosniff
age: 75157
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 17 Dec 2022 13:05:09 GMT

POST
H2 200 store-info-redis Show response
refinance.lowermybills.com/ 2 B
344 B 418ms
417ms XHR
application/json 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/store-info-redis

Requested by

Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/vendor.a0f4e89afe7f91cc8f4d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
content-length: 2
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6bf787681f7fef02-MIA

POST
H2 200 visitor Show response
refinance.lowermybills.com/ 16 B
113 B 489ms
489ms XHR
application/json 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/visitor

Requested by

Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/vendor.a0f4e89afe7f91cc8f4d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a732617c38101a63ad0f14116a16ca6d08b8562ccc8c20be9f17291427a2849f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
content-length: 16
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"10-rUyPvz2t/XnLVYpk95e2nnkHtO8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6bf787682f92ef02-MIA

GET
H2 200 deviceAtlasLmb.min.js Show response
cdn.lowermybills.com/lending-images/presentations/common/navapi/ Frame 25E6 8 KB
3 KB 69ms
55ms Script
text/javascript 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lowermybills.com/lending-images/presentations/common/navapi/deviceAtlasLmb.min.js

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1505
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 21 May 2021 02:42:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"fed6c65f5b084671-20fc-5c2ce02c32fd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
cache-control: public, max-age=14400
content-security-policy: frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
cf-ray: 6bf78769485cef02-MIA
expires: Sat, 18 Dec 2021 13:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 133 KB
50 KB 298ms
157ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-849970183

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea3a9e876585250e6c3a4ed27d2fbcfabeedbbcd4e659bb292c0be350aa6f4b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51009
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 133 KB
50 KB 221ms
79ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-755089552

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0749db936ac0c1ce70b4b46c1d2574282008960a3a05a18239393a0916cd3f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51024
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
35 KB 346ms
205ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72055405-1

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bab64233e7ab88edb3c1593f08c39df82b790b297527c3ea90ee1e07be15705b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36248
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 133 KB
50 KB 337ms
198ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1066568174

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

776457dd738a6026ffa34a11a2f84cdc5bed574bedabc03b46a88bd02a4933c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50961
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 analytics Show response
ads.revjet.com/ Frame 25E6 19 KB
8 KB 207ms
64ms Script
application/javascript 74.217.31.248
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/analytics?acu=3370
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 74.217.31.248 Secaucus, United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx /
Resource Hash: 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 07:41:35 GMT
server: nginx
etag: W/"6138692f-4c14"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
expires: Sat, 18 Dec 2021 10:07:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 254ms
117ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-882032010

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

69491018a74502d801b3502df90fa548c4d5f10de147457cba675a1e34c93291

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39599
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 311ms
174ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-934858762

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

34eaf54a6cb2389275a56d5f8655be6f715234521ea95ecfc17648355d7d67d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39603
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 172ms
171ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-950054130

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d9af9beb51d67adf95f1fd417ffd2548eef3bcea21547739133af865b46eb7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39598
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 165ms
164ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-966730890

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0f16aec22b516d0b6be2817c7acda467a37db781c4b6ab8a9aaeab042568771

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39599
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 205ms
204ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-735544455

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

500b65186dec10030efad2bc91882b9c4cfacbb945f4b1faed787be53310323a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39602
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 35 KB
11 KB 152ms
69ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 90bd855f92aec63cef7a79cd868ffc8b0923a4eded158336fc3eb213fbe90166

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
last-modified: Wed, 01 Dec 2021 21:48:46 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5630FBEAC7EF43039B781306BD5F34AB Ref B: MIA301000104009 Ref C: 2021-12-18T09:57:47Z
etag: "0b35237fde6d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10224

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 203ms
202ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-874461485

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dae1ef582192b7f6a52108730195a3b37829905960ceb2b8492413618343143c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39600
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
35 KB 197ms
197ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-852807

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f02b2c547f9320eaa7781134f456ff732b866197553ddb57f9405defb51545e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35999
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1007280/ Frame 25E6 75 KB
25 KB 107ms
32ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 74ab9f9165932cad05a9e407f97c9dca24150de9c5c0dd2caf698af880fecbb2

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: PNfqZy_KG43miQx9lWuX2dbN_bEbPyWT
content-encoding: gzip
etag: "cc0e0a5117773bdce132c2d90fb2ab7c"
age: 29
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 24961
x-amz-id-2: uF7PZhqLESOSU8haW22ukw3dIHWpD9GU/GOX5L6/V9qIAH9J7MBsZMXApIHzbo94GRx3KABB20w=
x-served-by: cache-mia11363-MIA
last-modified: Mon, 13 Dec 2021 13:20:48 GMT
server: AmazonS3
x-timer: S1639821467.160970,VS0,VE1
date: Sat, 18 Dec 2021 09:57:47 GMT
vary: Accept-Encoding
x-amz-request-id: 4E6AJECH0Z30EF7C
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 67
x-cache-hits: 1

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 25E6 14 KB
6 KB 193ms
57ms Script
application/javascript 151.101.248.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.248.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
last-modified: Tue, 21 Sep 2021 23:38:59 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kcgs7200112-IAD, cache-bwi5027-BWI

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 209ms
209ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-968462554

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

425e188e8ad29e2e13ca49131911b0cf1e89caefd1b3fd5c03df192309cad260

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39601
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
18 KB 211ms
75ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-add40748038f17c46b23.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

dadcb61725f4f875aee4816ce3eafd8d1b544a5350796e5e875e62ae9cdf6172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17611
x-xss-protection: 0
server: cafe
etag: 6886643199593491833
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H2 200 mgsensor.js Show response
a.mgid.com/ 12 KB
4 KB 152ms
73ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mgid.com/mgsensor.js?d=1639821467074
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/cy6raln5b/T7OUcC3zmc0oY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e526300664e61dc569d47c54c8568d7f105b0301ece8bdb525919212012159a2

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: 57772e80-ae07-43ff-8b0b-c2d0d217d1c7
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6bf7876acd405730-MIA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare

GET
H3

200

activityi;dc_pre=CPjmwICL7fQCFZAGaAgd8wcFsQ;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D...
852807.fls.doubleclick.net/ Frame 25E6
Redirect Chain

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7...
https://852807.fls.doubleclick.net/activityi;dc_pre=CPjmwICL7fQCFZAGaAgd8wcFsQ;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;g...

0
0

158ms
89ms

Image
text/html

142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://852807.fls.doubleclick.net/activityi;dc_pre=CPjmwICL7fQCFZAGaAgd8wcFsQ;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H3
Server: 142.250.65.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s72-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
location: https://852807.fls.doubleclick.net/activityi;dc_pre=CPjmwICL7fQCFZAGaAgd8wcFsQ;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame 25E6 43 B
598 B 146ms
52ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=l5ksy&p_id=Twitter

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_c /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 20
pragma: no-cache
last-modified: Sat, 18 Dec 2021 09:57:47 GMT
server: tsa_c
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 18a718dafb7833f5ea7838f9061fd34ad8e9fb2e75f2017fa16000380e7dddd2
x-transaction: 91d91e194e5f3f58
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-user-list/973523572/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=3114152561

42 B
548 B

238ms
82ms

Image
image/gif

2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=3114152561

Protocol

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=3114152561
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CN7rwICL7fQCFQ99DAod3EcC3w;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63
852807.fls.doubleclick.net/ Frame 25E6
Redirect Chain

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63?
https://852807.fls.doubleclick.net/activityi;dc_pre=CN7rwICL7fQCFQ99DAod3EcC3w;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63?

0
0

151ms
83ms

Image
text/html

142.250.65.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://852807.fls.doubleclick.net/activityi;dc_pre=CN7rwICL7fQCFQ99DAod3EcC3w;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63?
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: H3
Server: 142.250.65.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s72-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Redirect headers

date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
location: https://852807.fls.doubleclick.net/activityi;dc_pre=CN7rwICL7fQCFQ99DAod3EcC3w;src=852807;type=lrepa937;cat=lrere295;ord=67f3c395-20b9-438e-be26-3c6ee6815e63?
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-user-list/1066568174/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=414991746

42 B
108 B

239ms
84ms

Image
image/gif

2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=414991746

Protocol

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=414991746
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1
adservice.google.com/ddm/fls/z/ Frame 25E6
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=4818226;type=invmedia;cat=esvbxzky;ord=1?
https://ad.doubleclick.net/ddm/activity/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1?
https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1

42 B
494 B

231ms
81ms

Image
image/gif

2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CNLxxYCL7fQCFdoF0AQdAQwKdw;type=invmedia;cat=esvbxzky;ord=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame 25E6 43 B
717 B 233ms
77ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10070325&ec=LRELP

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
BLOB 200
OK 8745d227-4930-4e5b-b4fb-4a622ff5a9b0
https://refinance.lowermybills.com/ 26 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://refinance.lowermybills.com/8745d227-4930-4e5b-b4fb-4a622ff5a9b0
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 783810d39b0e5e91810c35613ebb64348989d0f90c17ef814ca240f21c46272f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Length: 26149

GET
H2 200 json Show response
trc.taboola.com/1007280/trc/3/ Frame 25E6 2 KB
2 KB 87ms
77ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1007280/trc/3/json?tim=1639821467219&data=%7B%22id%22%3A308%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1639821467213%2C%22cv%22%3A%2220211213-1-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22e%22%3A%22https%3A%2F%2Fwallintern.com%2F%22%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcoredigital-sc%3Aabp%3D1%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1639821467218%2C%22ref%22%3A%22https%3A%2F%2Fwallintern.com%2F%22%2C%22item-url%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 35c79f53cc4828bb97092aebc904fdf727c2459e4ec05931871bb4abaae1e367

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 46
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
server: nginx
x-timer: S1639821467.455784,VS0,VE46
x-served-by: cache-mia11363-MIA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 204 5189243.js Show response
bat.bing.com/p/action/ 0
95 B 133ms
133ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5189243.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:47 GMT
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9F0A8C10EC7D4CD785DC3899781316AB Ref B: MIA301000104009 Ref C: 2021-12-18T09:57:47Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
152 B 59ms
59ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5189243&Ver=2&mid=42856ef6-3ca1-49e4-aa6d-5f32a7a6ac67&sid=f3ff6ce05fe811ecae07bff92f9c93f1&vid=f3ff7d605fe811ec978869625b0f963a&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Refinance%20Mortgage,%20Refinancing%20Rates,%20Mortgage%20Rates%20-%20LowerMyBills&kw=refinance,%20mortgage,%20mortgages,%20refinancing,%20mortgage%20rates,%20refinance%20mortgage,%20refinance%20rates,%20refinancing%20rates,%20refinancing%20home,%20home%20loan,%20home%20loans,%20equity%20loans,%20home%20equity%20loans,%20home%20equity%20loan,%20second%20mortgage,%20home%20equity%20loan%20rates,%20credit%20card%20consolidation,%20debt%20loans,%20credit%20card%20debt%20consolidation,%20bad%20credit%20loans,%20debt%20free,%20bad%20credit,%20debt%20help,%20debt%20solutions,%20money%20management,%20credit%20card%20debt,%20personal%20loan,%20bad%20credit%20mortgage,%20mortgage%20calculator&p=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&r=https%3A%2F%2Fwallintern.com%2F&lt=3438&evt=pageLoad&msclkid=N&sv=1&rn=813870
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2C87EDF8AE394A6B87C9FACE02BE0457 Ref B: MIA301000104009 Ref C: 2021-12-18T09:57:47Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pd2120 Show response
pix.revjet.com/track/ Frame 25E6 46 B
414 B 222ms
64ms Script
text/javascript 216.223.26.59
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/track/pd2120?__noscript=false&__cbf=revjet.callbacks.cb1639821467276&location=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&referrer=https%3A%2F%2Fwallintern.com%2F&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/analytics?acu=3370
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 216.223.26.59 Secaucus, United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
Software: /
Resource Hash: de14ee9b1ba4b72a28e43f200082d65267d795a8054e50d76ec8b02d7819e683

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:47 GMT
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
content-length: 46
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: text/javascript

GET
H2 200 adsct
t.co/i/ Frame 25E6 43 B
471 B 122ms
51ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nyhmx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&event_id=dcb166dd-b881-4428-b988-9c2e9b145470&tw_document_href=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_c /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 19
pragma: no-cache
last-modified: Sat, 18 Dec 2021 09:57:47 GMT
server: tsa_c
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: fad466e17758d6760ec3f102b26b42ef9bfaf600924ca85516732ad2ff0d58d5
x-transaction: c94a76834de0b1d1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 97ms
97ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-755089552

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

7317a02358b2b617ba0934b570c313ee76f29176c4821a9a5fd1656413e5f41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14333
x-xss-protection: 0
server: cafe
etag: 8469929769973419123
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Dec 2021 09:57:47 GMT

POST
H2 200 track Show response
refinance.lowermybills.com/ 256 B
328 B 446ms
446ms XHR
application/json 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/track

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee03075b2e62f9337a1012bf1306aa05589ef0f0d5f8cf10f553f74a61fe818f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
strict-transport-security: max-age=15552000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"100-p0g/xjma2WcNDvkz7OKmUfnSPTI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6bf7876b4990ef02-MIA

GET
H2 200 1x1.gif
a.mgid.com/ 43 B
107 B 68ms
68ms Image
image/gif 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.mgid.com/1x1.gif?id=608665&type=c&tg=&r=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&utmc=0&utmt=0&nv=1&utms=&utmcp=&utmm=&clid=&cmgid=0&cmtid=0&cmtuid=0&d=1639821467442
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6bf7876b9e395730-MIA
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
94 B 256ms
101ms Ping
application/json 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&batch_time=1639821467443
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:47 GMT
content-length: 2
content-type: application/json

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 209ms
66ms Script
text/javascript 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72055405-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4608
date: Sat, 18 Dec 2021 08:40:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 18 Dec 2021 10:40:59 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 157ms
82ms Script
application/javascript 2607:f8b0:4006:817::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-735544455&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-755089552

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea1bcd0c2c2a90ad718377ec5c4b73675d62e2310a5c7e8d681bd54a0d23ee68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39611
x-xss-protection: 0
last-modified: Sat, 18 Dec 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Dec 2021 09:57:47 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/ 2 KB
1 KB 166ms
92ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=1639821467646&cv=9&fst=1639821467646&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c106624d00f5fda35a41a2fd1b502c3d445aab67a1ae76bf1d834ae814427f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1118
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/849970183/ 2 KB
1 KB 155ms
80ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/849970183/?random=1639821467649&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

3c4181519e33f8b4a6e2a12b0140d2220788fb270c4659dfe54492dcedaeafc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1259
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
849970183.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/849970183/ 0
0 226ms
79ms Image
text/html 142.251.35.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://849970183.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/849970183/?random=1639821467649&cv=9&fst=1639821467649&num=1&fmt=3&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.35.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s78-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/874461485/ 2 KB
1 KB 153ms
94ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/874461485/?random=1639821467670&cv=9&fst=1639821467670&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c93910f992c183f54337baaae5a2173d8c6f68ca783fcd30dd8dab96fcf4c70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1120
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/882032010/ 2 KB
1 KB 155ms
95ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/882032010/?random=1639821467672&cv=9&fst=1639821467672&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

088da2c8dc1351d7ce0dc26d855c1b16b52f6b4002ce3f697ac139a6fd93ea47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1117
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950054130/ 2 KB
1 KB 160ms
102ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950054130/?random=1639821467673&cv=9&fst=1639821467673&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

35563e9ffaff4ba7166d909fd7552597f6b461225f4be558a061b320ad16742c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/ 2 KB
1 KB 161ms
104ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?random=1639821467674&cv=9&fst=1639821467674&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6048848e0b6bb11437e649d51fd8c5e5c077e32c3d1cd2d39ae1614809f1fb82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1129
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/ 2 KB
1 KB 161ms
106ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1639821467676&cv=9&fst=1639821467676&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2195d700c8f7cabcbc0ef2bf3e702f470e26de64167d3382925fca8d3de96526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1117
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/ 2 KB
1 KB 151ms
98ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1639821467678&cv=9&fst=1639821467678&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef2ff20947f497b62778a1b8e9ba4b37256ac597dfc6f03cfb1f2ed2f4bbea91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1131
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 5B65 0
274 B 219ms
92ms Document
text/html 142.250.31.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 18 Dec 2021 09:57:47 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 18 Dec 2021 09:57:47 GMT
cache-control: private

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/ 2 KB
1 KB 144ms
95ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1639821467681&cv=9&fst=1639821467681&num=1&value=1&currency_code=USD&label=SuU3CIKMzqoBEIrJ_MwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc51d1d688bb790b187652ddf92eec80d1126654a4b21bd26e5cfdf6459afc15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1202
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame D939 0
683 B 200ms
75ms Document
text/html 142.250.31.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f156.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 18 Dec 2021 09:57:47 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 18 Dec 2021 09:57:47 GMT
cache-control: private

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/968462554/ 2 KB
1 KB 148ms
101ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/968462554/?random=1639821467683&cv=9&fst=1639821467683&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4661c6bf594ad03ace12d37977b26d353120eb9680ebed3ae2451bd92b8e07c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1120
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934858762/ 2 KB
1 KB 148ms
104ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934858762/?random=1639821467685&cv=9&fst=1639821467685&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0678cad651339560936563c5bd98bedaa3c23e16bc1ee15fc02aa53f522e52a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1119
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/735544455/ 2 KB
1 KB 126ms
77ms Script
text/javascript 142.250.65.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/735544455/?random=1639821467686&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f2.1e100.net

Software

cafe /

Resource Hash

361f7c06feab27d90ceebf179590bea50a2baaa4c241e7d6d08e361f18584ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1263
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/ 2 KB
1 KB 122ms
88ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1639821467695&cv=9&fst=1639821467695&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1118335355d574b64b30694988129fac0a6e95d50ae60519828876cf995c4f3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1120
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
735544455.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/735544455/ 0
0 225ms
77ms Image
text/html 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://735544455.privacysandbox.googleadservices.com/pagead/privacysandbox/conversion/735544455/?random=1639821467686&cv=9&fst=1639821467686&num=1&fmt=3&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.80.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s36-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/755089552/ 2 KB
1 KB 119ms
87ms Script
text/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/755089552/?random=1639821467697&cv=9&fst=1639821467697&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e951f5ebb51efe86ee24c782cf28935f0210538dc821cd0050810c9eef22722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1119
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame 25E6 2 KB
1 KB 31ms
31ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 2636
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: rDMHMfnTESaFXORHPxtxJCZon7db3tv2Gekam7U8xX6zAV0FXcUMHvgsv0OSweUYeUEiAzIxLqc=
x-served-by: cache-mia11363-MIA
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1639821468.717372,VS0,VE0
date: Sat, 18 Dec 2021 09:57:47 GMT
vary: Accept-Encoding
x-amz-request-id: C4YZ6XHCMPSSM0G2
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 22
x-cache-hits: 2450

GET
H2 200 json Show response
trc.taboola.com/1390358/trc/3/ Frame 25E6 2 KB
2 KB 77ms
76ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1390358/trc/3/json?tim=1639821467700&data=%7B%22id%22%3A503%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3A%22829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b%22%2C%22vi%22%3A1639821467213%2C%22cv%22%3A%2220211213-1-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22e%22%3A%22https%3A%2F%2Fwallintern.com%2F%22%2C%22cb%22%3A%22TFASC.trkCallback1%22%2C%22qs%22%3A%22%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcoredigital-sc%3Aabp%3D1%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1639821467221%2C%22ref%22%3A%22https%3A%2F%2Fwallintern.com%2F%22%2C%22item-url%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d611b9cad5022513becd65facf53939462c50d41fc99cfe231a054487df8440f

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-vcl-time-ms: 45
date: Sat, 18 Dec 2021 09:57:47 GMT
content-encoding: gzip
server: nginx
x-timer: S1639821468.719134,VS0,VE45
x-served-by: cache-mia11363-MIA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 panorama.js Show response
cdn.taboola.com/scripts/ Frame 25E6 1 KB
983 B 38ms
32ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/panorama.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: CYlu4uGxGteYv0_gS3v6WaXb_4ObQ4ke
content-encoding: gzip
etag: "245ecb1e94189239a899012670435435"
age: 9853
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 710
x-amz-id-2: EoI6pyCwRLsVwe/LBZHiOYLkJMl3NkhMQl2f6cIbQajea/9TdpKxHTx9vwPTGLBVjHw1HjeOGtI=
x-served-by: cache-mia11363-MIA
last-modified: Sun, 18 Apr 2021 12:53:28 GMT
server: AmazonS3
x-timer: S1639821468.816526,VS0,VE0
date: Sat, 18 Dec 2021 09:57:47 GMT
vary: Accept-Encoding
x-amz-request-id: C4YS1MRX897MKC98
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 22
x-cache-hits: 5159

GET
H/1.1 200
OK rum
dsum-sec.casalemedia.com/ Frame 25E6 43 B
315 B 226ms
85ms Image
image/gif 23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?external_user_id=829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Dec 2021 09:57:47 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 18 Dec 2021 09:57:47 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 150ms
79ms XHR
text/plain 2607:f8b0:4006:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1001371107&t=pageview&_s=1&dl=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&dr=https%3A%2F%2Fwallintern.com%2F&ul=en-us&de=UTF-8&dt=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=326003093&gjid=1645827221&cid=751002608.1639821468&tid=UA-72055405-1&_gid=1727345594.1639821468&_r=1&gtm=2ouc10&z=1442027009

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 111ms
111ms Ping
application/json 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&batch_time=1639821467857
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:47 GMT
content-length: 2
content-type: application/json

GET
H2 200 /
www.google.com/pagead/1p-user-list/755089552/ 42 B
108 B 87ms
87ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/755089552/?random=1639821467697&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=985818327&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/735544455/ 42 B
108 B 84ms
83ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/735544455/?random=1639821467695&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=1983236430&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.com/pagead/1p-conversion/735544455/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...

42 B
64 B

164ms
90ms

Image
image/gif

2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YbXaL5iUoPMPkMaokAk&cid=CAQSKQCNIrLMXsu0Z17CRE6_tMR4MxPqYy9VZ1uWLyDfbe3aPcUaIM1PIMBr&random=4146856958&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-conversion/735544455/?random=1478119366&cv=9&fst=1639821467686&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YbXaL5iUoPMPkMaokAk&cid=CAQSKQCNIrLMXsu0Z17CRE6_tMR4MxPqYy9VZ1uWLyDfbe3aPcUaIM1PIMBr&random=4146856958&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/849970183/ 42 B
108 B 81ms
81ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/849970183/?random=1639821467646&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3264681721&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.com/pagead/1p-conversion/849970183/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...

42 B
64 B

160ms
87ms

Image
image/gif

2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YcngL8yNNanRlPAO&cid=CAQSKQCNIrLMNbbISzoOoY61RGsq6m3cohZx1CYXI8NXpOcK9abLP6OqWHDx&random=2502225918&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-conversion/849970183/?random=1204752641&cv=9&fst=1639821467649&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1560593815.1639821467&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=m7C9YcngL8yNNanRlPAO&cid=CAQSKQCNIrLMNbbISzoOoY61RGsq6m3cohZx1CYXI8NXpOcK9abLP6OqWHDx&random=2502225918&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/874461485/ 42 B
108 B 84ms
84ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/874461485/?random=1639821467670&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=1934716698&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/966730890/ 42 B
108 B 83ms
83ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1639821467681&cv=9&fst=1639818000000&num=1&value=1&currency_code=USD&label=SuU3CIKMzqoBEIrJ_MwD&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=2321770851&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/882032010/ 42 B
108 B 83ms
83ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/882032010/?random=1639821467672&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=4111100537&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/966730890/ 42 B
108 B 85ms
85ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1639821467678&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3541653839&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/968462554/ 42 B
108 B 83ms
83ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/968462554/?random=1639821467683&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=4127762303&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950054130/ 42 B
108 B 83ms
83ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950054130/?random=1639821467673&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3758953026&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/934858762/ 42 B
108 B 109ms
109ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934858762/?random=1639821467685&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=738639133&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1066568174/ 42 B
108 B 105ms
105ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1066568174/?random=1639821467674&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3880880338&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/966730890/ 42 B
108 B 108ms
108ms Image
image/gif 2607:f8b0:4006:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1639821467676&cv=9&fst=1639818000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oac10&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6&ref=https%3A%2F%2Fwallintern.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3447835611&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Dec 2021 09:57:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 112ms
112ms Ping
application/json 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&batch_time=1639821467897
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:47 GMT
content-length: 2
content-type: application/json

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
93 B 106ms
105ms Ping
application/json 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&batch_time=1639821467979
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 18 Dec 2021 09:57:48 GMT
content-length: 2
content-type: application/json

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
447 B 193ms
68ms XHR
text/plain 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-72055405-1&cid=751002608.1639821468&jid=326003093&gjid=1645827221&_gid=1727345594.1639821468&_u=YEBAAUAAAAAAAC~&z=313339592

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 18 Dec 2021 09:57:48 GMT
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1007280/log/3/ Frame 25E6 0
388 B 231ms
65ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1007280/log/3/unip?en=pre_d_eng_tb&tos=1552&scd=0&ssd=1&est=1639821467216&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1639821468768&vi=1639821467213&ri=e4a4287740a55c5fe24896afeb52ddf1&sd=v2_87e6645a06d827ad8bf6cb0ffe6e156c_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8QsL09GM285-fcLyABKAEw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ&ui=829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b&ref=https%3A%2F%2Fwallintern.com%2F&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Sat, 18 Dec 2021 09:57:48 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1390358/log/3/ Frame 25E6 0
387 B 231ms
66ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1390358/log/3/unip?en=pre_d_eng_tb&tos=1553&scd=0&ssd=1&est=1639821467216&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1639821468769&vi=1639821467213&ri=54180617062a5538b0a24e50b4e3b0cc&sd=v2_85bc8298945d41a96cf42dcff6eebe9d_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8Qlu5UGM285-fcLyABKAMw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ&ui=829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b&ref=https%3A%2F%2Fwallintern.com%2F&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Sat, 18 Dec 2021 09:57:48 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1007280/log/3/ Frame 25E6 0
386 B 68ms
68ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1007280/log/3/unip?en=pre_d_eng_tb&tos=4554&scd=0&ssd=1&est=1639821467216&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1639821471770&vi=1639821467213&ri=e4a4287740a55c5fe24896afeb52ddf1&sd=v2_87e6645a06d827ad8bf6cb0ffe6e156c_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8QsL09GM285-fcLyABKAEw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ&ui=829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b&ref=https%3A%2F%2Fwallintern.com%2F&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Sat, 18 Dec 2021 09:57:51 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1390358/log/3/ Frame 25E6 0
386 B 67ms
67ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1390358/log/3/unip?en=pre_d_eng_tb&tos=4554&scd=0&ssd=1&est=1639821467216&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1639821471770&vi=1639821467213&ri=54180617062a5538b0a24e50b4e3b0cc&sd=v2_85bc8298945d41a96cf42dcff6eebe9d_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8Qlu5UGM285-fcLyABKAMw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ&ui=829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b&ref=https%3A%2F%2Fwallintern.com%2F&cv=20211213-1-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fsourceid%3Dlmb-53704-112245-289%26pkey1%3D289%26pkey2%3D350609%26pkey3%3D%26sid%3D4%26cmpid%3D1846%26crtid%3D6
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Sat, 18 Dec 2021 09:57:51 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

POST
H2 200 track
refinance.lowermybills.com/ 257 B
353 B 474ms
473ms XHR
application/json 2606:4700::6812:129f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/track

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:129f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 Dec 2021 09:57:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
strict-transport-security: max-age=15552000; includeSubDomains
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"101-ZtEMt/sswU+U2GVhiZH6Ctj/DcI"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6bf787874b7aef02-MIA

POST pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 0
0

GET questions
refinance.lowermybills.com/ 0
0

POST replay
session-replay.browser-intake-datadoghq.com/api/v2/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rum-http-intake.logs.datadoghq.com
URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&batch_time=1639821472348

Domain: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/questions

Domain: session-replay.browser-intake-datadoghq.com
URL: https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A3.10.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-NJ16GBC3E&dd-api-key=pubdff5c93c0a8137997d0bc115c7949e0c&dd-evp-origin-version=3.10.0&dd-evp-origin=browser&dd-request-id=e8194427-362a-4ec6-b7e9-d1f9ccc32fbc

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/coredigital-quickenloans-video/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_85bc8298945d41a96cf42dcff6eebe9d_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8Qlu5UGM285-fcLyABKAMw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ
.taboola.com/coredigital-sc/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_87e6645a06d827ad8bf6cb0ffe6e156c_829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b_1639821467_1639821467_CN7jiB8QsL09GM285-fcLyABKAEw4QE4kaQOQNWmD0jn0NkDUKsEWABgAGiApKeijMutlDNwAQ
wallintern.com/	1970-01-20 00:13:33	Name: uid1262 Value: 649046572-20211218045743-7439465183040a3119f9d97be7a48cbb-
.cdmtrk.com/	1969-12-31 23:59:59	Name: sid Value: YOBowYLAN251vgtvhOKEB/En/UT9OLb5W74SV0n9wrNmGONV7XVCyw==
.cdmtrk.com/	1970-01-21 19:19:19	Name: trk Value: JsZE9JMYuZR1vgtvhOKEB/En/UT9OLb5W74SV0n9wrNmGONV7XVCyw==
.cdmtrk.com/	1970-01-21 19:19:47	Name: c4 Value: YOBowYLAN27THXCH8OeDWaSPoVbiRKDFfK/xhjObovk=
refinance.lowermybills.com/	1970-01-20 08:15:57	Name: visitorId Value: 67f3c395-20b9-438e-be26-3c6ee6815e63
refinance.lowermybills.com/	1970-01-19 23:40:26	Name: sourceId Value: lmb-53704-112245-289
refinance.lowermybills.com/	1970-01-19 23:40:26	Name: connect.sid Value: s%3AbxdP1I9YJ7MoHzZBiX6Nvf8AhivcTFUK.0Gk%2Fg50KTCHE0zvh1YU0GM8RQweLP0Pgnug53x%2FF09E
refinance.lowermybills.com/	1969-12-31 23:59:59	Name: BIGipServerpl.prod-lrelpwapp-lnd Value: !1qiRV+2DB/8vy5NRHhj5eaSY0gTQ+NS8dYFMoJVpT6nvemHqfdI10+HWdtEjWk2CYMZbbqOKnIiMIa0=
refinance.lowermybills.com/	1969-12-31 23:59:59	Name: TS014fdca0 Value: 012d8c2fc33193a3452b044522f545869dc8fa4a09a22c802e0d7c4bac95bcf448fdfa54a6df2e01552f5f6422aefa29e9253e1f33
refinance.lowermybills.com/	1970-01-19 23:31:47	Name: DAPROPS Value: "sjs.webGlRenderer:Intel Iris OpenGL Engine\|bjs.accessDom:1\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.deviceOrientation:0\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.touchEvents:0\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|buserMedia:1\|bjs.battery:0"
refinance.lowermybills.com/	1970-01-19 23:30:22	Name: _dd_s Value: rum=1&id=d8871e3b-7329-43aa-bca9-ceacccac61b4&created=1639821467019&expire=1639822367019
.bing.com/	1970-01-20 08:51:57	Name: MUID Value: 0DA1A79CF9536C543803B68DF8ED6DE2
.bat.bing.com/	1970-01-19 23:40:26	Name: MR Value: 0
.lowermybills.com/	1970-01-19 23:31:47	Name: _uetsid Value: f3ff6ce05fe811ecae07bff92f9c93f1
.lowermybills.com/	1970-01-20 08:51:57	Name: _uetvid Value: f3ff7d605fe811ec978869625b0f963a
.lowermybills.com/	1970-01-20 01:39:57	Name: _gcl_au Value: 1.1.1560593815.1639821467
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: lbiLp7VTT0V1
.mgid.com/	1970-01-19 23:30:23	Name: __cf_bm Value: d8701c6aef0e3170dff90eef0cf9c4b9d8f8d642-1639821467-0-ARfwQ04YpIv7Pa+zP7m+X9VHtJiUaJPwg4M8wsFC5bOPJ6F1Fo2Hlzb8CQjgzSN0z3qDpTJmkv+pATYtj4gzMxQ=
refinance.lowermybills.com/	1970-01-20 01:39:57	Name: MgidSensorNVis Value: 1
refinance.lowermybills.com/	1970-01-20 01:39:57	Name: MgidSensorHref Value: https://refinance.lowermybills.com/?sourceid=lmb-53704-112245-289&pkey1=289&pkey2=350609&pkey3=&sid=4&cmpid=1846&crtid=6
.twitter.com/	1970-01-20 17:01:33	Name: personalization_id Value: "v1_MTG6tezay4FuVCJtpPOeqg=="
.taboola.com/	1970-01-20 08:15:57	Name: t_gid Value: 829940eb-b2a6-4119-80f3-76c735f6b5b6-tuct8b7361b
.yahoo.com/	1970-01-20 08:16:19	Name: A3 Value: d=AQABBJuwvWECEPYtqh1nBodfJaNRBQa6UjMFEgEBAQECv2HHYQAAAAAA_eMAAA&S=AQAAAqVDKSBir1UeJ8KOi5V79YY
.revjet.com/	1970-01-20 17:01:33	Name: trx Value: 4759794657649090540
.lowermybills.com/	1970-01-20 17:01:33	Name: _ga Value: GA1.2.751002608.1639821468
.lowermybills.com/	1970-01-19 23:31:47	Name: _gid Value: GA1.2.1727345594.1639821468
.lowermybills.com/	1970-01-19 23:30:21	Name: _gat_gtag_UA_72055405_1 Value: 1
.doubleclick.net/	1970-01-20 17:01:33	Name: IDE Value: AHWqTUlw3cujkxuz9GZsHzdO8GqwtqGhmOXMjKmbsODPxKXV0t2LtdFLk6CD2yy0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

735544455.privacysandbox.googleadservices.com
849970183.privacysandbox.googleadservices.com
852807.fls.doubleclick.net
a.mgid.com
ad.doubleclick.net
ads.revjet.com
adservice.google.com
analytics.twitter.com
bat.bing.com
bid.g.doubleclick.net
cdmtrk.com
cdn-refinance.lowermybills.com
cdn.lowermybills.com
cdn.taboola.com
content.lowermybills.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gonelens.com
googleads.g.doubleclick.net
pix.revjet.com
refinance.lowermybills.com
rum-http-intake.logs.datadoghq.com
s3-us-west-2.amazonaws.com
session-replay.browser-intake-datadoghq.com
sp.analytics.yahoo.com
static-lre.lowermybills.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
trc-events.taboola.com
trc.taboola.com
wallintern.com
www.datadoghq-browser-agent.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.lowermybills.com
refinance.lowermybills.com
rum-http-intake.logs.datadoghq.com
session-replay.browser-intake-datadoghq.com
103.47.210.186
104.19.136.78
104.244.42.197
104.244.42.67
111.90.158.43
141.226.224.48
142.250.31.156
142.250.65.198
142.250.65.226
142.250.80.98
142.251.35.162
151.101.129.44
151.101.248.157
216.223.26.59
23.52.162.21
2600:1f18:24e6:b901:20d9:9d03:2f6c:2c90
2606:4700::6812:129f
2607:f8b0:4004:c17::9a
2607:f8b0:4006:80a::2004
2607:f8b0:4006:816::200a
2607:f8b0:4006:817::2008
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2003
2607:f8b0:4006:820::2002
2607:f8b0:4006:820::200e
2620:1ec:c11::200
34.209.239.17
52.218.225.0
54.192.199.65
74.217.31.248
76.13.32.146
0749db936ac0c1ce70b4b46c1d2574282008960a3a05a18239393a0916cd3f96
088da2c8dc1351d7ce0dc26d855c1b16b52f6b4002ce3f697ac139a6fd93ea47
0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1118335355d574b64b30694988129fac0a6e95d50ae60519828876cf995c4f3b
1d9af9beb51d67adf95f1fd417ffd2548eef3bcea21547739133af865b46eb7e
2195d700c8f7cabcbc0ef2bf3e702f470e26de64167d3382925fca8d3de96526
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb
34eaf54a6cb2389275a56d5f8655be6f715234521ea95ecfc17648355d7d67d3
35563e9ffaff4ba7166d909fd7552597f6b461225f4be558a061b320ad16742c
35c79f53cc4828bb97092aebc904fdf727c2459e4ec05931871bb4abaae1e367
361f7c06feab27d90ceebf179590bea50a2baaa4c241e7d6d08e361f18584ebc
3c4181519e33f8b4a6e2a12b0140d2220788fb270c4659dfe54492dcedaeafc7
3e951f5ebb51efe86ee24c782cf28935f0210538dc821cd0050810c9eef22722
425e188e8ad29e2e13ca49131911b0cf1e89caefd1b3fd5c03df192309cad260
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48131f2cd42c75e8b070bb587ca111b475450de15c89d8d9a4ff646e388985f2
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
500b65186dec10030efad2bc91882b9c4cfacbb945f4b1faed787be53310323a
5d67b40783f583fa48ec3a8d7346bb2a7396407bb7fb4b5ad6a5bb3cab2dd53b
6048848e0b6bb11437e649d51fd8c5e5c077e32c3d1cd2d39ae1614809f1fb82
619189aee72b86bfd469b83e3c7260b30dc6e0ca222cd90fb3dbd25063b95ddd
69491018a74502d801b3502df90fa548c4d5f10de147457cba675a1e34c93291
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7317a02358b2b617ba0934b570c313ee76f29176c4821a9a5fd1656413e5f41b
74ab9f9165932cad05a9e407f97c9dca24150de9c5c0dd2caf698af880fecbb2
776457dd738a6026ffa34a11a2f84cdc5bed574bedabc03b46a88bd02a4933c4
783810d39b0e5e91810c35613ebb64348989d0f90c17ef814ca240f21c46272f
796d51e183637a7786d5eea27b671259016e12b7c546b3359442ac84fc940916
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
90bd855f92aec63cef7a79cd868ffc8b0923a4eded158336fc3eb213fbe90166
9b899e50c2015a1c2e3c6b10138755b33f249afcb60b340cbde60c89785d7e18
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4661c6bf594ad03ace12d37977b26d353120eb9680ebed3ae2451bd92b8e07c
a732617c38101a63ad0f14116a16ca6d08b8562ccc8c20be9f17291427a2849f
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b0678cad651339560936563c5bd98bedaa3c23e16bc1ee15fc02aa53f522e52a
b0f16aec22b516d0b6be2817c7acda467a37db781c4b6ab8a9aaeab042568771
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d63d900362680ba1baa9e476f03da875168e4b08a154df2f6a136e092ee060
ba25142ec99bba1e98486d8371c3cf7534ec8798ef4dab638ded05d5bb10a735
bab64233e7ab88edb3c1593f08c39df82b790b297527c3ea90ee1e07be15705b
c106624d00f5fda35a41a2fd1b502c3d445aab67a1ae76bf1d834ae814427f6c
c93910f992c183f54337baaae5a2173d8c6f68ca783fcd30dd8dab96fcf4c70c
cf007d554e6dad2b0d664a6cce2111c81606834013d085bfd20431070677d8d7
d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9
d611b9cad5022513becd65facf53939462c50d41fc99cfe231a054487df8440f
d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3
d7f40dac6d30d1aedf50b58270e0578b4e5f4e6c9700f11f9bd03da5993f1a19
d9c65db554d57f17a964bee80b4c94050e40f3a692852cf0ca2fdb9612c83273
dadcb61725f4f875aee4816ce3eafd8d1b544a5350796e5e875e62ae9cdf6172
dae1ef582192b7f6a52108730195a3b37829905960ceb2b8492413618343143c
dc51d1d688bb790b187652ddf92eec80d1126654a4b21bd26e5cfdf6459afc15
de14ee9b1ba4b72a28e43f200082d65267d795a8054e50d76ec8b02d7819e683
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfbb68a607fce330b914b436c6b37095f903490dd5877179e3ce4878aebeb57e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e526300664e61dc569d47c54c8568d7f105b0301ece8bdb525919212012159a2
ea1bcd0c2c2a90ad718377ec5c4b73675d62e2310a5c7e8d681bd54a0d23ee68
ea3a9e876585250e6c3a4ed27d2fbcfabeedbbcd4e659bb292c0be350aa6f4b4
ee03075b2e62f9337a1012bf1306aa05589ef0f0d5f8cf10f553f74a61fe818f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2ff20947f497b62778a1b8e9ba4b37256ac597dfc6f03cfb1f2ed2f4bbea91
f02b2c547f9320eaa7781134f456ff732b866197553ddb57f9405defb51545e2

refinance.lowermybills.com Open in urlscan Pro 2606:4700::6812:129f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

103 Requests

89 %HTTPS

35 %IPv6

24 Domains

39 Subdomains

30 IPs

4 Countries

940 kBTransfer

2713 kBSize

30 Cookies

3 Outgoing links

Page URL History

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

refinance.lowermybills.com Open in urlscan Pro
2606:4700::6812:129f Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

89 %
HTTPS

35 %
IPv6

24
Domains

39
Subdomains

30
IPs

4
Countries

940 kB
Transfer

2713 kB
Size

30
Cookies

103 HTTP transactions
0 data transactions