refinance.lowermybills.com Open in urlscan Pro
2606:4700::6812:139f Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html#qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbefeiacb?M...
Effective URL:
https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Submission: On March 11 via api (March 11th 2022, 11:53:03 am UTC) from BE — Scanned from US

Summary HTTP 117 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 32 IPs in 3 countries across 25 domains to perform 117 HTTP transactions. The main IP is 2606:4700::6812:139f, located in United States and belongs to CLOUDFLARENET, US. The main domain is refinance.lowermybills.com. The Cisco Umbrella rank of the primary domain is 559993.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 10th 2021. Valid for: a year.

This is the only time refinance.lowermybills.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.92.164.202 52.92.164.202	16509 (AMAZON-02) (AMAZON-02)
1 1	103.129.199.220 103.129.199.220	135542 (LIGHTCLOU...) (LIGHTCLOUD-AS-AP LIGHT CLOUD TECHNOLOGY)
1	38.145.210.70 38.145.210.70	18978 (ENZUINC-) (ENZUINC-)
1 1	52.38.233.250 52.38.233.250	16509 (AMAZON-02) (AMAZON-02)
1 20	2606:4700::68... 2606:4700::6812:139f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	143.204.146.120 143.204.146.120	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:80a::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2607:f8b0:400... 2607:f8b0:4006:821::2008	15169 (GOOGLE) (GOOGLE)
1	13.33.85.127 13.33.85.127	16509 (AMAZON-02) (AMAZON-02)
1	13.33.60.37 13.33.60.37	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4006:808::2003	15169 (GOOGLE) (GOOGLE)
5	2600:1f18:24e... 2600:1f18:24e6:b900:11d3:d432:4966:d525	14618 (AMAZON-AES) (AMAZON-AES)
1	2001:4860:480... 2001:4860:4802:38::15	15169 (GOOGLE) (GOOGLE)
1	74.201.172.221 74.201.172.221	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
1	146.75.32.157 146.75.32.157	54113 (FASTLY) (FASTLY)
5	142.250.64.98 142.250.64.98	15169 (GOOGLE) (GOOGLE)
2	104.19.132.78 104.19.132.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	142.250.64.102 142.250.64.102	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
5 16	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:400... 2607:f8b0:4006:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
1	76.13.32.146 76.13.32.146	26101 (YAHOO-BF1) (YAHOO-BF1)
2	2607:f8b0:400... 2607:f8b0:4006:824::200e	15169 (GOOGLE) (GOOGLE)
1	51.81.46.107 51.81.46.107	16276 (OVH) (OVH)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	52.23.126.38 52.23.126.38	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:402... 2607:f8b0:4023:1407::9d	15169 (GOOGLE) (GOOGLE)
2	3.219.201.101 3.219.201.101	14618 (AMAZON-AES) (AMAZON-AES)
4	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
117	32

1 52.92.164.202 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

1t7ager7sr.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.129.199.220 (Malaysia) 1 redirects

ASN135542 (LIGHTCLOUD-AS-AP LIGHT CLOUD TECHNOLOGY, MY)
PTR: chosentask.com

chosentask.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.145.210.70 (Los Angeles, United States)

ASN18978 (ENZUINC-, US)
PTR: 70.210-145-38.rdns.scalabledns.com

shapelyparadise.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.38.233.250 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-233-250.us-west-2.compute.amazonaws.com

cdmtrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6812:139f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
refinance.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-lre.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn-refinance.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
content.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.146.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-146-120.ewr52.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::200a (Queens, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:821::2008 (Queens, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.85.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-85-127.ewr52.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.60.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-60-37.ewr52.r.cloudfront.net

privacy-policy.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::2003 (Queens, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:24e6:b900:11d3:d432:4966:d525 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:38::15 (United States)

ASN15169 (GOOGLE, US)

sgtm.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.201.172.221 (Secaucus, United States)

ASN29791 (VOXEL-DOT-NET, US)
PTR: hosted-by.myinternetservices.com

ads.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.32.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.64.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.132.78 (None, )

ASN13335 (CLOUDFLARENET, US)

a.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.64.102 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f6.1e100.net

852807.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:80b::2002 (Queens, United States) 5 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4006:80e::2004 (Queens, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::2002 (Queens, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.146 (Lockport, United States)

ASN26101 (YAHOO-BF1, US)
PTR: spdc.pbp.vip.bf1.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::200e (Queens, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.81.46.107 (Warrenton, United States)

ASN16276 (OVH, FR)
PTR: ext.svh64.incmdb.net

pix.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.23.126.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-126-38.compute-1.amazonaws.com

psp.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4023:1407::9d (Columbus, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.219.201.101 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-201-101.compute-1.amazonaws.com

trc.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	doubleclick.net 9 redirects 852807.fls.doubleclick.net — Cisco Umbrella Rank: 979954 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 ad.doubleclick.net — Cisco Umbrella Rank: 181 stats.g.doubleclick.net — Cisco Umbrella Rank: 68	15 KB
21	lowermybills.com 1 redirects www.lowermybills.com — Cisco Umbrella Rank: 20529 refinance.lowermybills.com — Cisco Umbrella Rank: 559993 static-lre.lowermybills.com — Cisco Umbrella Rank: 719878 cdn-refinance.lowermybills.com — Cisco Umbrella Rank: 702537 content.lowermybills.com — Cisco Umbrella Rank: 595972 sgtm.lowermybills.com — Cisco Umbrella Rank: 740089 cdn.lowermybills.com — Cisco Umbrella Rank: 513829	441 KB
17	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	2 KB
16	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	682 KB
10	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 971 trc.taboola.com — Cisco Umbrella Rank: 562 trc-events.taboola.com — Cisco Umbrella Rank: 1670	30 KB
6	pushnami.com api.pushnami.com — Cisco Umbrella Rank: 4232 psp.pushnami.com — Cisco Umbrella Rank: 14910 trc.pushnami.com — Cisco Umbrella Rank: 4397	19 KB
5	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 101	49 KB
5	datadoghq.com rum-http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 2891	626 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 338	12 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	mgid.com a.mgid.com — Cisco Umbrella Rank: 18558	6 KB
2	revjet.com ads.revjet.com — Cisco Umbrella Rank: 2725 pix.revjet.com — Cisco Umbrella Rank: 5485	9 KB
2	gstatic.com fonts.gstatic.com	46 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
1	t.co t.co — Cisco Umbrella Rank: 448	336 B
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 779	714 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 464	353 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 531	6 KB
1	truste.com privacy-policy.truste.com — Cisco Umbrella Rank: 7450	16 KB
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 3100	37 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1207	5 KB
1	cdmtrk.com 1 redirects cdmtrk.com — Cisco Umbrella Rank: 328718	871 B
1	shapelyparadise.com shapelyparadise.com	470 B
1	chosentask.com 1 redirects chosentask.com	410 B
1	amazonaws.com 1t7ager7sr.s3.us-west-2.amazonaws.com	458 B
117	25

	Domain	Requested by
16	www.google.com
16	googleads.g.doubleclick.net	5 redirects www.googleadservices.com
16	www.googletagmanager.com	refinance.lowermybills.com www.googletagmanager.com cdn-refinance.lowermybills.com
9	content.lowermybills.com	refinance.lowermybills.com static-lre.lowermybills.com
5	www.googleadservices.com	cdn-refinance.lowermybills.com www.googletagmanager.com www.googleadservices.com
5	rum-http-intake.logs.datadoghq.com	www.datadoghq-browser-agent.com
4	trc-events.taboola.com	cdn.taboola.com
4	852807.fls.doubleclick.net	2 redirects refinance.lowermybills.com
4	cdn.taboola.com	1t7ager7sr.s3.us-west-2.amazonaws.com cdn.taboola.com
4	static-lre.lowermybills.com	refinance.lowermybills.com
4	refinance.lowermybills.com	shapelyparadise.com static-lre.lowermybills.com www.datadoghq-browser-agent.com
3	bat.bing.com	1t7ager7sr.s3.us-west-2.amazonaws.com bat.bing.com
2	trc.pushnami.com	www.datadoghq-browser-agent.com
2	psp.pushnami.com	www.datadoghq-browser-agent.com
2	trc.taboola.com	cdn.taboola.com
2	www.google-analytics.com	www.googletagmanager.com www.datadoghq-browser-agent.com
2	ad.doubleclick.net	2 redirects
2	a.mgid.com	1t7ager7sr.s3.us-west-2.amazonaws.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	refinance.lowermybills.com
2	api.pushnami.com	refinance.lowermybills.com api.pushnami.com
1	stats.g.doubleclick.net	www.datadoghq-browser-agent.com
1	t.co	refinance.lowermybills.com
1	pix.revjet.com	ads.revjet.com
1	sp.analytics.yahoo.com	refinance.lowermybills.com
1	adservice.google.com	refinance.lowermybills.com
1	analytics.twitter.com	refinance.lowermybills.com
1	static.ads-twitter.com	1t7ager7sr.s3.us-west-2.amazonaws.com
1	ads.revjet.com	1t7ager7sr.s3.us-west-2.amazonaws.com
1	cdn.lowermybills.com	cdn-refinance.lowermybills.com
1	sgtm.lowermybills.com	www.datadoghq-browser-agent.com
1	privacy-policy.truste.com	static-lre.lowermybills.com
1	www.datadoghq-browser-agent.com	refinance.lowermybills.com
1	static.cloudflareinsights.com	refinance.lowermybills.com
1	cdn-refinance.lowermybills.com	refinance.lowermybills.com
1	www.lowermybills.com	1 redirects
1	cdmtrk.com	1 redirects
1	shapelyparadise.com	1t7ager7sr.s3.us-west-2.amazonaws.com
1	chosentask.com	1 redirects
1	1t7ager7sr.s3.us-west-2.amazonaws.com
117	40

This site contains links to these domains. Also see Links.

Domain
lmb.lowermybills.com
www.lowermybills.com
privacyportal-cdn.onetrust.com
www.hud.gov
privacy.truste.com
www.thawte.com
www.bbb.org
mba.org
www.quickenloans.com
sf.freddiemac.com
www.fhfaoig.gov
finance.yahoo.com
loanlookup.freddiemac.com
www.knowyouroptions.com

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com Amazon	`2021-12-17` - `2022-11-29`	a year	crt.sh
shapelyparadise.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-23` - `2022-08-23`	a year	crt.sh
lowermybills.com Cloudflare Inc ECC CA-3	`2021-12-10` - `2022-12-10`	a year	crt.sh
*.pushnami.com Amazon	`2021-04-18` - `2022-05-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.datadoghq-browser-agent.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-17` - `2023-02-18`	a year	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.logs.datadoghq.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-31` - `2022-05-31`	2 years	crt.sh
sgtm.lowermybills.com GTS CA 1D4	`2022-01-28` - `2022-04-28`	3 months	crt.sh
*.revjet.com Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2022-04-10`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-12-22` - `2022-06-22`	6 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Frame ID: 5683C1FE30F8A77CBE8055792B94D9EB
Requests: 93 HTTP requests in this frame

Frame: https://cdn.lowermybills.com/lending-images/presentations/common/navapi/deviceAtlasLmb.min.js
Frame ID: E725C98ECDF5FF90EEF621D431B7FA0C
Requests: 20 HTTP requests in this frame

Frame: https://api.pushnami.com/scripts/v1/hub
Frame ID: 264884CA70A13D813BC8775AD8EF5143
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Refinance Mortgage, Refinancing Rates, Mortgage Rates - LowerMyBills

Page URL History Show full URLs

https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html Page URL
http://chosentask.com/qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbef... HTTP 302
https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937... Page URL
https://cdmtrk.com/?E=XCigL8lXyiXuOaX1P1xwAQ%3d%3d&s1=690321&s2=1248562969&s3=28618_7828573_13 HTTP 302
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-131&pkey1=131&pkey2=690321&... HTTP 301
https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&source... Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Pushnami (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

api\.pushnami\.com

Page Statistics

117
Requests

91 %
HTTPS

39 %
IPv6

25
Domains

40
Subdomains

32
IPs

3
Countries

1397 kB
Transfer

3543 kB
Size

35
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://lmb.lowermybills.com/reficalculator
Title: Free Refinance Calculator

Search URL Search Domain Scan URL

URL: https://www.lowermybills.com/legal/stateprivacy/
Title: Information that we collect and share about you

Search URL Search Domain Scan URL

URL: https://privacyportal-cdn.onetrust.com/dsarwebform/37cf9a71-5b40-4cf5-a30e-8beabeed8379/c3baaee8-0b37-4f2b-bf4c-76b0e035482e.html
Title: Do not sell my personal information

Search URL Search Domain Scan URL

URL: https://www.hud.gov/

Search URL Search Domain Scan URL

URL: https://privacy.truste.com/privacy-seal/validation?rid=36759420-4093-4a7b-bf8a-2029fcf0dd2d

Search URL Search Domain Scan URL

URL: https://www.thawte.com/ssl/secured-seal/

Search URL Search Domain Scan URL

URL: https://www.bbb.org/us/ca/los-angeles/profile/financial-services/lower-my-bills-1216-13130473

Search URL Search Domain Scan URL

URL: https://mba.org/

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/mortgage-options/fixed-home-loans
Title: https://www.quickenloans.com/mortgage-options/fixed-home-loans

Search URL Search Domain Scan URL

URL: https://www.hud.gov/program_offices/housing/sfh/lender/origination/mortgage_limits
Title: https://www.hud.gov/program_offices/housing/sfh/lender/origination/mortgage_limits

Search URL Search Domain Scan URL

URL: https://sf.freddiemac.com/articles/news/loan-limits-are-increasing-by-742-in-2021
Title: https://sf.freddiemac.com/articles/news/loan-limits-are-increasing-by-742-in-2021

Search URL Search Domain Scan URL

URL: https://www.fhfaoig.gov/Content/Files/History%20of%20the%20Government%20Sponsored%20Enterprises.pdf
Title: https://www.fhfaoig.gov/Content/Files/History%20of%20the%20Government%20Sponsored%20Enterprises.pdf

Search URL Search Domain Scan URL

URL: https://finance.yahoo.com/news/biden-signed-10-billion-mortgage-133000243.html
Title: https://finance.yahoo.com/news/biden-signed-10-billion-mortgage-133000243.html

Search URL Search Domain Scan URL

URL: https://loanlookup.freddiemac.com/
Title: https://loanlookup.freddiemac.com/

Search URL Search Domain Scan URL

URL: https://www.knowyouroptions.com/loanlookup
Title: https://www.knowyouroptions.com/loanlookup

Search URL Search Domain Scan URL

URL: https://www.lowermybills.com/legal/terms.php
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.lowermybills.com/legal/privacy.php
Title: Our Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.lowermybills.com/legal/stateprivacy
Title: State Privacy Notices

Search URL Search Domain Scan URL

URL: https://www.lowermybills.com/legal/licenses.php
Title: Licenses & Disclosures

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html Page URL
http://chosentask.com/qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbefeiacb?MEMMC HTTP 302
https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55 Page URL
https://cdmtrk.com/?E=XCigL8lXyiXuOaX1P1xwAQ%3d%3d&s1=690321&s2=1248562969&s3=28618_7828573_13 HTTP 302
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-131&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&cmpid=80&crtid=6 HTTP 301
https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://chosentask.com/qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbefeiacb?MEMMC HTTP 302
https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55

Request Chain 50

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord= HTTP 302
https://852807.fls.doubleclick.net/activityi;dc_pre=CM7WycX_vfYCFd8HaAgdKxMGGA;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=

Request Chain 52

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=1807117170

Request Chain 53

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e HTTP 302
https://852807.fls.doubleclick.net/activityi;dc_pre=CIWSy8X_vfYCFZFQDQodmYEEMA;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e

Request Chain 54

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=4234887350

Request Chain 55

https://ad.doubleclick.net/ddm/activity/src=4818226;type=invmedia;cat=esvbxzky;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1

Request Chain 85

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1646999577014&cv=9&fst=1646999577014&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577014&cv=9&fst=1646996400000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&is_vtc=1&random=3916671441&resp=GooglemKTybQhCsO

Request Chain 94

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=GDgrYuucOd6OoPMP6OCVyAM&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=GDgrYuucOd6OoPMP6OCVyAM&cid=CAQSKQCNIrLMoVwC98yUxRigwzuWuyB92nxkjhULAZ8cjudF0JV2YkX9ijnC&random=1589202689&resp=GooglemKTybQhCsO

Request Chain 98

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=GTgrYvesAZmoNceTnIAP&sscte=1&crd=CNPgGw HTTP 302
https://www.google.com/pagead/1p-conversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=GTgrYvesAZmoNceTnIAP&cid=CAQSKQCNIrLM-9ZkUMBH5rxiSiP-iqI0vWyDeg6cYFTEj8sdXgKQiOigmd_D&random=2572803849&resp=GooglemKTybQhCsO

117 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK QWERTYE.html
1t7ager7sr.s3.us-west-2.amazonaws.com/ 102 B
458 B 353ms
97ms Document
text/html 52.92.164.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.92.164.202 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

x-amz-id-2: URU1mA7TNEoDZzXVJFZWZDYV2MKVrRqvAuTDV3pH626aFXE6Btc4Ob0IL6FWMhmFvTWPL6jTDOE=
x-amz-request-id: K8M060Z095BY6QFC
Date: Fri, 11 Mar 2022 11:52:50 GMT
Last-Modified: Thu, 10 Mar 2022 16:09:45 GMT
ETag: "d276abaab666ea4322616f5e496d08f4"
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 102

GET
H/1.1

200
OK

571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10
shapelyparadise.com/176394d407b85270800/28618_7828573_13/
Redirect Chain

http://chosentask.com/qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbefeiacb?MEMMC
https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55

157 B
470 B

669ms
234ms

Document
text/html

38.145.210.70
ENZUINC-

General

Check archive.org

Show headers Download Go to

Full URL: https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 38.145.210.70 Los Angeles, United States, ASN18978 (ENZUINC-, US),
Reverse DNS: 70.210-145-38.rdns.scalabledns.com
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html#qs=r-agicaejhdbihhhaekfjbccaijdjgieadjhcjabadjhcjabaggacihaceacjgdackeiacbefeiacb?MEMMC

Response headers

Date: Fri, 11 Mar 2022 11:52:53 GMT
Server: Apache
Content-Length: 157
Connection: close
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Fri, 11 Mar 2022 11:52:52 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
location: https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2

200

Primary Request / Show response
refinance.lowermybills.com/
Redirect Chain

https://cdmtrk.com/?E=XCigL8lXyiXuOaX1P1xwAQ%3d%3d&s1=690321&s2=1248562969&s3=28618_7828573_13
https://www.lowermybills.com/lending/home-refinance?sourceid=lmb-53704-112245-131&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&cmpid=80&crtid=6
https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

23 KB
8 KB

1012ms
992ms

Document
text/html

2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Requested by

Host: shapelyparadise.com
URL: https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29ca0e06e23a9e194c5ea25bcf214690e4c440e168789f24feb87135f9115c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://shapelyparadise.com/176394d407b85270800/28618_7828573_13/571_386207666_0_28618_0_3948011_55_1937_103437_7828573_10?MEMMC_1852/55

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
content-type: text/html; charset=utf-8
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: same-origin
cache-control: no-store
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ea4162dced68c90-EWR
content-encoding: gzip

Redirect headers

date: Fri, 11 Mar 2022 11:52:54 GMT
content-length: 0
location: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6ea4162bdb358c90-EWR

GET
H2 200 main.f6e7431d3e7bda95012a.css
static-lre.lowermybills.com/ 40 KB
9 KB 69ms
55ms Stylesheet
text/css 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f13e5b853a6dd7ce3a3a520dd108ef04efaeea02df4fca46d68e6afdce1061db

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 ac664c0310f2b9554aba4708107d094c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C2
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 14:36:50 GMT
server: cloudflare
etag: W/"373708d13f312aa24063d59e3cadb70c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: 6ZY2C1ubpi.7vGai8qh5d..AXsSdsrny
cache-control: public, max-age=14400
cf-ray: 6ea416343bc28c90-EWR
x-amz-cf-id: aulH85YaQ1JzPp24jU93irPKXfb6XJQiNVefJpIz430V2UTpQBzX3A==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 pixel-63c284f0bc298bded6d9.js Show response
cdn-refinance.lowermybills.com/ 292 KB
33 KB 39ms
25ms Script
application/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b14d9d48365976dcc294578884260518062e95bb32cdd34eba5261999a0c04da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 35025
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Fri, 04 Mar 2022 13:52:23 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"48e95-17f5533f93c"
x-download-options: noopen
strict-transport-security: max-age=15552000; includeSubDomains
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400
cf-ray: 6ea416343bc68c90-EWR
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 deviceatlas-1.6.min.js Show response
content.lowermybills.com/deviceatlas-1.6/ 7 KB
3 KB 81ms
66ms Script
application/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://content.lowermybills.com/deviceatlas-1.6/deviceatlas-1.6.min.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 cf88880413082302757828626cf7b020.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Fri, 21 Jan 2022 17:49:49 GMT
server: cloudflare
etag: W/"67510dbcee1857a225b8f76bdc940c26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 6ea416343bcf8c90-EWR
x-amz-cf-id: 5xz9WX104EcFmdih-e1N35AYBnU7MR0F4gUGIQPP6u-XaSVURmKqDA==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 5f0794ed2693b80012279eb1 Show response
api.pushnami.com/scripts/v1/push/ 84 KB
17 KB 32ms
8ms Script
application/javascript 143.204.146.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/push/5f0794ed2693b80012279eb1
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.146.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-146-120.ewr52.r.cloudfront.net
Software: /
Resource Hash: f7aa3bb2f725a60e7a19146739d0af40518abf9bd5e2dcdb1e1fa1d26e92b15b

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:01:17 GMT
via: 1.1 6b40574acc577d1185c505c40886acc6.cloudfront.net (CloudFront)
age: 3098
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-pop: EWR52-C2
content-encoding: gzip
x-amz-cf-id: 6OHsBSEMr_2DdBrEByJdBd3iCm6hnnTZptOkDqAChcVxQO1twy9Ykg==

GET
H2 200 css
fonts.googleapis.com/ 822 B
915 B 34ms
19ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Shadows+Into+Light+Two&display=swap

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1cf4becba1194b3931970493f823178403a6ede73368d62c4e6541c95a4733cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 11:39:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 11 Mar 2022 11:52:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Mar 2022 11:52:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
660 B 34ms
20ms Stylesheet
text/css 2607:f8b0:4006:80a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::200a Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ae23e9c550183a08f3784faa8164e00607868e5758ff43b4b8843d79eecc25da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 10:43:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 11 Mar 2022 11:52:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Mar 2022 11:52:55 GMT

GET
H2 200 redarrow1.png
content.lowermybills.com/lre/ 3 KB
3 KB 31ms
30ms Image
image/png 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/redarrow1.png
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1d7015c13fd51bf12eb98c6e4af1822cdfb32610540bf83730fed28917aadd84

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 8a0d00c8697029a8a8411a2a06403ade.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
content-length: 2687
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
server: cloudflare
etag: "5cb5249e059c8222b7daf71bb9a7acb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ea41634ccf98c90-EWR
x-amz-cf-id: BN50I43h0TlvnFaw8-DxbYBZ5dp9DmIn3SWBzw7oW0qJYAJVTm9wwQ==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 main.f6e7431d3e7bda95012a.js Show response
static-lre.lowermybills.com/ 134 KB
33 KB 22ms
21ms Script
application/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e333e246ea1b30fe0259829fea64c9e2f303488f07d6c4852360eeb0fbf1625

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 31b4da0406d8b733add8a3131335a500.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 2424
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 14:36:51 GMT
server: cloudflare
etag: W/"a7c5986aa7c3763ee8e49db6c9bc8fc3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _6Y6xNkzrZpqEBWG6AERrf9mczZ3uHGn
cache-control: public, max-age=14400
x-amz-cf-pop: EWR52-C2
cf-ray: 6ea416349c7a8c90-EWR
x-amz-cf-id: d86-zpEWyjPGx2y3AS30IJn2qwFe1enyY5jnVQXZn_SxfObUKMOFdg==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 manifest.191f41e5dd9ed3223925.js Show response
static-lre.lowermybills.com/ 12 KB
5 KB 19ms
18ms Script
application/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/manifest.191f41e5dd9ed3223925.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9da8504d25577f714cab67e111ac9808d5b76cdef459d073db08199a46af5795

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 329b0fc45cd0599e7f2c2cee0cf4ae8e.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 688
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Thu, 03 Mar 2022 14:36:51 GMT
server: cloudflare
etag: W/"a73e93cfa556271906df70e8655e784b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: oupmtW06R1nYME95T59XQhN6Z8ht7eI3
cache-control: public, max-age=14400
x-amz-cf-pop: EWR52-C2
cf-ray: 6ea41634aca28c90-EWR
x-amz-cf-id: i8tRSIR0D9P1VvbOLzF_o933O6q5vToQMmC4luTjMoc-tNiQwEgOBg==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 vendor.a0f4e89afe7f91cc8f4d.js Show response
static-lre.lowermybills.com/ 382 KB
121 KB 83ms
81ms Script
application/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static-lre.lowermybills.com/vendor.a0f4e89afe7f91cc8f4d.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7f40dac6d30d1aedf50b58270e0578b4e5f4e6c9700f11f9bd03da5993f1a19

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 b078462cffa3a81b6e262ef7f6040412.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: EWR52-C2
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
content-encoding: gzip
last-modified: Tue, 15 Feb 2022 17:56:17 GMT
server: cloudflare
etag: W/"1ef644dd43da35aa388576b65c82beb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: sQakSX8yHwIe7wfp9ILXElQMYzFP_AvP
cache-control: public, max-age=14400
cf-ray: 6ea41634ccf88c90-EWR
x-amz-cf-id: njqaNC31Z9ESH6Xlp6iZQnDk11hfYDQEtNo7MUkKKLw0-Qz3RRWzrA==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 42ms
29ms Script
text/javascript 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer
Origin: https://refinance.lowermybills.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6ea41634e8b28c78-EWR

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 78 KB
31 KB 60ms
27ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5VHPB6M

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e64fc3d7b72e16f5160169726ab30cb8ea364ccf30fcdf8882ea62e0388bb8cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30959
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:55 GMT

GET
H2 200 datadog-rum-v3.js Show response
www.datadoghq-browser-agent.com/ 115 KB
37 KB 47ms
8ms Script
application/javascript 13.33.85.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.85.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-85-127.ewr52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
content-encoding: br
last-modified: Mon, 03 Jan 2022 16:36:14 GMT
server: AmazonS3
age: 3
etag: W/"647fda9a4d3d74344732d76cf1fff47c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 6e24e95f882f20707346a032d1fa2948.cloudfront.net (CloudFront)
cache-control: max-age=14400, s-maxage=60
x-amz-cf-pop: EWR52-C1
x-amz-cf-id: uZ2sqjeNtYKLaCi1vgwCIGMdctfn74m7dXhBewzTG9fDLgLDUMa1Gg==

GET
H2 200 lend16007_goldscale.png
content.lowermybills.com/lre/ 190 B
417 B 18ms
17ms Image
image/png 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/lend16007_goldscale.png
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f9cb44b12f3d37a72622b500a99d96bf070a07ab81b5577bd3dd723aae0ecf

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 a3553fd14d7dc73d33a5426ee64abf1c.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 5234
x-cache: Hit from cloudfront
content-length: 190
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
server: cloudflare
etag: "70836be8dfb4a77c709d02a054f1a98e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
cf-ray: 6ea41634dcfc8c90-EWR
x-amz-cf-id: WLi4UJOKKkpz6PsvwiuQh9DmS0ks-yUoBj12u5_7K8cztW4DPoQKZw==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 home-desktop.jpg
content.lowermybills.com/lre/ 199 KB
199 KB 35ms
35ms Image
image/jpeg 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/home-desktop.jpg
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 127cae9821853edc1953090239e5ae0297c4626b184280bb894cbfef9f947f30

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 0e456968e63d1e7575028bb48aa8e96a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
content-length: 203332
cf-bgj: h2pri
server: cloudflare
etag: "ac3af3174e2b972e0adcd85fb89d7ba1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ea41634dcfe8c90-EWR
x-amz-cf-id: pRn0YAQ6J_dmptq5bqdaW_OdGPsdWdNs_lwz_t2WRUdUyh7tvM1r4g==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 sprite_lp.png
content.lowermybills.com/lre/ 17 KB
17 KB 17ms
16ms Image
image/png 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/sprite_lp.png
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3255db2fb88891ee1add7804275d722bdd4e1eb438c51927d08c0dd67c1c558f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 04a5cc1918053ba9703475b3376f46da.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3902
x-cache: Hit from cloudfront
content-length: 17424
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
server: cloudflare
etag: "c8a52138ef54bb2745413f072f32e23a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
cf-ray: 6ea41634dd108c90-EWR
x-amz-cf-id: zoZetCDIxMCzqW6avxKj1B16OyU74LPicWBpQyOYVj2TWZ_56_Y2Lg==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 hud_logo.gif
content.lowermybills.com/lre/ 738 B
973 B 21ms
21ms Image
image/gif 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/hud_logo.gif
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8b1f3575dd2b0024383a4f47725654257a4b4ec1015595ade984a80804a56ce

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 2f0b2738cc23726bda17eb28418ee9c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 3902
x-cache: Hit from cloudfront
content-length: 738
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
server: cloudflare
etag: "c9c9a78e117c3c6b24c9ba244ee59280"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
x-amz-cf-pop: PHL50-C1
accept-ranges: bytes
cf-ray: 6ea41634dd138c90-EWR
x-amz-cf-id: t_oejdOFBKy6zyfQkYzbT7h0Sx0pjDaLg4La1iVqi2E6zBNHzJbKFA==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H/1.1 200
OK seal
privacy-policy.truste.com/privacy-seal/ 14 KB
16 KB 47ms
4ms Image
image/svg+xml 13.33.60.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://privacy-policy.truste.com/privacy-seal/seal?rid=36759420-4093-4a7b-bf8a-2029fcf0dd2d

Requested by

Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.33.60.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-60-37.ewr52.r.cloudfront.net

Software

TXS /

Resource Hash

4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; font-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; style-src 'self' 'unsafe-inline' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; img-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net https://trustarc.com; frame-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; connect-src 'self' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .trustarc.com .trustarc-svc.net .truste.com .truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; font-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; style-src 'self' 'unsafe-inline' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; img-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net https://trustarc.com; frame-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; connect-src 'self' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.trustarc-svc.net *.truste.com *.truste-svc.net; upgrade-insecure-requests; block-all-mixed-content;
Via: 1.1 1bbfa275cce73ba7a423bc907239dede.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff, nosniff
Age: 41456
Cross-Origin-Embedder-Policy: unsafe-none
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 14237
X-Xss-Protection: 1; mode=block, 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: TXS
Cross-Origin-Opener-Policy: cross-origin
Date: Fri, 11 Mar 2022 00:38:00 GMT
Expect-CT: enforce, max-age=60
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=0
Permissions-Policy: autoplay=(self), document-domain=(self), encrypted-media=(self)
ETag: W/"14237-1594834154000"
X-Amz-Cf-Pop: EWR52-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: uX81UjrqkwJkCH4XllAw1oLKvrC-JWQxOlWAT3Jcx5fb25KFWVQpIQ==

GET
H2 200 misc_thawte.jpg
content.lowermybills.com/lre/ 1 KB
1 KB 47ms
46ms Image
image/jpeg 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/misc_thawte.jpg
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9985336660219f2aa5e5c8f21d7f5456aee6c69afb706d3a9c9322ad5d601a76

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 191d4b07c4ff3e2c7cfeea67e1eb00f0.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
content-length: 1064
cf-bgj: h2pri
server: cloudflare
etag: "fce9074d37a5424c838ef468af0c2392"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ea41634fd358c90-EWR
x-amz-cf-id: hZELODrZHyUDpvwYx4tlKVPMOYS4CvSPyyrUkJGHpa_PR1CXQ4Ef9w==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 bbb_ReliabilitySeal4.png
content.lowermybills.com/lre/ 792 B
951 B 44ms
40ms Image
image/png 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/bbb_ReliabilitySeal4.png
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1b5ecbe1f536ff0fef14eabe281e525514e533dc65d179493ee770857893943

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 a3553fd14d7dc73d33a5426ee64abf1c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
content-length: 792
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
server: cloudflare
etag: "6090dac9efe433facd03c240a291865e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ea416350d488c90-EWR
x-amz-cf-id: wklc04lQtdXMq3MWRBZKygq72orJupPP6RX8vdl4urExyIGZVhoQXw==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 mortgageBankersAssoc.jpg
content.lowermybills.com/lre/ 792 B
1 KB 37ms
35ms Image
image/jpeg 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content.lowermybills.com/lre/mortgageBankersAssoc.jpg
Requested by: Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/main.f6e7431d3e7bda95012a.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c0676327f2e8a36f4566392aaec15036da66d48fda332ae8b6c6af30dc3c485

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://static-lre.lowermybills.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:55 GMT
via: 1.1 e2aea636b5bbfa67100e8bdb9eda1cf6.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
x-amz-cf-pop: PHL50-C1
x-cache: Hit from cloudfront
last-modified: Fri, 21 Jan 2022 17:50:00 GMT
content-length: 792
cf-bgj: h2pri
server: cloudflare
etag: "fac151fb09dc6ee89e43925ed2c85572"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6ea416350d4f8c90-EWR
x-amz-cf-id: 3cXmQYSJJeOm3EYnMPtDAPxYNrQ1etWUj653hsqH2Bt9z5j8Jv7Vfg==
expires: Fri, 11 Mar 2022 15:52:55 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 30 KB
31 KB 26ms
4ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://refinance.lowermybills.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 14:45:22 GMT
x-content-type-options: nosniff
age: 248853
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30876
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 14:45:22 GMT

GET
H2 200 4iC86LVlZsRSjQhpWGedwyOoW-0A6_kpsyNmpAzHGQ.woff2
fonts.gstatic.com/s/shadowsintolighttwo/v11/ 15 KB
16 KB 37ms
15ms Font
font/woff2 2607:f8b0:4006:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/shadowsintolighttwo/v11/4iC86LVlZsRSjQhpWGedwyOoW-0A6_kpsyNmpAzHGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Shadows+Into+Light+Two&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2003 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0cada708e119149edd948291e531ccce6385fe040e74e3bb4d482ec74bd3f22d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://refinance.lowermybills.com
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 12:44:52 GMT
x-content-type-options: nosniff
age: 256083
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15832
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:36:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 08 Mar 2023 12:44:52 GMT

POST
H2 200 visitor Show response
refinance.lowermybills.com/ 16 B
582 B 151ms
150ms XHR
application/json 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/visitor

Requested by

Host: static-lre.lowermybills.com
URL: https://static-lre.lowermybills.com/vendor.a0f4e89afe7f91cc8f4d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a732617c38101a63ad0f14116a16ca6d08b8562ccc8c20be9f17291427a2849f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
content-length: 16
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"10-rUyPvz2t/XnLVYpk95e2nnkHtO8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6ea416364fd18c90-EWR

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
126 B 185ms
71ms Ping
application/json 2600:1f18:24e6:b900:11d3:d432:4966:d525
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-4DRTSTIIF&batch_time=1646999576067
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:11d3:d432:4966:d525 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:56 GMT
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 171 KB
63 KB 20ms
19ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WQ7TGZQSWQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHPB6M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0827416cc2debe603ecd6bc8003180b6e2ec857e28a2086407db307f3178efa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64547
x-xss-protection: 0
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
BLOB 200
OK cbac029e-be05-4044-80d1-a175a688867f
https://refinance.lowermybills.com/ 26 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://refinance.lowermybills.com/cbac029e-be05-4044-80d1-a175a688867f
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b99c919f168349275b903d0a29253e0de9a945945650d811ee2ee0214b9387be

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Length: 26149

POST
H2 200 track Show response
refinance.lowermybills.com/ 259 B
324 B 126ms
125ms XHR
application/json 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/track

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c022a1654436ed59b61893be67d31664c2c3619628c60d169581ddc3991d57cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-dns-prefetch-control: off
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"103-evsLemVP1/OU6V8o+EsrfHrZGAQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
content-type: application/json; charset=utf-8
cache-control: no-store
cf-ray: 6ea4163749cc8c90-EWR

GET
H2 200 collect Show response
sgtm.lowermybills.com/g/ 65 B
550 B 183ms
124ms XHR
text/plain 2001:4860:4802:38::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sgtm.lowermybills.com/g/collect?v=2&tid=G-WQ7TGZQSWQ&gtm=2oe370&_p=649814832&sr=1600x1200&ul=en-us&cid=1955499659.1646999576&_fplc=0&_s=1&dl=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&dr=https%3A%2F%2Fshapelyparadise.com%2F&dt=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&sid=1646999576&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.environment=prod&ep.pageName=LMB_LRE_LANDING_VERTICAL&richsstsse

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:38::15 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 google

GET
H2 200 deviceAtlasLmb.min.js Show response
cdn.lowermybills.com/lending-images/presentations/common/navapi/ Frame E725 8 KB
3 KB 57ms
33ms Script
text/javascript 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lowermybills.com/lending-images/presentations/common/navapi/deviceAtlasLmb.min.js

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 33765
p3p: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 21 May 2021 02:42:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"fed6c65f5b084671-20fc-5c2ce02c32fd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript
cache-control: public, max-age=14400
content-security-policy: frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
cf-ray: 6ea41637dae38c90-EWR
expires: Fri, 11 Mar 2022 15:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 143 KB
53 KB 20ms
20ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-849970183

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ef49b0aa7db2c48fd88f4f4b7b3ccfa8d49687356144fe164a70a5b4a750ff4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54731
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 143 KB
53 KB 23ms
23ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-755089552

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

afd6e7336d280ae3bb630477cff15628bbddcf1b53f9d58462e683bb95ddffed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54676
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
36 KB 37ms
37ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72055405-1

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

77a07d50f59e384a11b8048e7a43c9e76021554951bff30096fe4098cf9e8a20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36940
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 143 KB
53 KB 34ms
34ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1066568174

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01010c6ec222964f67413e0aa65a7fc00772ad77063d93cea7b6386ab1248f92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54723
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 analytics Show response
ads.revjet.com/ Frame E725 19 KB
8 KB 95ms
0ms Script
application/javascript 74.201.172.221
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/analytics?acu=3370
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 74.201.172.221 Secaucus, United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS: hosted-by.myinternetservices.com
Software: nginx /
Resource Hash: 2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 07:38:35 GMT
server: nginx
etag: W/"6138687b-4c14"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
expires: Fri, 11 Mar 2022 12:02:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 65ms
63ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-882032010

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ecbadd7dd92ebff68ac1b42adac83634823b01cf3d875a5467f022c26713463c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40425
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 65ms
65ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-934858762

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f0adb222f5c03313c9422badf65c06b2d3708a665044122e37405cda2e849ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40429
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 97ms
97ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-950054130

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f826a5339f6d1ab8fea68e64ac6cefce734a09dd3f6a2610f98dcc346be361c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40427
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 74ms
73ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-966730890

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

52e90f8f9e08f8802efecd8f58f20ab64dc480a368c83e2200854b895c9d12dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40425
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 73ms
73ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-735544455

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7756e62e48b024e0496b00adcfbb5c32273ec240bd34c73fe882ee1893ceeae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40429
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 117ms
13ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B90AE3D3335A4DC6938DC6C280390FEF Ref B: EWR30EDGE0109 Ref C: 2022-03-11T11:52:56Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11333

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 100ms
100ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-874461485

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a113b14ba9ca1492d62f40ef089c146dcca972186cf9526150994f29b9d63c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40428
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
36 KB 104ms
104ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-852807

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6da51bf58af124c6e8f8e0469a97e30657438cf9cb3af4087fb40391a666343f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36744
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1007280/ Frame E725 55 KB
17 KB 81ms
0ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 55d750f4c81d3c02002c4f8398079373d1fb7b7f0ded1a1a9c79f5969b81cce3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: YxQ_sZ1hUfGYEjQMH7NWWtYzD2Ff_ryC
content-encoding: gzip
etag: "8feaa0523fff44cf2331d28521480ca3"
age: 23
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 17364
x-amz-id-2: VJH6y7bfu6W1pko8oGzHEvcAdSapzfnJVS91QTBU31ro28jQ/P14ilYsmUL5BB1Y0x4HTld+0cA=
x-served-by: cache-lga21962-LGA
last-modified: Sun, 06 Mar 2022 11:06:51 GMT
server: AmazonS3
x-timer: S1646999576.367575,VS0,VE1
date: Fri, 11 Mar 2022 11:52:56 GMT
vary: Accept-Encoding
x-amz-request-id: F74NWVB39PHKH09V
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 78
x-cache-hits: 1

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame E725 14 KB
6 KB 99ms
3ms Script
application/javascript 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
last-modified: Sat, 05 Feb 2022 01:07:27 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100100-IAD

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 124ms
118ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-968462554

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b7e806bb69c2d40753f8cbec5b940264e8dd55a66dae18056c846a3045237ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40429
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 126ms
34ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: cdn-refinance.lowermybills.com
URL: https://cdn-refinance.lowermybills.com/pixel-63c284f0bc298bded6d9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

08b70144f153af7323a62a35287885ebfebd273e6fa3fee006aae0f3920845b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17280
x-xss-protection: 0
server: cafe
etag: 15052708501691636370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 mgsensor.js Show response
a.mgid.com/ 15 KB
6 KB 115ms
10ms Script
application/javascript 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mgid.com/mgsensor.js?d=1646999576301
Requested by: Host: 1t7ager7sr.s3.us-west-2.amazonaws.com
URL: https://1t7ager7sr.s3.us-west-2.amazonaws.com/QWERTYE.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8098c6938d10947bf06e59e59b684daf1ef70c1e520bd7e6d4d85e28ee94f00

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-mg-request-uuid: 45687ec2-78b7-4599-b1d5-57d7d54862a4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ea4163878ac78ed-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare

GET
H3

200

activityi;dc_pre=CM7WycX_vfYCFd8HaAgdKxMGGA;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D...
852807.fls.doubleclick.net/ Frame E725
Redirect Chain

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7...
https://852807.fls.doubleclick.net/activityi;dc_pre=CM7WycX_vfYCFd8HaAgdKxMGGA;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;g...

0
0

43ms
30ms

Image
text/html

142.250.64.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://852807.fls.doubleclick.net/activityi;dc_pre=CM7WycX_vfYCFd8HaAgdKxMGGA;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H3
Server: 142.250.64.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s31-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
location: https://852807.fls.doubleclick.net/activityi;dc_pre=CM7WycX_vfYCFd8HaAgdKxMGGA;src=852807;type=lrepa937;cat=lrere295;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
analytics.twitter.com/i/ Frame E725 43 B
353 B 125ms
26ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?txn_id=l5ksy&p_id=Twitter

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 5
date: Fri, 11 Mar 2022 11:52:55 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 45beaabc1853b6ffe296c318b572ca4177530e848797681defce24af370332bc
content-length: 43

GET
H2

200

/
www.google.com/pagead/1p-user-list/973523572/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=1807117170

42 B
108 B

53ms
23ms

Image
image/gif

2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=1807117170

Protocol

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-user-list/973523572/?value=0&label=l0DICKT_tQcQ9JSb0AM&guid=ON&script=0&is_vtc=1&random=1807117170
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CIWSy8X_vfYCFZFQDQodmYEEMA;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e
852807.fls.doubleclick.net/ Frame E725
Redirect Chain

https://852807.fls.doubleclick.net/activityi;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e?
https://852807.fls.doubleclick.net/activityi;dc_pre=CIWSy8X_vfYCFZFQDQodmYEEMA;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e?

0
0

32ms
31ms

Image
text/html

142.250.64.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://852807.fls.doubleclick.net/activityi;dc_pre=CIWSy8X_vfYCFZFQDQodmYEEMA;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e?
Requested by: Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Protocol: H3
Server: 142.250.64.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s31-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
location: https://852807.fls.doubleclick.net/activityi;dc_pre=CIWSy8X_vfYCFZFQDQodmYEEMA;src=852807;type=lrepa937;cat=lrere295;ord=bc5c1155-3af8-4d81-83ba-8501ed9f5c4e?
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-user-list/1066568174/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=4234887350

42 B
548 B

50ms
21ms

Image
image/gif

2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=4234887350

Protocol

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-user-list/1066568174/?value=1.00&currency_code=USD&label=raBACLrR_VoQ7pPK_AM&guid=ON&script=0&is_vtc=1&random=4234887350
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1
adservice.google.com/ddm/fls/z/ Frame E725
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=4818226;type=invmedia;cat=esvbxzky;ord=1?
https://ad.doubleclick.net/ddm/activity/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1?
https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1

42 B
494 B

401ms
292ms

Image
image/gif

2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Server

2607:f8b0:4006:80e::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=4818226;dc_pre=CKTSy8X_vfYCFYgxDAodFKwMnw;type=invmedia;cat=esvbxzky;ord=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame E725 43 B
714 B 78ms
18ms Image
image/gif 76.13.32.146
YAHOO-BF1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10070325&ec=LRELP

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

76.13.32.146 Lockport, United States, ASN26101 (YAHOO-BF1, US),

Reverse DNS

spdc.pbp.vip.bf1.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 hub Show response
api.pushnami.com/scripts/v1/ Frame 2648 2 KB
1 KB 55ms
10ms Document
text/html 143.204.146.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.pushnami.com/scripts/v1/hub

Requested by

Host: api.pushnami.com
URL: https://api.pushnami.com/scripts/v1/push/5f0794ed2693b80012279eb1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.146.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-146-120.ewr52.r.cloudfront.net

Software

Resource Hash

2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' *
X-Content-Security-Policy	default-src 'unsafe-inline' *

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

content-type: text/html; charset=utf-8
date: Fri, 11 Mar 2022 11:51:55 GMT
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-headers: X-Requested-With
content-security-policy: default-src 'unsafe-inline' *
x-content-security-policy: default-src 'unsafe-inline' *
x-webkit-csp: default-src 'unsafe-inline' *
cache-control: no-cache
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 6b40574acc577d1185c505c40886acc6.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR52-C2
x-amz-cf-id: 0SpVaxjuvJps4lueGXULoaVLeAjoiLSMpNLKRnWB9Bq4Vbxoyxonxg==
age: 61

POST
H2 200 rum Show response
refinance.lowermybills.com/cdn-cgi/ 0
204 B 25ms
0ms XHR
text/plain 2606:4700::6812:139f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://refinance.lowermybills.com/cdn-cgi/rum?

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:139f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6ea416387bf48c90-EWR
vary: Origin

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 38ms
22ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-849970183

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

9cb0e1f9c2424fa8326d7aa035e1cc92073377c81cae82aa9eb8ce41eec4020e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14894
x-xss-protection: 0
server: cafe
etag: 12259963661394916584
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 168ms
3ms Script
text/javascript 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72055405-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3934
date: Fri, 11 Mar 2022 10:47:22 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 11 Mar 2022 12:47:22 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 18ms
18ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-966730890&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHPB6M

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c028b077be5e40d001328413da67b3686cb62556ad0480a128be820ba95a3f5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40423
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 100 KB
40 KB 79ms
79ms Script
application/javascript 2607:f8b0:4006:821::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-735544455&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHPB6M

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2008 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4e234e26253b146c31cc1c99925b2c1afbdfe425ffbf0f4a7aad79403f09e557

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40426
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 200 pd2120 Show response
pix.revjet.com/track/ Frame E725 46 B
224 B 52ms
10ms Script
text/javascript 51.81.46.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/track/pd2120?__noscript=false&__cbf=revjet.callbacks.cb1646999576608&location=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&referrer=https%3A%2F%2Fshapelyparadise.com%2F&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/analytics?acu=3370
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.81.46.107 Warrenton, United States, ASN16276 (OVH, FR),
Reverse DNS: ext.svh64.incmdb.net
Software: /
Resource Hash: bcaed2245d50b6fdd80be3dd9d2d9035c2add0d211bd3b5d6fd1bd1a84d4b7cd

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-length: 46
content-type: text/javascript

GET
H2 200 json Show response
trc.taboola.com/1007280/trc/3/ Frame E725 2 KB
2 KB 42ms
37ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1007280/trc/3/json?tim=1646999576714&data=%7B%22id%22%3A41%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1646999576705%2C%22cv%22%3A%2220220306-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22e%22%3A%22https%3A%2F%2Fshapelyparadise.com%2F%22%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcoredigital-sc%3Aabp%3D1%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1646999576713%2C%22ref%22%3A%22https%3A%2F%2Fshapelyparadise.com%2F%22%2C%22item-url%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c5d8de9be38d4c4a0dde76b1cb8153295ccaa84e9f2acd295a006e99ef29b9a6

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms: 34
date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
server: nginx
x-timer: S1646999577.725005,VS0,VE34
x-served-by: cache-lga21962-LGA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
125 B 27ms
26ms Ping
application/json 2600:1f18:24e6:b900:11d3:d432:4966:d525
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-4DRTSTIIF&batch_time=1646999576721
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:11d3:d432:4966:d525 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:56 GMT
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 40ms
39ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-966730890

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

9cb0e1f9c2424fa8326d7aa035e1cc92073377c81cae82aa9eb8ce41eec4020e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14894
x-xss-protection: 0
server: cafe
etag: 12259963661394916584
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 11 Mar 2022 11:52:56 GMT

GET
H2 204 5189243.js Show response
bat.bing.com/p/action/ 0
113 B 152ms
152ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5189243.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:56 GMT
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FF4B83D3187406FB279AB7F189EC47C Ref B: EWR30EDGE0109 Ref C: 2022-03-11T11:52:56Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
150 B 17ms
17ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5189243&Ver=2&mid=aa3f6327-b1a7-4f72-bb4f-dcf5ab1d7a0c&sid=caaeb870a13111ecafe5f3e6dd4f1290&vid=caaf4060a13111ecb388f5003be5a349&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Refinance%20Mortgage,%20Refinancing%20Rates,%20Mortgage%20Rates%20-%20LowerMyBills&kw=refinance,%20mortgage,%20mortgages,%20refinancing,%20mortgage%20rates,%20refinance%20mortgage,%20refinance%20rates,%20refinancing%20rates,%20refinancing%20home,%20home%20loan,%20home%20loans,%20equity%20loans,%20home%20equity%20loans,%20home%20equity%20loan,%20second%20mortgage,%20home%20equity%20loan%20rates,%20credit%20card%20consolidation,%20debt%20loans,%20credit%20card%20debt%20consolidation,%20bad%20credit%20loans,%20debt%20free,%20bad%20credit,%20debt%20help,%20debt%20solutions,%20money%20management,%20credit%20card%20debt,%20personal%20loan,%20bad%20credit%20mortgage,%20mortgage%20calculator&p=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&r=https%3A%2F%2Fshapelyparadise.com%2F&lt=2356&evt=pageLoad&msclkid=N&sv=1&rn=374485
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E1731010971C4B238815A765DC6670E1 Ref B: EWR30EDGE0109 Ref C: 2022-03-11T11:52:56Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/755089552/ 2 KB
1 KB 40ms
29ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/755089552/?random=1646999576915&cv=9&fst=1646999576915&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

327255e505f4b8383adcc5ad9f7c862f641e32c33678f6ea1b2b81fdb0771200

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1136
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/ 2 KB
1 KB 39ms
30ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=1646999576920&cv=9&fst=1646999576920&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

07cdddfc127cc19acdca92ab0c82c4216776e776cf4415a0c8be0789c9afa32b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1136
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/849970183/ 2 KB
1 KB 22ms
22ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/849970183/?random=1646999576921&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

2745a560bb3e2f9e450f87c83124a2043aec3a6ceb5da33a75360769fd8207ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1274
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ Frame E725 43 B
336 B 497ms
27ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nyhmx&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&event_id=b8d10dfd-003c-4626-b796-f2bb2144b1e2&tw_document_href=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131

Requested by

Host: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-response-time: 6
date: Fri, 11 Mar 2022 11:52:57 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 6be842f3b032a0a9689d0b9e5f1d7a22ebfebada43e1389b2d94162f5f6502ae
content-length: 43

GET
H2 200 1x1.gif
a.mgid.com/ 43 B
130 B 333ms
30ms Image
image/gif 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.mgid.com/1x1.gif?id=608665&type=c&tg=&r=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&utmc=0&utmt=0&nv=1&utms=&utmcp=&utmm=&clid=&cmgid=0&cmtid=0&cmtuid=0&d=1646999576955
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ea4163de9f078ed-EWR
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 38ms
18ms XHR
text/plain 2607:f8b0:4006:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=649814832&t=pageview&_s=1&dl=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&dr=https%3A%2F%2Fshapelyparadise.com%2F&ul=en-us&de=UTF-8&dt=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAAC~&jid=73392429&gjid=2061112733&cid=1955499659.1646999576&tid=UA-72055405-1&_gid=1013454341.1646999577&_r=1&gtm=2ou370&z=176605656

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200e Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ Frame E725 2 KB
1 KB 3ms
2ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: iYtYacMlAb7PnD4NbVgysKvLj2fov4iK
content-encoding: gzip
etag: "3aa74dbf5cd656dbb65deda2d238ddbd"
age: 2262
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 911
x-amz-id-2: DxhHalyyoAj9wZgdL+sGv4UqKE4G1XDj0mW9YV0th4wEyjE710JdfNCcUUO9GcZzblVZ3GViK44=
x-served-by: cache-lga21962-LGA
last-modified: Wed, 14 Jul 2021 05:06:01 GMT
server: AmazonS3
x-timer: S1646999577.988008,VS0,VE0
date: Fri, 11 Mar 2022 11:52:56 GMT
vary: Accept-Encoding
x-amz-request-id: 590KQ3P07W4QKX9M
via: 1.1 varnish
cache-control: private, max-age=3600
accept-ranges: bytes
content-type: application/javascript
abp: 1
x-cache-hits: 3930

GET
H2 200 eid.js Show response
cdn.taboola.com/scripts/ Frame E725 14 KB
5 KB 3ms
3ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/eid.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: Rgk6TX83.a2Xbi9.mRUycMEPnxVzEJhe
content-encoding: gzip
etag: "f7917ed1eb799a729725a7db50d1f828"
age: 49
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 5258
x-amz-id-2: 1+NZHiJzPYGyY4pnyUv1cJiAHKpOmzYYEH//ucnHz27WD2ZDecLPEJTEOqVTf06kjOmZO65xTdw=
x-served-by: cache-lga21962-LGA
last-modified: Tue, 28 Dec 2021 08:10:40 GMT
server: AmazonS3
x-timer: S1646999577.988123,VS0,VE0
date: Fri, 11 Mar 2022 11:52:56 GMT
vary: Accept-Encoding
x-amz-request-id: 27389BQJBNTKYMSB
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 1
x-cache-hits: 84

GET
H2 200 json Show response
trc.taboola.com/1390358/trc/3/ Frame E725 2 KB
2 KB 18ms
18ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1390358/trc/3/json?tim=1646999576985&data=%7B%22id%22%3A36%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3A%224ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98%22%2C%22vi%22%3A1646999576705%2C%22cv%22%3A%2220220306-2-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22e%22%3A%22https%3A%2F%2Fshapelyparadise.com%2F%22%2C%22cb%22%3A%22TFASC.trkCallback1%22%2C%22qs%22%3A%22%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcoredigital-sc%3Aabp%3D1%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1646999576718%2C%22ref%22%3A%22https%3A%2F%2Fshapelyparadise.com%2F%22%2C%22item-url%22%3A%22https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131%22%2C%22tos%22%3A7%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d0753d905c5df56d17636625c5f1a5d8253629ad55b2e2de87294ce61cada637

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-vcl-time-ms: 16
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
server: nginx
x-timer: S1646999577.989492,VS0,VE16
x-served-by: cache-lga21962-LGA
vary: Accept-Encoding
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/968462554/ 2 KB
1 KB 26ms
25ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/968462554/?random=1646999576989&cv=9&fst=1646999576989&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2708ba3f9d4801f749f9cbfa758654adb888a37e3d4ca73a4bdf022885203039

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1134
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/874461485/ 2 KB
1 KB 33ms
26ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/874461485/?random=1646999576991&cv=9&fst=1646999576991&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53ba61b69daca2b2668d12a8d0f63084c2e164ec1f3c8c5ed2f356bd8e024e6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/934858762/ 2 KB
1 KB 31ms
25ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/934858762/?random=1646999576993&cv=9&fst=1646999576993&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

084c07fdba76ce4a9bf7c923ae09bc3a0c19b4441cc0b9afcd7f4968356a5e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1131
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/735544455/ 2 KB
1 KB 24ms
23ms Script
text/javascript 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/735544455/?random=1646999576994&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

11076546e6b086bf7d9a5b4ac7bd86ddf25e5e847100921419ef3d37c1316102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1271
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/ 2 KB
1 KB 26ms
25ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1646999577012&cv=9&fst=1646999577012&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b44d58396b54b03969c0bbefd84b6a15d0827cc9b18e828319d35a8aa3eafba1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1144
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/ 2 KB
1 KB 27ms
27ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1646999577013&cv=9&fst=1646999577013&num=1&value=1&currency_code=USD&label=SuU3CIKMzqoBEIrJ_MwD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e027a33f7e1b4a38c80249a431e96e6d3e00a1a739ca8533b702459356e9c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1215
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/ 2 KB
1 KB 28ms
27ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1646999577014&cv=9&fst=1646999577014&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca02a6d1ea30f27c563ca4c8d4f0cc68ce99a07ee42ac487d5e94b16d14b58da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1144
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.com/pagead/1p-user-list/966730890/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/966730890/?random=1646999577014&cv=9&fst=1646999577014&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577014&cv=9&fst=1646996400000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...

42 B
108 B

327ms
26ms

Image
image/gif

2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577014&cv=9&fst=1646996400000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&is_vtc=1&random=3916671441&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577014&cv=9&fst=1646996400000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&is_vtc=1&random=3916671441&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/882032010/ 2 KB
1 KB 28ms
26ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/882032010/?random=1646999577015&cv=9&fst=1646999577015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14fc22c5256bd29b6e6c2727a5fc2c2916c2c89d4ece46a710c7cdd1c7110320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1135
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/ 2 KB
1 KB 31ms
29ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1066568174/?random=1646999577016&cv=9&fst=1646999577016&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3960f5eb6e0980ccd56dbe3d3013e260bc846f66168050a96bc747b405c82f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1136
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950054130/ 2 KB
1 KB 29ms
28ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950054130/?random=1646999577017&cv=9&fst=1646999577017&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffaf72b22661831f2ec14dd92c58325005427ccd57cd2076cc259594eadc6c83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1133
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 psp Show response
psp.pushnami.com/api/ 2 B
231 B 27ms
9ms Fetch
text/html 52.23.126.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.126.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-126-38.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer
key: 5f0794ed2693b80012279eb1
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
date: Fri, 11 Mar 2022 11:52:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
content-encoding: gzip
vary: accept-encoding
content-type: text/html; charset=utf-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
447 B 71ms
28ms XHR
text/plain 2607:f8b0:4023:1407::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-72055405-1&cid=1955499659.1646999576&jid=73392429&gjid=2061112733&_gid=1013454341.1646999577&_u=YADAAUAAAAAAAC~&z=1611810108

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4023:1407::9d Columbus, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 11 Mar 2022 11:52:57 GMT
content-type: text/plain
access-control-allow-origin: https://refinance.lowermybills.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/755089552/ 42 B
64 B 46ms
29ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/755089552/?random=1646999576915&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3125893374&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
125 B 41ms
40ms Ping
application/json 2600:1f18:24e6:b900:11d3:d432:4966:d525
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-4DRTSTIIF&batch_time=1646999577384
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:11d3:d432:4966:d525 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:57 GMT
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

GET
H3 200 /
www.google.com/pagead/1p-user-list/849970183/ 42 B
64 B 40ms
27ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/849970183/?random=1646999576920&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=2580028736&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.com/pagead/1p-conversion/849970183/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200...
https://www.google.com/pagead/1p-conversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u...

42 B
64 B

34ms
32ms

Image
image/gif

2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=GDgrYuucOd6OoPMP6OCVyAM&cid=CAQSKQCNIrLMoVwC98yUxRigwzuWuyB92nxkjhULAZ8cjudF0JV2YkX9ijnC&random=1589202689&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-conversion/849970183/?random=564886785&cv=9&fst=1646999576921&num=1&label=DKgWCPPcgqEBEIeIppUD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=GDgrYuucOd6OoPMP6OCVyAM&cid=CAQSKQCNIrLMoVwC98yUxRigwzuWuyB92nxkjhULAZ8cjudF0JV2YkX9ijnC&random=1589202689&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/968462554/ 42 B
64 B 37ms
26ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/968462554/?random=1646999576989&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3325496506&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/874461485/ 42 B
64 B 33ms
24ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/874461485/?random=1646999576991&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=1749075769&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/934858762/ 42 B
64 B 32ms
24ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/934858762/?random=1646999576993&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=760006336&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.com/pagead/1p-conversion/735544455/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=120...
https://www.google.com/pagead/1p-conversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&...

42 B
64 B

28ms
27ms

Image
image/gif

2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=GTgrYvesAZmoNceTnIAP&cid=CAQSKQCNIrLM-9ZkUMBH5rxiSiP-iqI0vWyDeg6cYFTEj8sdXgKQiOigmd_D&random=2572803849&resp=GooglemKTybQhCsO

Protocol

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
location: https://www.google.com/pagead/1p-conversion/735544455/?random=1596415962&cv=9&fst=1646999576994&num=1&label=iteKCOibgqIBEIeJ3t4C&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&auid=1785227848.1646999576&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=GTgrYvesAZmoNceTnIAP&cid=CAQSKQCNIrLM-9ZkUMBH5rxiSiP-iqI0vWyDeg6cYFTEj8sdXgKQiOigmd_D&random=2572803849&resp=GooglemKTybQhCsO
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/735544455/ 42 B
64 B 31ms
25ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/735544455/?random=1646999577012&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=4051821574&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 psp
psp.pushnami.com/api/ Frame 0
0 394ms
15ms Preflight
application/json 52.23.126.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://psp.pushnami.com/api/psp
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.23.126.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-126-38.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Origin: https://refinance.lowermybills.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 11 Mar 2022 11:52:57 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://refinance.lowermybills.com
access-control-allow-credentials: true
access-control-expose-headers: content-type, content-length, etag
access-control-max-age: 600
access-control-allow-headers: key
access-control-allow-methods: POST
cache-control: no-cache
vary: accept-encoding
content-encoding: gzip

GET
H3 200 /
www.google.com/pagead/1p-user-list/966730890/ 42 B
64 B 36ms
30ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577013&cv=9&fst=1646996400000&num=1&value=1&currency_code=USD&label=SuU3CIKMzqoBEIrJ_MwD&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=271375542&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
125 B 67ms
60ms Ping
application/json 2600:1f18:24e6:b900:11d3:d432:4966:d525
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-4DRTSTIIF&batch_time=1646999577395
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:11d3:d432:4966:d525 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:57 GMT
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

GET
H3 200 /
www.google.com/pagead/1p-user-list/966730890/ 42 B
64 B 37ms
32ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/966730890/?random=1646999577014&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=2324066532&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/882032010/ 42 B
64 B 35ms
32ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/882032010/?random=1646999577015&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=4276283512&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1066568174/ 42 B
64 B 33ms
29ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1066568174/?random=1646999577016&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=924356182&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/950054130/ 42 B
64 B 37ms
34ms Image
image/gif 2607:f8b0:4006:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950054130/?random=1646999577017&cv=9&fst=1646996400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa370&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131&ref=https%3A%2F%2Fshapelyparadise.com%2F&tiba=Refinance%20Mortgage%2C%20Refinancing%20Rates%2C%20Mortgage%20Rates%20-%20LowerMyBills&async=1&fmt=3&is_vtc=1&random=3896457251&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2004 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Mar 2022 11:52:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 panorama.js Show response
cdn.taboola.com/scripts/ Frame E725 1 KB
967 B 18ms
14ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/panorama.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: CYlu4uGxGteYv0_gS3v6WaXb_4ObQ4ke
content-encoding: gzip
etag: "245ecb1e94189239a899012670435435"
age: 28763
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 710
x-amz-id-2: XtsOfObS0wi84gxfMJe3Y7m+bkyxYAW5f4vq82KTiDgZi2tJkb9CmCSwn1jB3BJl252AhoMkE4Y=
x-served-by: cache-lga21962-LGA
last-modified: Sun, 18 Apr 2021 12:53:28 GMT
server: AmazonS3
x-timer: S1646999577.418819,VS0,VE0
date: Fri, 11 Mar 2022 11:52:57 GMT
vary: Accept-Encoding
x-amz-request-id: 471GPV22ESZJDHRP
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 1
x-cache-hits: 17384

POST
H2 200 pubdff5c93c0a8137997d0bc115c7949e0c
rum-http-intake.logs.datadoghq.com/v1/input/ 2 B
125 B 56ms
54ms Ping
application/json 2600:1f18:24e6:b900:11d3:d432:4966:d525
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pubdff5c93c0a8137997d0bc115c7949e0c?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Alre-lp-webapp%2Cversion%3A1.0.3%20d-4DRTSTIIF&batch_time=1646999577456
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:24e6:b900:11d3:d432:4966:d525 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:57 GMT
cross-origin-resource-policy: cross-origin
content-length: 2
content-type: application/json

POST
H2 200 track Show response
trc.pushnami.com/api/push/ 2 B
168 B 19ms
18ms Fetch
text/html 3.219.201.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.201.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-201-101.compute-1.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept: application/json, text/plain, */*
Referer
key: 5f0794ed2693b80012279eb1
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Fri, 11 Mar 2022 11:52:57 GMT
cache-control: no-cache
content-type: text/html; charset=utf-8
content-length: 2
access-control-expose-headers: WWW-Authenticate,Server-Authorization

OPTIONS
H2 204 track
trc.pushnami.com/api/push/ Frame 0
0 44ms
11ms Preflight 3.219.201.101
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.pushnami.com/api/push/track
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.201.101 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-201-101.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: key
Origin: https://refinance.lowermybills.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 11 Mar 2022 11:52:57 GMT
access-control-allow-origin: *
access-control-allow-methods: POST
access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,key
access-control-max-age: 86400
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache

GET service-worker.js
refinance.lowermybills.com/ Frame 0
0

GET
H2 204 unip Show response
trc-events.taboola.com/1007280/log/3/ Frame E725 0
387 B 43ms
4ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1007280/log/3/unip?en=pre_d_eng_tb&tos=1726&scd=0&ssd=1&est=1646999576710&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1646999578437&vi=1646999576705&ri=3eb827e829cffe3b5df9c364d6ba70dc&sd=v2_26213d2f7eda03181768e9593cbbce1b_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4QsL09GIHBzMb3LyABKAEw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE&ui=4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98&ref=https%3A%2F%2Fshapelyparadise.com%2F&cv=20220306-2-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Fri, 11 Mar 2022 11:52:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1390358/log/3/ Frame E725 0
386 B 42ms
5ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1390358/log/3/unip?en=pre_d_eng_tb&tos=1727&scd=0&ssd=1&est=1646999576710&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1646999578438&vi=1646999576705&ri=d0c155d1a7c01a53cdff70cb5f584c69&sd=v2_d61bbab9a298b3663e8414c7b5c984fc_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4Qlu5UGIHBzMb3LyABKAMw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE&ui=4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98&ref=https%3A%2F%2Fshapelyparadise.com%2F&cv=20220306-2-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Fri, 11 Mar 2022 11:52:58 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1007280/log/3/ Frame E725 0
386 B 3ms
2ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1007280/log/3/unip?en=pre_d_eng_tb&tos=4728&scd=0&ssd=1&est=1646999576710&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1646999581439&vi=1646999576705&ri=3eb827e829cffe3b5df9c364d6ba70dc&sd=v2_26213d2f7eda03181768e9593cbbce1b_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4QsL09GIHBzMb3LyABKAEw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE&ui=4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98&ref=https%3A%2F%2Fshapelyparadise.com%2F&cv=20220306-2-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Fri, 11 Mar 2022 11:53:01 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 unip Show response
trc-events.taboola.com/1390358/log/3/ Frame E725 0
386 B 3ms
3ms XHR
text/plain 141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1390358/log/3/unip?en=pre_d_eng_tb&tos=4728&scd=0&ssd=1&est=1646999576710&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1646999581439&vi=1646999576705&ri=d0c155d1a7c01a53cdff70cb5f584c69&sd=v2_d61bbab9a298b3663e8414c7b5c984fc_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4Qlu5UGIHBzMb3LyABKAMw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE&ui=4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98&ref=https%3A%2F%2Fshapelyparadise.com%2F&cv=20220306-2-RELEASE&item-url=https%3A%2F%2Frefinance.lowermybills.com%2F%3Fcmpid%3D80%26crtid%3D6%26pkey1%3D131%26pkey2%3D690321%26pkey3%3D28618_7828573_13%26sid%3D4%26sourceid%3Dlmb-53704-112245-131
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1007280/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://refinance.lowermybills.com
pragma: no-cache
date: Fri, 11 Mar 2022 11:53:01 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: refinance.lowermybills.com
URL: https://refinance.lowermybills.com/service-worker.js

Verdicts & Comments Add Verdict or Comment

99 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.taboola.com/coredigital-quickenloans-video/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_d61bbab9a298b3663e8414c7b5c984fc_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4Qlu5UGIHBzMb3LyABKAMw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE
.taboola.com/coredigital-sc/	1969-12-31 23:59:59	Name: taboola_session_id Value: v2_26213d2f7eda03181768e9593cbbce1b_4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98_1646999576_1646999576_CMC77B4QsL09GIHBzMb3LyABKAEw4QE4kaQOQKm8DkiazNkDUJUEWABgAGjb_5X0ga2ul6YBcAE
shapelyparadise.com/	1970-01-20 02:13:11	Name: uid13109 Value: 1248562969-20220311065253-9ba8361bece0543c4539c6ea9271fdad-
.cdmtrk.com/	1969-12-31 23:59:59	Name: sid Value: Qaojb6xwM73ZU2a+hUJq/N9DkhkkgHhbgoLwBU5ZP+Ml2B3t80CQjg==
.cdmtrk.com/	1970-01-20 19:02:09	Name: trk Value: skGDPRjxNxjZU2a+hUJq/N9DkhkkgHhbgoLwBU5ZP+Ml2B3t80CQjg==
.cdmtrk.com/	1970-01-20 19:02:37	Name: c4 Value: Qaojb6xwM71kYXhXJsQlebYRhVRBeaKsM5gyeUEjxwI=
refinance.lowermybills.com/	1970-01-20 10:15:35	Name: visitorId Value: bc5c1155-3af8-4d81-83ba-8501ed9f5c4e
refinance.lowermybills.com/	1970-01-20 01:40:04	Name: sourceId Value: lmb-53704-112245-131
refinance.lowermybills.com/	1970-01-20 01:40:04	Name: connect.sid Value: s%3AgRJ3HMvCeWQUxaGA47QROCz0f2oJCp0C.%2F5DA6BR4BaNclKdKKlDS3ifEbONfhnGSJX9o92yrwY0
refinance.lowermybills.com/	1969-12-31 23:59:59	Name: BIGipServerpl.prod-lrelpwapp-lnd Value: !5uPhM3PkeptbfbNRHhj5eaSY0gTQ+A3/bmE3H4Tq1biJnjKQKJWxVtidANTYl+VdC5OznW993O/cdGI=
refinance.lowermybills.com/	1969-12-31 23:59:59	Name: TS014fdca0 Value: 012d8c2fc39b1e9c55df1c2ef692864613cc4fb5f9678b83a43b4f242ed16c6e4ee5cbfcb3667bf85dc0a422d049405f26de44d974
refinance.lowermybills.com/	1970-01-20 01:31:25	Name: DAPROPS Value: "sjs.webGlRenderer:Intel Iris OpenGL Engine\|bjs.accessDom:1\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.deviceOrientation:0\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.touchEvents:0\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|buserMedia:1\|bjs.battery:0"
refinance.lowermybills.com/	1970-01-20 01:30:00	Name: _dd_s Value: rum=1&id=f2ffb2c8-d6d7-490a-8aa4-b4a371dcfd8b&created=1646999576054&expire=1647000476054
.lowermybills.com/	1970-01-20 19:01:11	Name: _ga_WQ7TGZQSWQ Value: GS1.1.1646999576.1.0.1646999576.0
.bing.com/	1970-01-20 10:51:35	Name: MUID Value: 2699705C0AA56AB41DF061380B8C6B28
.bat.bing.com/	1970-01-20 01:40:04	Name: MR Value: 0
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: m2bUIJJYNBQ3
.mgid.com/	1970-01-20 01:30:01	Name: __cf_bm Value: 534674952b4546e228ed79c60a5d2ddc45b9c116-1646999576-0-AZTuHbvrR28AyyWo23AyYIv++Oe/mUffxw4LZMyWV+xAirdaLaU0Gnrf58fu/CfWjlfF5BX4w7qw1YTN9fa9530=
.lowermybills.com/	1970-01-20 01:31:11	Name: FPLC Value: U5tOFmSg3%2FB9tqph4f2Yguwzbmw9yoGRv6jca7JxhWIzwaHt05CtpeEPveQ%2BaGmQ5f3fX%2FhJhwQEWiocxgAnpAjusIEYGxjuBeu55O7SHMpgA9u4%2B1O5i0ffve5Wrw%3D%3D
.lowermybills.com/	1970-01-20 19:01:11	Name: FPID Value: FPID2.2.QUI9ZD%2F1SdSqUv6U90eRg6ohfXVNSVcsy0cwgX1h%2BbQ%3D.1646999576
.twitter.com/	1970-01-20 19:01:11	Name: personalization_id Value: "v1_cyrSS11aJGDVvlzavhvrSw=="
.lowermybills.com/	1970-01-20 03:39:35	Name: _gcl_au Value: 1.1.1785227848.1646999576
.yahoo.com/	1970-01-20 10:15:57	Name: A3 Value: d=AQABBBg4K2ICEH1neWny8JrJD07Y6l5REmoFEgEBAQGJLGI1YgAAAAAA_eMAAA&S=AQAAAo_Xmi6nsdRaI4oDBig0Aks
.doubleclick.net/	1970-01-20 19:01:11	Name: IDE Value: AHWqTUlF_9aPCPZhlVI5SHybhgqnhZizqXP6DlInwmWvTqs8u60IpgMDWA6FfwtJrik
.lowermybills.com/	1970-01-20 01:31:25	Name: _uetsid Value: caaeb870a13111ecafe5f3e6dd4f1290
.revjet.com/	1970-01-20 19:01:11	Name: trx Value: 6906375613780795563
.taboola.com/	1970-01-20 10:15:35	Name: t_gid Value: 4ebb5d5b-bb99-47ca-8182-c953168654c1-tuct924bd98
.lowermybills.com/	1970-01-20 10:51:35	Name: _uetvid Value: caaf4060a13111ecb388f5003be5a349
refinance.lowermybills.com/	1970-01-20 03:39:35	Name: MgidSensorNVis Value: 1
refinance.lowermybills.com/	1970-01-20 03:39:35	Name: MgidSensorHref Value: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131
.lowermybills.com/	1970-01-20 19:01:11	Name: _ga Value: GA1.2.1955499659.1646999576
.lowermybills.com/	1970-01-20 01:31:25	Name: _gid Value: GA1.2.1013454341.1646999577
.lowermybills.com/	1970-01-20 01:29:59	Name: _gat_gtag_UA_72055405_1 Value: 1
.t.co/	1970-01-20 19:01:11	Name: muc_ads Value: 61558bc8-bf2d-45d2-9573-f3f07d96ad5c
.lowermybills.com/	1970-01-20 01:30:01	Name: __cf_bm Value: fsTC4Xz8shh1iamLmtNiAwV8Rys9flDwFUJ9s_IdvoE-1646999578-0-AYFnH34L6MPJ7MpO6oFVav0RObeH4uhEHGIHfJTSOv/H7colFDjjmgw1r4t+8htJlExn79XvQcYbzRsXACuxq7U=

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 71) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 71) Message: Unrecognized feature: 'attribution-reporting'.
other	error	URL: https://refinance.lowermybills.com/?cmpid=80&crtid=6&pkey1=131&pkey2=690321&pkey3=28618_7828573_13&sid=4&sourceid=lmb-53704-112245-131 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1t7ager7sr.s3.us-west-2.amazonaws.com
852807.fls.doubleclick.net
a.mgid.com
ad.doubleclick.net
ads.revjet.com
adservice.google.com
analytics.twitter.com
api.pushnami.com
bat.bing.com
cdmtrk.com
cdn-refinance.lowermybills.com
cdn.lowermybills.com
cdn.taboola.com
chosentask.com
content.lowermybills.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pix.revjet.com
privacy-policy.truste.com
psp.pushnami.com
refinance.lowermybills.com
rum-http-intake.logs.datadoghq.com
sgtm.lowermybills.com
shapelyparadise.com
sp.analytics.yahoo.com
static-lre.lowermybills.com
static.ads-twitter.com
static.cloudflareinsights.com
stats.g.doubleclick.net
t.co
trc-events.taboola.com
trc.pushnami.com
trc.taboola.com
www.datadoghq-browser-agent.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.lowermybills.com
refinance.lowermybills.com
103.129.199.220
104.19.132.78
104.244.42.3
104.244.42.5
13.33.60.37
13.33.85.127
141.226.224.48
142.250.64.102
142.250.64.98
143.204.146.120
146.75.32.157
151.101.1.44
2001:4860:4802:38::15
2600:1f18:24e6:b900:11d3:d432:4966:d525
2606:4700::6810:5e41
2606:4700::6812:139f
2607:f8b0:4006:808::2003
2607:f8b0:4006:80a::200a
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80e::2004
2607:f8b0:4006:821::2008
2607:f8b0:4006:824::200e
2607:f8b0:4023:1407::9d
2620:1ec:c11::200
3.219.201.101
38.145.210.70
51.81.46.107
52.23.126.38
52.38.233.250
52.92.164.202
74.201.172.221
76.13.32.146
01010c6ec222964f67413e0aa65a7fc00772ad77063d93cea7b6386ab1248f92
07cdddfc127cc19acdca92ab0c82c4216776e776cf4415a0c8be0789c9afa32b
0827416cc2debe603ecd6bc8003180b6e2ec857e28a2086407db307f3178efa4
084c07fdba76ce4a9bf7c923ae09bc3a0c19b4441cc0b9afcd7f4968356a5e0f
08b70144f153af7323a62a35287885ebfebd273e6fa3fee006aae0f3920845b5
0cada708e119149edd948291e531ccce6385fe040e74e3bb4d482ec74bd3f22d
0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
11076546e6b086bf7d9a5b4ac7bd86ddf25e5e847100921419ef3d37c1316102
127cae9821853edc1953090239e5ae0297c4626b184280bb894cbfef9f947f30
14fc22c5256bd29b6e6c2727a5fc2c2916c2c89d4ece46a710c7cdd1c7110320
1c0676327f2e8a36f4566392aaec15036da66d48fda332ae8b6c6af30dc3c485
1cf4becba1194b3931970493f823178403a6ede73368d62c4e6541c95a4733cc
1d7015c13fd51bf12eb98c6e4af1822cdfb32610540bf83730fed28917aadd84
2708ba3f9d4801f749f9cbfa758654adb888a37e3d4ca73a4bdf022885203039
2745a560bb3e2f9e450f87c83124a2043aec3a6ceb5da33a75360769fd8207ae
2843128d287da3614565182de89a84deb0e43fd049be6a4ed4d3a682bdd186c4
2d84cdbfaf9b2bc0ba30bc5f67e45d03b265b52c3cfe24353e09175b1fb0fdfb
3255db2fb88891ee1add7804275d722bdd4e1eb438c51927d08c0dd67c1c558f
327255e505f4b8383adcc5ad9f7c862f641e32c33678f6ea1b2b81fdb0771200
3e333e246ea1b30fe0259829fea64c9e2f303488f07d6c4852360eeb0fbf1625
4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e234e26253b146c31cc1c99925b2c1afbdfe425ffbf0f4a7aad79403f09e557
52e90f8f9e08f8802efecd8f58f20ab64dc480a368c83e2200854b895c9d12dc
53ba61b69daca2b2668d12a8d0f63084c2e164ec1f3c8c5ed2f356bd8e024e6d
55d750f4c81d3c02002c4f8398079373d1fb7b7f0ded1a1a9c79f5969b81cce3
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6da51bf58af124c6e8f8e0469a97e30657438cf9cb3af4087fb40391a666343f
7756e62e48b024e0496b00adcfbb5c32273ec240bd34c73fe882ee1893ceeae9
77a07d50f59e384a11b8048e7a43c9e76021554951bff30096fe4098cf9e8a20
7faef21187e15aefd3d8a5a585ca32c66358f597a97f5abd276517eaea1057d3
82f3e86bf88366e93c62eb14a8a7aa06afb75aa135c27988f3ccb946875d2f33
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
86f9cb44b12f3d37a72622b500a99d96bf070a07ab81b5577bd3dd723aae0ecf
8e027a33f7e1b4a38c80249a431e96e6d3e00a1a739ca8533b702459356e9c73
9985336660219f2aa5e5c8f21d7f5456aee6c69afb706d3a9c9322ad5d601a76
9cb0e1f9c2424fa8326d7aa035e1cc92073377c81cae82aa9eb8ce41eec4020e
9da8504d25577f714cab67e111ac9808d5b76cdef459d073db08199a46af5795
a113b14ba9ca1492d62f40ef089c146dcca972186cf9526150994f29b9d63c82
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a29ca0e06e23a9e194c5ea25bcf214690e4c440e168789f24feb87135f9115c8
a3960f5eb6e0980ccd56dbe3d3013e260bc846f66168050a96bc747b405c82f6
a732617c38101a63ad0f14116a16ca6d08b8562ccc8c20be9f17291427a2849f
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ae23e9c550183a08f3784faa8164e00607868e5758ff43b4b8843d79eecc25da
afd6e7336d280ae3bb630477cff15628bbddcf1b53f9d58462e683bb95ddffed
b14d9d48365976dcc294578884260518062e95bb32cdd34eba5261999a0c04da
b44d58396b54b03969c0bbefd84b6a15d0827cc9b18e828319d35a8aa3eafba1
b7e806bb69c2d40753f8cbec5b940264e8dd55a66dae18056c846a3045237ba7
b99c919f168349275b903d0a29253e0de9a945945650d811ee2ee0214b9387be
bcaed2245d50b6fdd80be3dd9d2d9035c2add0d211bd3b5d6fd1bd1a84d4b7cd
c022a1654436ed59b61893be67d31664c2c3619628c60d169581ddc3991d57cc
c028b077be5e40d001328413da67b3686cb62556ad0480a128be820ba95a3f5c
c5d8de9be38d4c4a0dde76b1cb8153295ccaa84e9f2acd295a006e99ef29b9a6
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
ca02a6d1ea30f27c563ca4c8d4f0cc68ce99a07ee42ac487d5e94b16d14b58da
d0753d905c5df56d17636625c5f1a5d8253629ad55b2e2de87294ce61cada637
d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9
d7bfa676c07c88144d9ecdcec09a4ec7afcd0449226bf5fc5063342a16d5f8e3
d7f40dac6d30d1aedf50b58270e0578b4e5f4e6c9700f11f9bd03da5993f1a19
d8b1f3575dd2b0024383a4f47725654257a4b4ec1015595ade984a80804a56ce
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1b5ecbe1f536ff0fef14eabe281e525514e533dc65d179493ee770857893943
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64954dc34e12c7190cc2338a54b07644ff0f102aa71cc7209bcbb49c3009f7c
e64fc3d7b72e16f5160169726ab30cb8ea364ccf30fcdf8882ea62e0388bb8cb
e8098c6938d10947bf06e59e59b684daf1ef70c1e520bd7e6d4d85e28ee94f00
ecbadd7dd92ebff68ac1b42adac83634823b01cf3d875a5467f022c26713463c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef49b0aa7db2c48fd88f4f4b7b3ccfa8d49687356144fe164a70a5b4a750ff4c
f0adb222f5c03313c9422badf65c06b2d3708a665044122e37405cda2e849ae1
f13e5b853a6dd7ce3a3a520dd108ef04efaeea02df4fca46d68e6afdce1061db
f7aa3bb2f725a60e7a19146739d0af40518abf9bd5e2dcdb1e1fa1d26e92b15b
f826a5339f6d1ab8fea68e64ac6cefce734a09dd3f6a2610f98dcc346be361c7
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ffaf72b22661831f2ec14dd92c58325005427ccd57cd2076cc259594eadc6c83

refinance.lowermybills.com Open in urlscan Pro 2606:4700::6812:139f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

117 Requests

91 %HTTPS

39 %IPv6

25 Domains

40 Subdomains

32 IPs

3 Countries

1397 kBTransfer

3543 kBSize

35 Cookies

19 Outgoing links

Page URL History

Redirected requests

117 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

refinance.lowermybills.com Open in urlscan Pro
2606:4700::6812:139f Public Scan

Screenshot
Live screenshot

Full Image

117
Requests

91 %
HTTPS

39 %
IPv6

25
Domains

40
Subdomains

32
IPs

3
Countries

1397 kB
Transfer

3543 kB
Size

35
Cookies

117 HTTP transactions
0 data transactions