loans.quickenloans.com Open in urlscan Pro
2606:4700::6812:1c6d Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908
Effective URL:
https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af...
Submission: On October 29 via api (October 29th 2024, 2:33:53 am UTC) from US — Scanned from GB

Summary HTTP 82 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 26 IPs in 5 countries across 24 domains to perform 82 HTTP transactions. The main IP is 2606:4700::6812:1c6d, located in United States and belongs to CLOUDFLARENET, US. The main domain is loans.quickenloans.com.
TLS certificate: Issued by WE1 on October 2nd 2024. Valid for: 3 months.

This is the only time loans.quickenloans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.36.162.171 34.36.162.171	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2606:4700:303... 2606:4700:3031::6815:4021	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	35.201.76.131 35.201.76.131	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
22	2606:4700::68... 2606:4700::6812:1c6d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.236.107 52.222.236.107	16509 (AMAZON-02) (AMAZON-02)
8	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.33.219.205 13.33.219.205	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81d::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3033::6815:487c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1f18:24e... 2600:1f18:24e6:b901:7caf:fdbd:23cb:8407	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6812:1ff5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:1ef5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:1f18:24e... 2600:1f18:24e6:b900:1b9f:2fe7:7ce5:577a	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700:10:... 2606:4700:10::ac43:29e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	35.179.217.71 35.179.217.71	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	54.205.148.24 54.205.148.24	14618 (AMAZON-AES) (AMAZON-AES)
1	13.32.23.8 13.32.23.8	16509 (AMAZON-02) (AMAZON-02)
4	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
82	26

1 34.36.162.171 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 171.162.36.34.bc.googleusercontent.com

npvnt7trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:4021 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.imbahsj2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.76.131 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 131.76.201.35.bc.googleusercontent.com

www.lmbahsj2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700::6812:1c6d (United States)

ASN13335 (CLOUDFLARENET, US)

loans.quickenloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
content.quickencompare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-107.fra56.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.219.205 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-219-205.fra60.r.cloudfront.net

www.datadoghq-browser-agent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::6815:487c (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.cdnfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b901:7caf:fdbd:23cb:8407 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum-http-intake.logs.datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1ff5 (United States)

ASN13335 (CLOUDFLARENET, US)

content.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1ef5 (United States)

ASN13335 (CLOUDFLARENET, US)

trackpixel.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:24e6:b900:1b9f:2fe7:7ce5:577a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

session-replay.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:29e5 (United States)

ASN13335 (CLOUDFLARENET, US)

create.lidstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
psb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:147 (United States)

ASN13335 (CLOUDFLARENET, US)

content.online.rocketmortgage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.179.217.71 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-179-217-71.eu-west-2.compute.amazonaws.com

script.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.205.148.24 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-148-24.compute-1.amazonaws.com

create.leadid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.23.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-23-8.fra56.r.cloudfront.net

d2m2wsoho8qq12.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	quickenloans.com loans.quickenloans.com	657 KB
10	quickencompare.com content.quickencompare.com — Cisco Umbrella Rank: 703553	95 KB
8	typekit.net use.typekit.net — Cisco Umbrella Rank: 455 p.typekit.net — Cisco Umbrella Rank: 561	97 KB
7	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 862 psb.taboola.com — Cisco Umbrella Rank: 5951 trc.taboola.com — Cisco Umbrella Rank: 686 trc-events.taboola.com — Cisco Umbrella Rank: 2720	25 KB
7	google.com www.google.com — Cisco Umbrella Rank: 3 region1.analytics.google.com — Cisco Umbrella Rank: 4401	812 B
6	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 136 td.doubleclick.net — Cisco Umbrella Rank: 192 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	6 KB
4	leadid.com create.leadid.com — Cisco Umbrella Rank: 14045	2 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	306 KB
3	lowermybills.com content.lowermybills.com — Cisco Umbrella Rank: 633476 trackpixel.lowermybills.com	18 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	2 KB
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 5087	191 B
2	anura.io script.anura.io — Cisco Umbrella Rank: 52074 ads.anura.io Failed	26 KB
2	lmbahsj2.com 2 redirects www.lmbahsj2.com — Cisco Umbrella Rank: 335898	1 KB
1	cloudfront.net d2m2wsoho8qq12.cloudfront.net
1	gstatic.com fonts.gstatic.com	8 KB
1	rocketmortgage.com content.online.rocketmortgage.com — Cisco Umbrella Rank: 767300	3 KB
1	lidstatic.com create.lidstatic.com — Cisco Umbrella Rank: 22294	39 KB
1	browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com — Cisco Umbrella Rank: 9028
1	datadoghq.com rum-http-intake.logs.datadoghq.com — Cisco Umbrella Rank: 8688
1	cdnfonts.com fonts.cdnfonts.com — Cisco Umbrella Rank: 8059	935 B
1	datadoghq-browser-agent.com www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1208	37 KB
1	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 5983	8 KB
1	imbahsj2.com 1 redirects www.imbahsj2.com	742 B
1	npvnt7trk.com 1 redirects npvnt7trk.com	615 B
82	24

	Domain	Requested by
12	loans.quickenloans.com	loans.quickenloans.com www.datadoghq-browser-agent.com
10	content.quickencompare.com
6	use.typekit.net	loans.quickenloans.com client use.typekit.net
4	trc-events.taboola.com	cdn.taboola.com
4	create.leadid.com	www.datadoghq-browser-agent.com
4	region1.analytics.google.com	www.datadoghq-browser-agent.com
4	www.googletagmanager.com	loans.quickenloans.com www.googletagmanager.com trackpixel.lowermybills.com
3	fonts.googleapis.com	loans.quickenloans.com
3	www.google.co.uk	loans.quickenloans.com
3	td.doubleclick.net	www.googletagmanager.com
3	www.google.com	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	script.anura.io	loans.quickenloans.com www.datadoghq-browser-agent.com
2	trackpixel.lowermybills.com	loans.quickenloans.com
2	p.typekit.net	use.typekit.net
2	www.lmbahsj2.com	2 redirects
1	d2m2wsoho8qq12.cloudfront.net	create.lidstatic.com
1	trc.taboola.com	cdn.taboola.com
1	psb.taboola.com	cdn.taboola.com
1	fonts.gstatic.com	fonts.googleapis.com
1	content.online.rocketmortgage.com
1	cdn.taboola.com	loans.quickenloans.com
1	create.lidstatic.com	loans.quickenloans.com
1	session-replay.browser-intake-datadoghq.com	www.datadoghq-browser-agent.com
1	content.lowermybills.com	loans.quickenloans.com
1	rum-http-intake.logs.datadoghq.com	www.datadoghq-browser-agent.com
1	fonts.cdnfonts.com	loans.quickenloans.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	www.datadoghq-browser-agent.com	loans.quickenloans.com
1	widget.trustpilot.com	loans.quickenloans.com
1	www.imbahsj2.com	1 redirects
1	npvnt7trk.com	1 redirects
0	ads.anura.io Failed	www.datadoghq-browser-agent.com
82	33

This site contains links to these domains. Also see Links.

Domain
www.quickencompare.com
www.rockethomes.com
www.quickenloans.com
privacyportal.onetrust.com
www.jdpower.com
www.trustpilot.com

Subject Issuer	Validity	Valid
loans.quickenloans.com WE1	`2024-10-02` - `2024-12-31`	3 months	crt.sh
*.trustpilot.com Amazon RSA 2048 M03	`2024-01-03` - `2025-01-31`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-27` - `2025-09-27`	a year	crt.sh
*.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2025-08-03`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.co.uk WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
cdnfonts.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.logs.datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-16` - `2025-02-17`	a year	crt.sh
lowermybills.com WE1	`2024-09-09` - `2024-12-09`	3 months	crt.sh
quickencompare.com WE1	`2024-09-13` - `2024-12-12`	3 months	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-14` - `2025-05-17`	a year	crt.sh
lidstatic.com E6	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-30` - `2024-12-31`	5 months	crt.sh
online.rocketmortgage.com WE1	`2024-09-09` - `2024-12-08`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
script.anura.io Amazon RSA 2048 M03	`2024-09-15` - `2025-10-15`	a year	crt.sh
create.leadid.com Amazon RSA 2048 M03	`2024-07-20` - `2025-08-18`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Frame ID: 215DB01BF0335CE630E13FD9D2BF5BFE
Requests: 66 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Floans.quickenloans.com
Frame ID: 71E5438BFFC0E40FA25153C5E3F97D0D
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-RXLL9Z7XBK&gacid=1461520469.1730169222&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101878898~101878942~101925629&z=1247160456
Frame ID: 0DED45E70ED135A22E68DEEB39023129
Requests: 1 HTTP requests in this frame

Frame: https://trackpixel.lowermybills.com/ploan/pixel.js
Frame ID: F770B36B1958CBBC11214B1BCFF48C29
Requests: 1 HTTP requests in this frame

Frame: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Frame ID: 75AE499A77F2EC87955472E4478E01A8
Requests: 5 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10865694633?random=1730169225643&cv=11&fst=1730169225643&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 878F301C41311B952AAE72D97B2619ED
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10865694633?random=1730169225701&cv=11&fst=1730169225701&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 950EB913EF91323CF8B7AC5D76F94617
Requests: 1 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=92875CED-5583-5E11-AD9E-7A01162DFE9F&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=B87EED3A-5F1D-1EA4-B60B-FCC3F180B22D&lac=20CCD961-FA4F-5BB7-1E71-E4197110D50D
Frame ID: 7774ADCB62B7EA33D2CAA40ECD0AE08B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Find A Loan Solution - Start Here | Quicken Loans

Page URL History Show full URLs

http://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908 HTTP 307
https://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908 HTTP 302
https://www.imbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da HTTP 302
https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da HTTP 302
https://www.lmbahsj2.com/29PD1BG/9K7SB2/?__rpt=0&__po=9&__ptid=61c6a62389d240f0a969cd809b494278&__rpa... HTTP 302
https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=8... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

82
Requests

95 %
HTTPS

68 %
IPv6

24
Domains

33
Subdomains

26
IPs

5
Countries

1330 kB
Transfer

4620 kB
Size

28
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.quickencompare.com/mortgage/mortgage-calculator/
Title: Mortgage Payment Calculator

Search URL Search Domain Scan URL

URL: https://www.quickencompare.com/loans/personal-loan-calculator/
Title: Personal Loan Payment Calculator

Search URL Search Domain Scan URL

URL: https://www.rockethomes.com/how-much-is-my-house-worth
Title: Home Value Estimator

Search URL Search Domain Scan URL

URL: https://www.quickencompare.com/loans/home-equity-loans/home-equity-loan-amount-calculator/
Title: Estimated Home Equity Calculator

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/legal/state-privacy
Title: Information That We Collect and Share About You

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/37cf9a71-5b40-4cf5-a30e-8beabeed8379/c3baaee8-0b37-4f2b-bf4c-76b0e035482e
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

URL: https://www.jdpower.com/
Title: jdpower.com

Search URL Search Domain Scan URL

URL: https://www.trustpilot.com/
Title: trustpilot.com

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/legal/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/legal/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/legal/disclosures-licenses
Title: Licenses and Disclosures

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908 HTTP 307
https://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908 HTTP 302
https://www.imbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da HTTP 302
https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da HTTP 302
https://www.lmbahsj2.com/29PD1BG/9K7SB2/?__rpt=0&__po=9&__ptid=61c6a62389d240f0a969cd809b494278&__rpa=0&__rc=1&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da&sub3=&sub4=&sub5=&source_id=9&__pcd=9 HTTP 302
https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

82 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
loans.quickenloans.com/
Redirect Chain

http://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908
https://npvnt7trk.com/4rqsj/79c6g4/0.4833789726736908
https://www.imbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da
https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da
https://www.lmbahsj2.com/29PD1BG/9K7SB2/?__rpt=0&__po=9&__ptid=61c6a62389d240f0a969cd809b494278&__rpa=0&__rc=1&sub1=2&sub2=69fb56cbf9de41b2925da5c9e06654da&sub3=&sub4=&sub5=&source_id=9&__pcd=9
https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&cr...

7 KB
4 KB

829ms
672ms

Document
text/html

2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dce8957415cd74484b77e1ed537bc6395998a4f42f86da60e9108f438968f5e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8d9fc31bbd6648cb-LHR
content-encoding: gzip
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
content-type: text/html; charset=utf-8
date: Tue, 29 Oct 2024 02:33:41 GMT
expect-ct: max-age=0
origin-agent-cluster: ?1
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block

Redirect headers

accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 408
content-type: text/html; charset=utf-8
date: Tue, 29 Oct 2024 02:33:40 GMT
location: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
server: nginx
vary: Origin
via: 1.1 google
x-eflow-request-id: 7fff5770-690a-4d86-9b21-3f5ed52f3675

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 23 KB
8 KB 408ms
41ms Script
application/x-javascript 52.222.236.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-107.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c69de41dda83f00cc1b13dba90a57f25df046286ecd227bdd0c4d51d94947b61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "7d4644d89e45fe92623bdd628e60e8dd"
age: 4096
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 99gWVXf02hZzHV6RlZCuYuh6PvJhgsMOJCIUR49jdBY4lFRrNtUHNw==
date: Tue, 29 Oct 2024 01:25:26 GMT
content-type: application/x-javascript
last-modified: Wed, 09 Oct 2024 12:04:38 GMT
strict-transport-security: max-age=31536000
cache-control: max-age=86400
via: 1.1 64f5a3ab7bfb476c633b87746aced0ee.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 7350
x-xss-protection: 1; mode=block
x-amz-cf-pop: FRA56-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 dcq8kbe.css
use.typekit.net/ 6 KB
1 KB 541ms
175ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/dcq8kbe.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

9afdd14bf99da6623d565f70abb79f9e9e865c0b632e53e96db05d9b7f1113b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 884
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: text/css;charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 main.3cbd936b730d9a0616fe.css
loans.quickenloans.com/ 80 KB
13 KB 991ms
987ms Stylesheet
text/css 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.css

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4c6768a1ce8e5f5b0b97fa1d51fa439060ad033b1f35e313e13bcb457629e903

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"13edf-1927643f0a8"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:41 GMT
date: Tue, 29 Oct 2024 02:33:42 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 11:50:17 GMT
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
cf-ray: 8d9fc320392b48cb-LHR
x-xss-protection: 1; mode=block
x-powered-by: Express
server: cloudflare

GET
H2 200 main.3cbd936b730d9a0616fe.js Show response
loans.quickenloans.com/ 3 MB
628 KB 1086ms
1085ms Script
application/javascript 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

78cae779d72dcdde6ef3938b0b83ab656cd2a9c2795a286cd9652ba68c41c589

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"2c7199-1927643f0a8"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:42 GMT
date: Tue, 29 Oct 2024 02:33:42 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 11:50:17 GMT
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
cf-ray: 8d9fc320392c48cb-LHR
x-xss-protection: 1; mode=block
x-powered-by: Express
server: cloudflare

GET
H2 200 datadog-rum-v3.js Show response
www.datadoghq-browser-agent.com/ 115 KB
37 KB 366ms
62ms Script
application/javascript 13.33.219.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Requested by: Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.219.205 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-219-205.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, s-maxage=60
timing-allow-origin: *
content-encoding: br
etag: W/"647fda9a4d3d74344732d76cf1fff47c"
age: 45
via: 1.1 fe1df26b55e8c12763613686df86f7f2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: F2HuJuUYCAwtxO18GgNwLdgjy23per0WGZ9PQFNJdw39wRjbwRVVrg==
date: Tue, 29 Oct 2024 02:32:57 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 16:36:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P10
vary: Accept-Encoding

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 311 KB
106 KB 375ms
71ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5B82MZ73

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4c5fe38d8683653c4c8119023c447444eb97cc9e569db1e1edd79831d35a1b43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 29 Oct 2024 02:33:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 00:43:33 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 108030
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 collect
www.google.com/ccm/ 0
0 192ms
46ms Ping
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Floans.quickenloans.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1072495521.1730169222&auid=446498019.1730169222&npa=0&gtm=45He4ao0v9137104487za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101823848~101925629&tft=1730169221651&tfd=2630&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5B82MZ73
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 334 KB
109 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RXLL9Z7XBK&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5B82MZ73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1b143a78532f8513d72eebbcb0ecbce15a320bace36d8b12f153abf60abef14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 29 Oct 2024 02:33:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 111445
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 71E5 0
0 197ms
65ms Document
text/html 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Floans.quickenloans.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5B82MZ73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 21566
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Mon, 28 Oct 2024 20:34:15 GMT
expires: Tue, 28 Oct 2025 20:34:15 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 66ms
39ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=dcq8kbe&ht=tk&f=6844.6845.6846.6847.6848.6851.6852.6853&a=176595194&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: public, max-age=604800
etag: "6649f74c-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: text/css
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx

POST
H2 204 collect Show response
region1.analytics.google.com/g/ 0
559 B 249ms
52ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-RXLL9Z7XBK&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&_p=1730169221196&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101878898~101878942~101925629&cid=1461520469.1730169222&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1730169221&sct=1&seg=0&dl=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&dt=Refinance%2C%20Cash%20Out%20Refinance%2C%20Home%20Equity%20Loans%20and%20Lines%20of%20Credit%2C%20Personal%20Loans%20-%20Get%20Funds%20for%20Any%20Purpose&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2793
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://loans.quickenloans.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:42 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
550 B 393ms
52ms Ping
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RXLL9Z7XBK&cid=1461520469.1730169222&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533421~101823848~101878898~101878942~101925629
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RXLL9Z7XBK&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://loans.quickenloans.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:42 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 0DED 0
0 254ms
112ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-RXLL9Z7XBK&gacid=1461520469.1730169222&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533421~101823848~101878898~101878942~101925629&z=1247160456

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RXLL9Z7XBK&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 02:33:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 176ms
48ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RXLL9Z7XBK&cid=1461520469.1730169222&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533421~101823848~101878898~101878942~101925629&tag_exp=101533421~101823848~101878898~101878942~101925629&z=1498385780

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:33:42 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 204 collect Show response
region1.analytics.google.com/g/ 0
48 B 173ms
54ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-RXLL9Z7XBK&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&_p=1730169221196&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101878898~101878942~101925629&cid=1461520469.1730169222&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=2&sid=1730169221&sct=1&seg=1&dl=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&dt=Refinance%2C%20Cash%20Out%20Refinance%2C%20Home%20Equity%20Loans%20and%20Lines%20of%20Credit%2C%20Personal%20Loans%20-%20Get%20Funds%20for%20Any%20Purpose&en=page_view&_et=44&tfd=2872
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://loans.quickenloans.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:42 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 dcq8kbe.css
use.typekit.net/ 6 KB
0 0ms
0ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/dcq8kbe.css
Requested by: Host: client
URL: about:client
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9afdd14bf99da6623d565f70abb79f9e9e865c0b632e53e96db05d9b7f1113b8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-encoding: gzip
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 884
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: text/css;charset=utf-8
vary: Accept-Encoding
server: nginx

POST
H2 204 collect Show response
region1.analytics.google.com/g/ 0
57 B 56ms
54ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-RXLL9Z7XBK&gtm=45je4ao0v9169491831za200zb9137104487&_p=1730169221196&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101878898~101878942~101925629&cid=1461520469.1730169222&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=3&sid=1730169221&sct=1&seg=1&dl=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&dt=Refinance%2C%20Cash%20Out%20Refinance%2C%20Home%20Equity%20Loans%20and%20Lines%20of%20Credit%2C%20Personal%20Loans%20-%20Get%20Funds%20for%20Any%20Purpose&en=scroll&epn.percent_scrolled=90&_et=12&tfd=4010
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://loans.quickenloans.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 css
fonts.googleapis.com/ 12 KB
749 B 240ms
79ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a7d9d066818d14071483fb738ada07980e96f9f418b0314fbfe4d3102d589316

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:33:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 29 Oct 2024 02:33:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 undefined Show response
loans.quickenloans.com/ 7 KB
3 KB 206ms
205ms Script
text/html 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/undefined

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f2d5fc64665179a789f0dbf43e46378975f0a9613daa28fa2212e7407e346fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc32c0c1948cb-LHR
x-xss-protection: 1; mode=block
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 8 KB
645 B 224ms
63ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c1608c748ec9c89f092a8c3b454f4782c20ba182f53e8ae85966d64657895a7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:33:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 29 Oct 2024 02:33:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 css
fonts.googleapis.com/ 419 B
767 B 223ms
62ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Antic+Didone:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

292379fc85cb2efb54212c45e3a5154408086b3e94135c0ffef356f17ce902b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 02:33:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 29 Oct 2024 02:33:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 stack-ssi
fonts.cdnfonts.com/css/ 1 KB
935 B 180ms
41ms Stylesheet
text/css 2606:4700:3033::6815:487c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.cdnfonts.com/css/stack-ssi
Requested by: Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:487c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76b65310895e8341f3804e1f3d436a0910928874964daf20f6e2d7a8a69553f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 5821832
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gl3EVlzqc7SGvV4xIkON%2BYyfjjYOG6TjhyTFgb5NwD2Uc3HI3oHTW6mr5EyeF2NiVm2inW3aLZKKmDan52gMGQxGFP7gSvKqP7TNk7GLgXQnPabs2mA99CXrWXnXXaJbPWnmkt4bNxKIMcZPR1lyQHM%3D"}],"group":"cf-nel","max_age":604800}
cf-polished: origSize=1385
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25447&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4164&recv_bytes=4190&delivery_rate=119613&cwnd=12000&unsent_bytes=0&cid=bb5653ad72478e31&ts=65&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 22 Aug 2024 17:23:11 GMT
priority: u=0,i=?0
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d9fc32cef1f9571-LHR
access-control-allow-origin: *
server: cloudflare

GET
H2 200 p.css
p.typekit.net/ 5 B
0 9ms
9ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=dcq8kbe&ht=tk&f=6844.6845.6846.6847.6848.6851.6852.6853&a=176595194&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: public, max-age=604800
etag: "6649f74c-5"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5
date: Tue, 29 Oct 2024 02:33:41 GMT
content-type: text/css
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx

POST
H2 200 pub7338472aab069e71fb1763621d542e2d
rum-http-intake.logs.datadoghq.com/v1/input/ 0
0 638ms
149ms Ping
application/json 2600:1f18:24e6:b901:7caf:fdbd:23cb:8407
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-http-intake.logs.datadoghq.com/v1/input/pub7338472aab069e71fb1763621d542e2d?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Apersonal-loans-webapp%2Cversion%3A1.0.0%20undefined&batch_time=1730169223042
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:24e6:b901:7caf:fdbd:23cb:8407 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

GET
H2 200 deviceatlas-1.6.min.js Show response
content.lowermybills.com/deviceatlas-1.6/ 7 KB
3 KB 162ms
44ms Script
text/javascript 2606:4700::6812:1ff5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://content.lowermybills.com/deviceatlas-1.6/deviceatlas-1.6.min.js

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1ff5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"67510dbcee1857a225b8f76bdc940c26"
age: 2047
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 04:33:43 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: Q3oDQOJf6ScX7aHN763hqkuem-0qWchhGG1AjZfwiv8YPaZ4QTKTTw==
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: text/javascript
last-modified: Wed, 16 Oct 2024 00:05:18 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=7200
via: 1.1 607dba8359ad47c5cb66e6b0ee315d8a.cloudfront.net (CloudFront)
cf-ray: 8d9fc32d388694a4-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 MON_LP Show response
loans.quickenloans.com/api/vertical/ 18 KB
6 KB 807ms
807ms XHR
application/json 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/vertical/MON_LP?sourceId=affl_everflow_ql-mon_173_809&moid=321646

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a66bc47ffdc490676ad5eaadaf1e4e7e40447411c593e8c50116372e6d417ea

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

x-datadog-origin: rum
x-datadog-parent-id: 6520890813461954709
Referer
x-datadog-trace-id: 1282189058180561633
x-datadog-sampled: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
x-datadog-sampling-priority: 1

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"4938-6CP24qxvmZxb68GKri4V0FVwMLg"
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc32c9c4048cb-LHR
x-xss-protection: 1; mode=block
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 pixel.js Show response
trackpixel.lowermybills.com/ploan/ Frame F770 411 B
1 KB 229ms
83ms Script
application/javascript 2606:4700::6812:1ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trackpixel.lowermybills.com/ploan/pixel.js

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1ef5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d09d0b03e053bcf9c0e4314fdc273c0217f1adc5289c4b9047ba378a3ac54a1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: wncOU_GrdqBP3jm7q57B6LAbJkXiIxlK
etag: W/"7daaa34e88dbde0511e455f366554d98"
age: 2047
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 04:33:43 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: gExJOl4zl20bes_gC05oEpfgtG0Ei_3IxFTegK4F7YG786bd77WwIA==
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: application/javascript
last-modified: Mon, 21 Oct 2024 17:20:54 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
x-amz-replication-status: COMPLETED
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=7200
via: 1.1 b9aee5a8825b4bcff5fa7a9e495a7588.cloudfront.net (CloudFront)
cf-ray: 8d9fc32d8ab571db-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD53-P1
server: cloudflare
x-amz-website-redirect-location: /ploan/pixel-078fdb8941f1d57a541f.js
x-amz-server-side-encryption: AES256

GET 0582ea27-e4f7-4341-93bc-d977c1bb0988
https://loans.quickenloans.com/ Frame 0
0

GET
H2 200 l
use.typekit.net/af/cafa63/00000000000000000001709a/27/ 24 KB
24 KB 195ms
56ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/cafa63/00000000000000000001709a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5461e0722bbe365dfa0df4652c60a6ced5f83c840d03021c4abd04ae9f9c6980

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://loans.quickenloans.com
Referer: https://use.typekit.net/dcq8kbe.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "1500587fffa9a4bb64d06e988493ea23a02a484a"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24272
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 MON_LP Show response
loans.quickenloans.com/api/vertical/ 18 KB
629 B 922ms
285ms XHR
application/json 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/vertical/MON_LP?sourceId=affl_everflow_ql-mon_173_809&moid=321646

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a66bc47ffdc490676ad5eaadaf1e4e7e40447411c593e8c50116372e6d417ea

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

x-datadog-origin: rum
x-datadog-parent-id: 2488573901643560260
Referer
x-datadog-trace-id: 4346181575285000731
x-datadog-sampled: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
x-datadog-sampling-priority: 1

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"4938-6CP24qxvmZxb68GKri4V0FVwMLg"
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:44 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc3319d9348cb-LHR
x-xss-protection: 1; mode=block
origin-agent-cluster: ?1
server: cloudflare

GET
H2 200 pixel-078fdb8941f1d57a541f.js Show response
trackpixel.lowermybills.com/ploan/ 62 KB
13 KB 65ms
64ms Script
application/javascript 2606:4700::6812:1ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trackpixel.lowermybills.com/ploan/pixel-078fdb8941f1d57a541f.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1ef5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1216919e30304840e600d72e70abc787b498ba33d59886172e0e43fdacffc569

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: dWfHx_9vDd05gyQHbcE6ZdbqUruDBB6J
etag: W/"bdd82068ae1f93a40e1133585acda35b"
age: 2046
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 04:33:43 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: 7eaVomrihUVQHIB6nkIIoxMhDfGc28VoVHWadrzyx_Ds-Ohyrt9UqA==
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: application/javascript
last-modified: Mon, 21 Oct 2024 17:20:49 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
x-amz-replication-status: COMPLETED
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=7200
via: 1.1 c0fd21fa4c68df754e4d737d4a07011e.cloudfront.net (CloudFront)
cf-ray: 8d9fc32e3b3171db-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD53-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 favicon.ico
content.quickencompare.com/qlpln/ 15 KB
8 KB 217ms
93ms Other
image/vnd.microsoft.icon 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://content.quickencompare.com/qlpln/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb8d89a2f12e25a59b766cc7e4c1b54f5c79d710a0fd36e2670ca479f982883d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"0be220b17dcbe52bb4a1c4af89b0a2b5"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:43 GMT
x-cache: RefreshHit from cloudfront
x-amz-cf-id: NsbFE9PW_lyykA0Zgf98f4YQqelYal14iWTnHxUrqa_2-iwXyCoJLw==
date: Tue, 29 Oct 2024 02:33:43 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 08 Aug 2024 07:51:06 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 333b3e221519b38df662208d5f1fc7d4.cloudfront.net (CloudFront)
cf-ray: 8d9fc32ed8816323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: LHR5-P7
server: cloudflare
x-amz-server-side-encryption: AES256

POST
H2 202 replay
session-replay.browser-intake-datadoghq.com/api/v2/ 0
0 611ms
292ms Ping
application/json 2600:1f18:24e6:b900:1b9f:2fe7:7ce5:577a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A3.11.0%2Cenv%3Aprod%2Cservice%3Apersonal-loans-webapp%2Cversion%3A1.0.0%20undefined&dd-api-key=pub7338472aab069e71fb1763621d542e2d&dd-evp-origin-version=3.11.0&dd-evp-origin=browser&dd-request-id=42634cd6-b5e6-4046-a976-34e2e1a9f4eb
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f18:24e6:b900:1b9f:2fe7:7ce5:577a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8kGadRIwJ9wkqZTt
Referer

Response headers

POST
H2 200 click Show response
loans.quickenloans.com/api/tracking/ 3 KB
2 KB 1063ms
1061ms XHR
application/json 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/click

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28d2ebf5f66e6297f3a3525dcac45937f1081b80af93f9d54aa361feedc44535

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
etag: W/"d83-xZoJsbkZehq/llg3emWl5xQIZP4"
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:44 GMT
content-type: application/json; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc3344e4248cb-LHR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 b87eed3a-5f1d-1ea4-b60b-fcc3f180b22d.js Show response
create.lidstatic.com/campaign/ 121 KB
39 KB 1471ms
307ms Script
text/javascript 2606:4700:10::ac43:29e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://create.lidstatic.com/campaign/b87eed3a-5f1d-1ea4-b60b-fcc3f180b22d.js?snippet_version=2&callback=leadIdCallback
Requested by: Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:29e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e596f12f57b9a9c6182ed14695044a3a64c5773dfc2b04c8a632444c76c8e001

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
cf-cache-status: REVALIDATED
etag: W/"74fff60050bea01596b57b94ae6983db"
x-amz-version-id: 2ZPIAE6ANN70rHcR4_LolYMsk2rVzUr0
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: text/javascript
last-modified: Fri, 11 Oct 2024 11:56:09 GMT
vary: Accept-Encoding
x-amz-id-2: TkBN5IU2dLyq+FFZy/C8U7xwEWmlFJ9NCp2YGZijeCFAoTXjHVhVKXKsVsf7HAw9TFeLnKoZFrBCh/I020jOiJg77pX3v0pB
x-amz-replication-status: COMPLETED
cache-control: max-age=1800
x-amz-request-id: JQEMAE3RJSH0RR41
cf-ray: 8d9fc33b8f966557-LHR
access-control-allow-origin: *
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1522456/ Frame 75AE 71 KB
22 KB 1565ms
416ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Requested by: Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c093a402297a70b170c7f2be89d85a80b368e880d1f03fba728d4430a1063bf6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
etag: "72558d23dd9c460cfe44fcc4efb6db00"
x-amz-version-id: 9IhMWOYEitjy3wJbqx0oR6BmuGClYgl2
age: 0
x-cache: MISS
date: Tue, 29 Oct 2024 02:33:45 GMT
last-modified: Sun, 27 Oct 2024 11:04:18 GMT
x-served-by: cache-lhr-egll1980023-LHR
x-cache-hits: 0
content-type: application/javascript; charset=utf-8
x-amz-id-2: A5YqovFsJ8D6m0MRvPxdNbpofD4Im13zamll/mULR7y4IoFeKSI8vZwXVQYC5G0Py9zSDHvuK6U=
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
cache-control: private,max-age=14401
x-timer: S1730169226.530141,VS0,VE389
via: 1.1 varnish
x-amz-request-id: RMZV6MWM8ZJK2DRX
accept-ranges: bytes
access-control-allow-origin: *
abp: 0
content-length: 22053
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 255 KB
90 KB 1084ms
1084ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10865694633

Requested by

Host: trackpixel.lowermybills.com
URL: https://trackpixel.lowermybills.com/ploan/pixel-078fdb8941f1d57a541f.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

10d5ef1b405cd6dc44d22d724d8692f064c839f8b37559b2441ae66db21083f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 29 Oct 2024 02:33:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 00:43:33 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 92518
x-xss-protection: 0
server: Google Tag Manager

POST
H2 409 presentation Show response
loans.quickenloans.com/api/tracking/ 66 B
173 B 208ms
207ms XHR
text/html 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/presentation

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eec70440bb98889d5c3b3126b7b36846af38d8195c69ca2897fb958898eff295

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc33b483148cb-LHR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 409 presentation Show response
loans.quickenloans.com/api/tracking/ 66 B
128 B 220ms
218ms XHR
text/html 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/presentation

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eec70440bb98889d5c3b3126b7b36846af38d8195c69ca2897fb958898eff295

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc33b583348cb-LHR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 204 event Show response
loans.quickenloans.com/api/tracking/ 0
66 B 621ms
620ms XHR
text/plain 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/event

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc33b583848cb-LHR
x-content-type-options: nosniff
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H2 204 event Show response
loans.quickenloans.com/api/tracking/ 0
43 B 625ms
623ms XHR
text/plain 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/event

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc33b984b48cb-LHR
x-content-type-options: nosniff
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H2 204 event Show response
loans.quickenloans.com/api/tracking/ 0
42 B 644ms
641ms XHR
text/plain 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://loans.quickenloans.com/api/tracking/event

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Content-Type: application/json

Response headers

strict-transport-security: max-age=15552000; includeSubDomains
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-dns-prefetch-control: off
cf-cache-status: DYNAMIC
expect-ct: max-age=0
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
x-download-options: noopen
cf-ray: 8d9fc33bc85748cb-LHR
x-content-type-options: nosniff
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H2 200 ql_logo.svg
content.online.rocketmortgage.com/wham/ 4 KB
3 KB 1171ms
655ms Image
image/svg+xml 2606:4700::6812:147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.online.rocketmortgage.com/wham/ql_logo.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:147 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a92ed9fc3a0e4248ece6c83014a40c1a07f7f4f05934d9449383e2c220b9dafe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"eea100e4a26adee86914e2dd622d33ae"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: vFyg1Wf94e6UCtRaOxsqgan_ty2f58y6MGBXnJBOSGvEjTaJpxlllQ==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Aug 2024 07:51:08 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 380b8df86a308d480e89105be202d464.cloudfront.net (CloudFront)
cf-ray: 8d9fc33f1d51cd6b-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: DUB56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 dollar-money-icon-small.svg
content.quickencompare.com/nmn/logo/ 7 KB
5 KB 676ms
671ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/nmn/logo/dollar-money-icon-small.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a6f8d6721cb9284a4edfca184bc8ea84b0f07165435686528c19eda52923265

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"3b280fb1b5f603b076383e1ca6ea531f"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: UdkfpqEtlAjur7fbOSqy0KGwCs2UAs9U9sgmD_NnidWjJ4FQIST0aQ==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Aug 2024 07:51:03 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 3562b200c76f549603bc2b54b13b29a6.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be8136323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: LHR5-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 icon-debit-conslidation.svg
content.quickencompare.com/qc/refi-images/ 7 KB
3 KB 673ms
668ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/icon-debit-conslidation.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8765d2a44a7dd777579bd7559f6e45b54e908b48760e343609bf00a1a133a496

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"28246f3e4007fedf73e208da971c046f"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: 77FqvkvRmgU2ClKEHXD_7UVxN5HhIN70WrO0TEVf4iSBE90hKlRqQg==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Oct 2024 00:06:01 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 f54074a9af172cf785448ba51dcad950.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be8196323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 icon-home-improvement.svg
content.quickencompare.com/qc/refi-images/ 7 KB
3 KB 675ms
670ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/icon-home-improvement.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d0824ab2ff220d6fe6bfefe8e105db2fc0d3cb95a7ce7ce6253dd64d46e1aab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"9c325b815530ac139ba546a0edfa7c91"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: o6RzUZfwfMx92UeYZWrvRadMjoVXZTzVTA9npVUeTaYQ_L2C4R_1vg==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 10 Oct 2024 06:38:42 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 cc28d5d9460b301311d91623d48bac46.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be81b6323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: LHR5-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 icon-emergency-new.svg
content.quickencompare.com/qc/refi-images/ 2 KB
1 KB 642ms
637ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/icon-emergency-new.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5643cca4d294f5e61116b7ea84ddbd969ec5b621abed26e9fdf86c5fc41a78f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"59be918441b8de2c5b4969ac39764148"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: sOUEAvScbVoo6SdA-tZbENAHewAy37m1Dkdm7xPDblgEH6BhBWtvIg==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 12 Sep 2024 20:14:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 3b500781adff4e086cafd29075c0f3c2.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be81d6323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 icon-household-expenses.svg
content.quickencompare.com/qc/refi-images/ 3 KB
1 KB 667ms
663ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/icon-household-expenses.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1d6a35594d8b1c89ba375149e22b31fe8d198b15e759f4a092a1629e8302d61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"4bc93ca8cf8ddca9dab4a7fe5b09e4a4"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: VvKCDEJNkgLPAfF-frx8zxliD7LbZ6eGO_NK6OfXPNquZ7NS7zXEHw==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 12 Sep 2024 20:14:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 ce327ed05d0ac0cdbf27df0811c995a0.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be81e6323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 down-arrow.svg
content.quickencompare.com/qc/refi-images/ 342 B
535 B 676ms
672ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/down-arrow.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9efa247b70fc3a490d2027fb08eeb8acd539f38d41a77b3eff8895f6752d95ad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"333552d29a8cd60fdd2459b641a774a1"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: hVI-9EPXYz222DTSyiebu5yjydHgr5Bx-ls4xmCIzdr02YxGeUo-JQ==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Thu, 12 Sep 2024 20:14:13 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 62db9fb3b90983f59ae41bc4d453e556.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be81f6323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: MAD56-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 5_stars.svg
content.quickencompare.com/qc/ 1 KB
1009 B 666ms
662ms Image
image/svg+xml 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/5_stars.svg

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e2f0e3cf3c7d53bdd7402ff0b12c7585b28f8e664cd73c0d81c6696c2a7b0c4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"dfdb39404473a99ec98aa98426dd98df"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: RefreshHit from cloudfront
x-amz-cf-id: SVR4q7oGvgY5kgt2EiIaz-YMsmu0A04o7uKvYigGey5hiVSaZjLQ6g==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/svg+xml
last-modified: Mon, 22 Jul 2024 17:48:10 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 8c92bd4fd6a606ee9b09d4fd234f7ca8.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be8206323-LHR
x-xss-protection: 1; mode=block
x-amz-cf-pop: AMS1-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 qc-financial-control.png
content.quickencompare.com/nmn/logo/ 12 KB
13 KB 641ms
639ms Image
image/png 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/nmn/logo/qc-financial-control.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

442b0856c633c8a41e1566de5aea94873cfa27b85e74e2fb2df4c92b55ab5608

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status: REVALIDATED
etag: "d9164fb30114b13fdb91bd8011b5f71b"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: hT5mdUwtQJp8GJBErXi0f82VHPi6yDIsWsjTtO6JqFZ1V5rEG9w8Ng==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/png
last-modified: Thu, 08 Aug 2024 07:51:03 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 90027edae0b6c5f3abc45a36e4c7c258.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be8236323-LHR
accept-ranges: bytes
content-length: 12630
x-xss-protection: 1; mode=block
x-amz-cf-pop: CDG55-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 BG-BLUE-ICON-WHITE.png
content.quickencompare.com/qc/refi-images/ 59 KB
59 KB 643ms
643ms Image
image/png 2606:4700::6812:1c6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.quickencompare.com/qc/refi-images/BG-BLUE-ICON-WHITE.png

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6812:1c6d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f6112cc353f90b0f71f3b1c2a5571b1b620290dd2048dc073eb91217c590e7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://loans.quickenloans.com/

Response headers

cf-cache-status: REVALIDATED
etag: "0b525d003df460ee3ef27bb82defdb43"
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 06:33:46 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: j-ouJtEuDWUJ8Gz5dh5UJIbRhZm5SfzdyfDohikHBkm_YpRx4i6oTw==
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: image/png
last-modified: Thu, 10 Oct 2024 06:38:41 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=2592000
content-security-policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
cache-control: public, max-age=14400
via: 1.1 9399b889481d52fdce69080691aeb298.cloudfront.net (CloudFront)
cf-ray: 8d9fc33be8246323-LHR
accept-ranges: bytes
content-length: 60242
x-xss-protection: 1; mode=block
x-amz-cf-pop: LHR5-P7
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 l
use.typekit.net/af/1b1b1e/00000000000000000001709e/27/ 24 KB
24 KB 43ms
41ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1b1b1e/00000000000000000001709e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9bacad71ca24f6147c4b72a6c0f351b07ba93b70f992082b812681fb3b46d9b6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://loans.quickenloans.com
Referer: https://use.typekit.net/dcq8kbe.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "f507d4945327bf77fa226b6fef0f1c6a6af3bf09"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24180
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/80c5d0/00000000000000000001709c/27/ 24 KB
24 KB 42ms
40ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/80c5d0/00000000000000000001709c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: cc62200b7ffb4acffa5ced44e916789729b903e9a39bf86bb6175577500c9fc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://loans.quickenloans.com
Referer: https://use.typekit.net/dcq8kbe.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "9852112d8099a97564f64224e106ceeffff9e7c4"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 24264
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: application/font-woff2
server: nginx

GET
H2 200 l
use.typekit.net/af/d32e26/00000000000000000001709b/27/ 24 KB
25 KB 58ms
57ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/d32e26/00000000000000000001709b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/dcq8kbe.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 6069bebbfc9a535fa8bf81fa81ce8741f6cef9e5fefd807aa1710a365cfed798

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://loans.quickenloans.com
Referer: https://use.typekit.net/dcq8kbe.css

Response headers

cache-control: public, max-age=31536000
timing-allow-origin: *
etag: "9689d00c5dfd98cdda07ad0f85b16f1599038e27"
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 25016
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: application/font-woff2
server: nginx

GET
H3 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/ 8 KB
8 KB 156ms
37ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://loans.quickenloans.com
Referer: https://fonts.googleapis.com/

Response headers

age: 553521
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 22 Oct 2025 16:48:24 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 22 Oct 2024 16:48:24 GMT
last-modified: Fri, 22 Mar 2024 00:02:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 7840
x-xss-protection: 0
server: sffe

GET
H2 200 request.js Show response
script.anura.io/ 73 KB
26 KB 162ms
40ms Script
application/javascript 35.179.217.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/request.js?instance=3439535758&exid=de2c1f85-d994-5202-907e-78edfb093a57&source=affl_everflow_ql-mon_173_809&campaign=2&942722140355

Requested by

Host: loans.quickenloans.com
URL: https://loans.quickenloans.com/main.3cbd936b730d9a0616fe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.179.217.71 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-179-217-71.eu-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

e39da8a2ed134c9dfe1b603c7d301f9a1210ab2e516f7db5e96e1e1cee69b209

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
date: Tue, 29 Oct 2024 02:33:45 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865694633/ 6 KB
3 KB 197ms
54ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865694633/?random=1730169225643&cv=11&fst=1730169225643&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10865694633

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67b5ac1f5e41eea2ac66d86afacc9c86ca8940f9c67c44bee61fe6b972a4530b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2569
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10865694633
td.doubleclick.net/td/rul/ Frame 878F 0
0 59ms
57ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10865694633?random=1730169225643&cv=11&fst=1730169225643&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10865694633

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 02:33:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10865694633/ 6 KB
3 KB 151ms
57ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10865694633/?random=1730169225701&cv=11&fst=1730169225701&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10865694633

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b17bf34d1a0154a718efac5f389f86e795e42a9b2d22753d5bd5400966d0df5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2568
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 10865694633
td.doubleclick.net/td/rul/ Frame 950E 0
0 56ms
56ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/10865694633?random=1730169225701&cv=11&fst=1730169225701&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10865694633

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Oct 2024 02:33:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET acc9c5fb-e0e5-457f-bf79-231db63d150c
https://loans.quickenloans.com/ Frame 0
0

GET showads.js
ads.anura.io/ 0
0

GET 5226ab91-8bea-4fd0-916b-262b0333800d
https://loans.quickenloans.com/ Frame 0
0

POST
H2 200 GenerateToken Show response
create.leadid.com/2.15.1/ 36 B
661 B 697ms
207ms XHR
text/plain 54.205.148.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/GenerateToken?msn=1&pid=7df84ddb-4d4a-4dac-b6f3-0ccc1b5ac36e&_=314588361

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.205.148.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-148-24.compute-1.amazonaws.com

Software

nginx /

Resource Hash

0e199bf514f7e188dc77231091ea8511a389920843d166330569ba9a82cabd14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

GET
H3 200 /
www.google.com/pagead/1p-user-list/10865694633/ 42 B
64 B 50ms
50ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10865694633/?random=1730169225643&cv=11&fst=1730167200000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dPFIJhWShoErv6VDKVTiUTkzCOKcHH4bRzVp-Vs9RhmepBYTl&random=2000959793&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/10865694633/ 42 B
64 B 51ms
51ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/10865694633/?random=1730169225643&cv=11&fst=1730167200000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7dPFIJhWShoErv6VDKVTiUTkzCOKcHH4bRzVp-Vs9RhmepBYTl&random=2000959793&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.com/pagead/1p-user-list/10865694633/ 42 B
64 B 49ms
49ms Image
image/gif 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10865694633/?random=1730169225701&cv=11&fst=1730167200000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7d-HJJrwaMcSKyyVxQ1tw5i9ceuzdtOYe5n16K0SKXsVi8QYIq&random=3813203439&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/10865694633/ 42 B
64 B 51ms
51ms Image
image/gif 2a00:1450:4001:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/10865694633/?random=1730169225701&cv=11&fst=1730167200000&bg=ffffff&guid=ON&async=1&gtm=45be4ao0v9118930571za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&hn=www.googleadservices.com&frm=0&tiba=Find%20A%20Loan%20Solution%20-%20Start%20Here%20%7C%20Quicken%20Loans&npa=0&pscdl=noapi&auid=446498019.1730169222&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQCa7L7d-HJJrwaMcSKyyVxQ1tw5i9ceuzdtOYe5n16K0SKXsVi8QYIq&random=3813203439&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 29 Oct 2024 02:33:45 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 topics_api Show response
psb.taboola.com/ Frame 75AE 65 B
280 B 151ms
47ms Fetch
text/html 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://psb.taboola.com/topics_api
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control: private, max-age=2592000
retry-after: 0
x-timer: S1730169226.097032,VS0,VE0
observe-browsing-topics: ?1
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
x-cache: HIT
content-length: 65
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: text/html; charset=utf-8
x-served-by: cache-lon420108-LON
server: Varnish
x-cache-hits: 0

GET
H2 200 json Show response
trc.taboola.com/1522456/trc/3/ Frame 75AE 3 KB
2 KB 62ms
53ms Script
application/javascript 151.101.193.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1522456/trc/3/json?tim=1730169225986&data=%7B%22id%22%3A544%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1730169225979%2C%22cv%22%3A%2220241022-18-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcoredigital-quickenloans-qcmoney-sc%3Aabp%3D1%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1730169225985%2C%22ref%22%3Anull%2C%22item-url%22%3A%22https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D%22%2C%22tos%22%3A3%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22ler%22%3A%22other%22%2C%22it%22%3A%22JS_PIXEL%22%2C%22supv%22%3Atrue%7D%2C%22pa%22%3A%7B%22su%22%3Atrue%7D%2C%22psb%22%3Atrue%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f1b1a51ebb7bd416e4b167757e0564629230f106ebb140f13d31c3e6eb9d9b57

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: gzip
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-log-content-encoding: gzip
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-lhr-egll1980023-LHR
x-cache-hits: 0
vary: Accept-Encoding
x-fastly-to-nlb-rtt: 8658
x-timer: S1730169226.012066,VS0,VE25
x-vcl-time-ms: 25
access-control-allow-credentials: true
via: 1.1 varnish
cpu: 0.03175
accept-ranges: bytes
access-control-allow-origin: *
x-service-version: v1
server: nginx

GET
H/1.1 200
OK iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 7774 0
0 205ms
50ms Document
text/html 13.32.23.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=92875CED-5583-5E11-AD9E-7A01162DFE9F&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.15.1&lck=B87EED3A-5F1D-1EA4-B60B-FCC3F180B22D&lac=20CCD961-FA4F-5BB7-1E71-E4197110D50D

Requested by

Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/b87eed3a-5f1d-1ea4-b60b-fcc3f180b22d.js?snippet_version=2&callback=leadIdCallback

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

13.32.23.8 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-23-8.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Age: 80937
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 28 Oct 2024 04:04:49 GMT
Etag: W/"6707fed3-dbb"
Last-Modified: Thu, 10 Oct 2024 16:20:35 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Via: 1.1 07fbd2276304c86925071791c7032950.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ljb9ygKQeSpBwdRB7fNR81p431PqC21IFjIY2SuHtjmrVlsLy7U2dQ==
X-Amz-Cf-Pop: FRA56-C2
X-Cache: Hit from cloudfront

POST
H2 200 SaveDom Show response
create.leadid.com/2.15.1/ 0
624 B 120ms
119ms XHR
text/plain 54.205.148.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/SaveDom?msn=2&pid=7df84ddb-4d4a-4dac-b6f3-0ccc1b5ac36e&token=92875CED-5583-5E11-AD9E-7A01162DFE9F&_=314588362

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.205.148.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-148-24.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

POST
H2 200 InitFormData Show response
create.leadid.com/2.15.1/ 0
623 B 178ms
176ms XHR
text/plain 54.205.148.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/InitFormData?msn=3&pid=7df84ddb-4d4a-4dac-b6f3-0ccc1b5ac36e&token=92875CED-5583-5E11-AD9E-7A01162DFE9F&_=314588363

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.205.148.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-148-24.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:46 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

POST
H2 200 response.json Show response
script.anura.io/ 141 B
479 B 195ms
90ms XHR
application/json 35.179.217.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/response.json?666367057127

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.179.217.71 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-179-217-71.eu-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

19f07929b9f0aa241b5764afc069187dd4fd9d9608c2176d6b7c9a3ea56088b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: POST
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:47 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

POST
H2 200 Snap Show response
create.leadid.com/2.15.1/ 0
624 B 390ms
255ms XHR
text/plain 54.205.148.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://create.leadid.com/2.15.1/Snap?msn=4&pid=7df84ddb-4d4a-4dac-b6f3-0ccc1b5ac36e&token=92875CED-5583-5E11-AD9E-7A01162DFE9F&_=314588364

Requested by

Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.205.148.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-148-24.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-max-age: 1728000
cache-control: no-cache, must-revalidate
content-encoding: gzip
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
date: Tue, 29 Oct 2024 02:33:47 GMT
content-type: text/plain;charset=UTF-8
server: nginx
access-control-allow-headers: X-Requested-With, Content-Type

GET
H2 204 unip Show response
trc-events.taboola.com/1522456/log/3/ Frame 75AE 0
252 B 185ms
56ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1522456/log/3/unip?en=pre_d_eng_tb&tos=1660&scd=0&ssd=1&est=1730169225983&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1730169227642&vi=1730169225979&ri=bc79182ab6da039678ebf4166a3ea3fd&ref=null&cv=20241022-18-RELEASE&item-url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&ler=other&it=JS_PIXEL
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Attribution-Reporting-Eligible: trigger
Referer

Response headers

access-control-allow-origin: https://loans.quickenloans.com
cache-control: no-cache
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date: Tue, 29 Oct 2024 02:33:48 GMT
pragma: no-cache
server: nginx
access-control-allow-credentials: true

OPTIONS
H2 200 unip
trc-events.taboola.com/1522456/log/3/ Frame 0
0 276ms
93ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1522456/log/3/unip?en=pre_d_eng_tb&tos=1660&scd=0&ssd=1&est=1730169225983&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1730169227642&vi=1730169225979&ri=bc79182ab6da039678ebf4166a3ea3fd&ref=null&cv=20241022-18-RELEASE&item-url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&ler=other&it=JS_PIXEL
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://loans.quickenloans.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: https://loans.quickenloans.com
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Tue, 29 Oct 2024 02:33:47 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

POST
H3 204 collect Show response
region1.analytics.google.com/g/ 0
20 B 35ms
33ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-RXLL9Z7XBK&gtm=45je4ao0v9169491831z89137104487za200zb9137104487&_p=1730169221196&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533421~101823848~101878898~101878942~101925629&cid=1461520469.1730169222&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&sid=1730169221&sct=1&seg=1&dl=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&dt=Refinance%2C%20Cash%20Out%20Refinance%2C%20Home%20Equity%20Loans%20and%20Lines%20of%20Credit%2C%20Personal%20Loans%20-%20Get%20Funds%20for%20Any%20Purpose&_s=4&tfd=9011
Requested by: Host: www.datadoghq-browser-agent.com
URL: https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://loans.quickenloans.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 02:33:48 GMT
content-type: text/plain
server: Golfe2

GET
H2 204 unip Show response
trc-events.taboola.com/1522456/log/3/ Frame 75AE 0
251 B 32ms
32ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1522456/log/3/unip?en=pre_d_eng_tb&tos=4663&scd=0&ssd=1&est=1730169225983&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1730169230644&vi=1730169225979&ri=bc79182ab6da039678ebf4166a3ea3fd&ref=null&cv=20241022-18-RELEASE&item-url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&ler=other&it=JS_PIXEL
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1522456/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Attribution-Reporting-Eligible: trigger
Referer

Response headers

access-control-allow-origin: https://loans.quickenloans.com
cache-control: no-cache
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
date: Tue, 29 Oct 2024 02:33:50 GMT
pragma: no-cache
server: nginx
access-control-allow-credentials: true

OPTIONS
H2 200 unip
trc-events.taboola.com/1522456/log/3/ Frame 0
0 32ms
31ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1522456/log/3/unip?en=pre_d_eng_tb&tos=4663&scd=0&ssd=1&est=1730169225983&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1730169230644&vi=1730169225979&ri=bc79182ab6da039678ebf4166a3ea3fd&ref=null&cv=20241022-18-RELEASE&item-url=https%3A%2F%2Floans.quickenloans.com%2F%3Fmoid%3D321646%26sourceid%3Daffl_everflow_ql-mon_173_809%26pkey1%3D809%26pkey2%3D2%26pkey3%3D847729bd35c74873b63af2a8d66c0c8e%26pkey%3D69fb56cbf9de41b2925da5c9e06654da%26sid%3D173%26cmpid%3D173%26crtid%3D%26oid%3D173%26affid%3D809%26_ef_transaction_id%3D847729bd35c74873b63af2a8d66c0c8e%26utm_medium%3Daffiliate%26utm_source%3Dnocapads.com%26utm_content%3D&ler=other&it=JS_PIXEL
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://loans.quickenloans.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: https://loans.quickenloans.com
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Tue, 29 Oct 2024 02:33:50 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: loans.quickenloans.com
URL: blob:https://loans.quickenloans.com/0582ea27-e4f7-4341-93bc-d977c1bb0988

Domain: loans.quickenloans.com
URL: blob:https://loans.quickenloans.com/acc9c5fb-e0e5-457f-bf79-231db63d150c

Domain: ads.anura.io
URL: https://ads.anura.io/showads.js?755052262077

Domain: loans.quickenloans.com
URL: blob:https://loans.quickenloans.com/5226ab91-8bea-4fd0-916b-262b0333800d

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

28 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
npvnt7trk.com/	1970-01-21 00:37:57	Name: uniqueClick_79c6g4 Value: 46efb910-a2f3-4b77-97ee-e215125c6f5b:1730169219
npvnt7trk.com/	1970-01-21 02:45:45	Name: transaction_id Value: 69fb56cbf9de41b2925da5c9e06654da
www.imbahsj2.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: a3ba23110d180a7da955552770214f8d
www.lmbahsj2.com/	1970-01-21 00:37:35	Name: uniqueClick_FGXLG Value: 939998f1-66ed-4a61-8848-98241f6b63c0:1730169220
www.lmbahsj2.com/	1970-01-21 00:37:35	Name: uniqueClick_9K7SB2 Value: d0035383-4af6-47f6-93ac-652fd93933c3:1730169220
www.lmbahsj2.com/	1970-01-21 02:45:45	Name: transaction_id Value: 847729bd35c74873b63af2a8d66c0c8e
.loans.quickenloans.com/	1970-01-21 00:36:11	Name: __cf_bm Value: fYeONHFGVITQs1zEiHgYwCRKOq4WcqAiJOTmJIR_08g-1730169221-1.0.1.1-8R91boB2a7RbfBhtYFOy3IMxS_DjN5MIZJKdvat1obHDm7WqCemUaXlChPr2bCbHQYLeX2ug6X8Ptzs4wwkRkw
.quickenloans.com/	1970-01-21 02:45:45	Name: _gcl_au Value: 1.1.446498019.1730169222
.quickenloans.com/	1970-01-21 10:12:09	Name: _ga Value: GA1.1.1461520469.1730169222
loans.quickenloans.com/	1970-01-21 00:37:35	Name: _dd_s Value: rum
loans.quickenloans.com/	1970-01-21 00:37:35	Name: _gcl_au Value: 1.1.446498019.1730169222
loans.quickenloans.com/	1970-01-21 00:37:35	Name: _ga Value: GA1.1.1461520469.1730169222
loans.quickenloans.com/	1970-01-21 00:37:35	Name: _ga_RXLL9Z7XBK Value: GS1.1.1730169221.1.1.1730169221.60.0.0
loans.quickenloans.com/	1970-01-21 09:21:45	Name: visitorId Value: 7c036ae3-4e64-4b2d-add9-427f9c2a2b45
.quickenloans.com/	1970-01-21 10:12:09	Name: _ga_RXLL9Z7XBK Value: GS1.1.1730169221.1.1.1730169223.58.0.0
loans.quickenloans.com/	1970-01-21 00:37:35	Name: DAPROPS Value: "sjs.webGlRenderer:Intel Iris OpenGL Engine\|bjs.accessDom:1\|bcookieSupport:1\|bcss.animations:1\|bcss.columns:1\|bcss.transforms:1\|bcss.transitions:1\|sdevicePixelRatio:1\|idisplayColorDepth:24\|bflashCapable:0\|bhtml.audio:1\|bhtml.canvas:1\|bhtml.inlinesvg:1\|bhtml.svg:1\|bhtml.video:1\|bjs.applicationCache:0\|bjs.deviceMotion:1\|bjs.deviceOrientation:0\|bjs.geoLocation:1\|bjs.indexedDB:1\|bjs.json:1\|bjs.localStorage:1\|bjs.modifyCss:1\|bjs.modifyDom:1\|bjs.querySelector:1\|bjs.sessionStorage:1\|bjs.supportBasicJavaScript:1\|bjs.supportConsoleLog:1\|bjs.supportEventListener:1\|bjs.supportEvents:1\|bjs.touchEvents:0\|bjs.webGl:1\|bjs.webSockets:1\|bjs.webSqlDatabase:0\|bjs.webWorkers:1\|bjs.xhr:1\|buserMedia:1\|bjs.battery:0"
.lowermybills.com/	1970-01-21 00:36:11	Name: __cf_bm Value: RYrQIoznGJhcfo01ocT7FlH1RRwyZct43wheQfc940o-1730169223-1.0.1.1-AqlpQzbosckZLq1k62fl3hIiVPd27s7nYmPwrqSm9xrIPAEmVEOW3v8NqD8hKLJRy_q0HT68KmumPJxcM6DOHA
.quickencompare.com/	1970-01-21 00:36:11	Name: __cf_bm Value: HhHDWlKpA9oRJf_MY9nOhWVdY38jje1up9ekNlwJUPA-1730169223-1.0.1.1-LNnKY.0g59Z8pUVMIiDZLppP53YoWMocRigxA7S6qdzRJ7uOFINvx8g5sPx0RHDIHcLgaXDTm.dvvXZmmKTT2A
loans.quickenloans.com/	1970-01-21 00:37:35	Name: AWSALBTG Value: nz4ABy42f0Z1F6TK34qo41+Q5e/AGIa5t94fgdgmCrxGW547v9Talkyo2BrvpnD18a/BJR9wLjkAaelPs71EP9wWBKGnudjWuLZD1/kQBIUU6W4ymZi/MFsM4z5qTAlK/2gXsKn8VcoFv74d8E9jZdRkDX8OLWI8JqhpDPGFs5WgiOBnBm0
loans.quickenloans.com/	1970-01-21 00:37:35	Name: AWSALBTGCORS Value: nz4ABy42f0Z1F6TK34qo41+Q5e/AGIa5t94fgdgmCrxGW547v9Talkyo2BrvpnD18a/BJR9wLjkAaelPs71EP9wWBKGnudjWuLZD1/kQBIUU6W4ymZi/MFsM4z5qTAlK/2gXsKn8VcoFv74d8E9jZdRkDX8OLWI8JqhpDPGFs5WgiOBnBm0
loans.quickenloans.com/	1970-01-21 00:36:11	Name: click Value: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXJrZXRpbmdDbGlja0lkIjoiZGUyYzFmODUtZDk5NC01MjAyLTkwN2UtNzhlZGZiMDkzYTU3IiwidmlzaXRvcklkIjoiN2MwMzZhZTMtNGU2NC00YjJkLWFkZDktNDI3ZjljMmEyYjQ1Iiwic2Vzc2lvbklkIjoiYTAwMWFlYTEtNDk0Mi00YTYzLWIzMDctNzJhMDhjZTA3MzVjIiwibWFya2V0aW5nT2ZmZXJJZCI6IjMyMTY0NiIsInNvdXJjZUlkIjoiYWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSIsInRpbWVPbkZvcm1TdGFydFRpbWUiOiIyMDI0LTEwLTI5VDAyOjMzOjQ0LjMyNFoiLCJvcmlnaW5SZXF1ZXN0ZWRVcmkiOiJodHRwczovL2xvYW5zLnF1aWNrZW5sb2Fucy5jb20vP21vaWQ9MzIxNjQ2JnNvdXJjZWlkPWFmZmxfZXZlcmZsb3dfcWwtbW9uXzE3M184MDkmcGtleTE9ODA5JnBrZXkyPTImcGtleTM9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmcGtleT02OWZiNTZjYmY5ZGU0MWIyOTI1ZGE1YzllMDY2NTRkYSZzaWQ9MTczJmNtcGlkPTE3MyZjcnRpZD0mb2lkPTE3MyZhZmZpZD04MDkmX2VmX3RyYW5zYWN0aW9uX2lkPTg0NzcyOWJkMzVjNzQ4NzNiNjNhZjJhOGQ2NmMwYzhlJnV0bV9tZWRpdW09YWZmaWxpYXRlJnV0bV9zb3VyY2U9bm9jYXBhZHMuY29tJnV0bV9jb250ZW50PSIsInByZXNlbnRhdGlvbk5hbWUiOiJNT05fTFBfUFJFU18wMDEiLCJkZXN0aW5hdGlvblVybCI6Imh0dHBzOi8vbG9hbnMucXVpY2tlbmxvYW5zLmNvbS8_bW9pZD0zMjE2NDYmc291cmNlaWQ9YWZmbF9ldmVyZmxvd19xbC1tb25fMTczXzgwOSZwa2V5MT04MDkmcGtleTI9MiZwa2V5Mz04NDc3MjliZDM1Yzc0ODczYjYzYWYyYThkNjZjMGM4ZSZwa2V5PTY5ZmI1NmNiZjlkZTQxYjI5MjVkYTVjOWUwNjY1NGRhJnNpZD0xNzMmY21waWQ9MTczJmNydGlkPSZvaWQ9MTczJmFmZmlkPTgwOSZfZWZfdHJhbnNhY3Rpb25faWQ9ODQ3NzI5YmQzNWM3NDg3M2I2M2FmMmE4ZDY2YzBjOGUmdXRtX21lZGl1bT1hZmZpbGlhdGUmdXRtX3NvdXJjZT1ub2NhcGFkcy5jb20mdXRtX2NvbnRlbnQ9IiwidmVydGljYWxOYW1lIjoiTU9OX0xQIiwicmVmZXJyaW5nVXJpIjoiIiwidGVzdElkIjoyMTcyMTczLCJtb2lkIjoiMzIxNjQ2IiwiY2xpZW50SXBBZGRyZXNzIjoiMmEwMDoyMzgxOjUzNzQ6MWQ6Ojk5IiwicHVibGlzaGVyRGV2aWNlIjoiIiwicmVzb2x1dGlvbiI6IiIsInVzZXJBZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwiYm90IjpmYWxzZSwiaWF0IjoxNzMwMTY5MjI0fQ.Icnt83NqedH3creF_ix5wjPB5VtlGF5bPiidQuUGd6hLuMQkBpUrJvspGMpss4NFJkhoQYsxXeKco6RtlYkTM-kFPlTdqlfZLYmSQ6ycBmgsNeIlOVsHdpuTyvVnblG6oMLMcDAtHI5eViulu2YTLqbGFyKkAAUY0T9Yu9mjUOBia8XKfnUr9GghKutjJf9wNvULVIxrF_pZPgCJANrJdP3R6Fw1SWjHJ--AWBQ8Yicm_p044_P9trJ66R-vef_C45Lt95gEk1KEbtYCXpTwiYo0ry_2o5DYCSH9fqjhspLUCA0ZULhv4LuKcSa-mlmng3PnHXszqOkrmOTca6gnhA
.doubleclick.net/	1970-01-21 09:57:45	Name: IDE Value: AHWqTUl7aV6l_mwGNw-RsN8gt384RFHdflCw1rimJJ_nSi8TqKf3b6mbxkDnVQVn
loans.quickenloans.com/	1970-01-21 00:36:10	Name: leadid_token-20CCD961-FA4F-5BB7-1E71-E4197110D50D-B87EED3A-5F1D-1EA4-B60B-FCC3F180B22D Value: 92875CED-5583-5E11-AD9E-7A01162DFE9F
.online.rocketmortgage.com/	1970-01-21 00:36:11	Name: __cf_bm Value: 8MuuDZStv9PlWxXr2jfbnJf6aEgpfSokO2XC_u4kclQ-1730169226-1.0.1.1-9v1vZMj5Gmjl2l30rRqeUN5orrCd0cMm.1ClVuz9LGnh2UOgRiaQq28VktWuOq0ry.DA_UXHqcoc912JzZSlnA
.trueleadid.com/	1969-12-31 23:59:59	Name: nlbi_3051494 Value: sGOqI0tdgAxtfEIjC30iGwAAAAD51IqtjCyOXqelNT7PszUC
.trueleadid.com/	1970-01-21 09:21:30	Name: visid_incap_3051494 Value: QfQh8fMTTMm2SgVnk4ONwIpJIGcAAAAAQUIPAAAAAAByakhAeRkekWHciXRZAF0f
.trueleadid.com/	1969-12-31 23:59:59	Name: incap_ses_1398_3051494 Value: FIYVDuCeR2DwIEpzv7FmE4pJIGcAAAAAKorhEA4lZMSuaXUiC4XSZQ==
.deviceid.trueleadid.com/	1970-01-21 10:12:09	Name: uuid Value: 8c7f3562d6e84b8ab457111d1e7bceee

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content= Message: Refused to execute script from 'https://loans.quickenloans.com/undefined' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
rendering	warning	URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content= Message: [GroupMarkerNotSet(crbug.com/242999)!:A0201D00AC2B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network	error	URL: https://loans.quickenloans.com/api/tracking/presentation Message: Failed to load resource: the server responded with a status of 409 ()
network	error	URL: https://loans.quickenloans.com/api/tracking/presentation Message: Failed to load resource: the server responded with a status of 409 ()
rendering	warning	URL: https://loans.quickenloans.com/?moid=321646&sourceid=affl_everflow_ql-mon_173_809&pkey1=809&pkey2=2&pkey3=847729bd35c74873b63af2a8d66c0c8e&pkey=69fb56cbf9de41b2925da5c9e06654da&sid=173&cmpid=173&crtid=&oid=173&affid=809&_ef_transaction_id=847729bd35c74873b63af2a8d66c0c8e&utm_medium=affiliate&utm_source=nocapads.com&utm_content= Message: [GroupMarkerNotSet(crbug.com/242999)!:A0009906AC2B0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.anura.io
cdn.taboola.com
content.lowermybills.com
content.online.rocketmortgage.com
content.quickencompare.com
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
fonts.cdnfonts.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
loans.quickenloans.com
npvnt7trk.com
p.typekit.net
psb.taboola.com
region1.analytics.google.com
rum-http-intake.logs.datadoghq.com
script.anura.io
session-replay.browser-intake-datadoghq.com
stats.g.doubleclick.net
td.doubleclick.net
trackpixel.lowermybills.com
trc-events.taboola.com
trc.taboola.com
use.typekit.net
widget.trustpilot.com
www.datadoghq-browser-agent.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.imbahsj2.com
www.lmbahsj2.com
ads.anura.io
loans.quickenloans.com
13.32.23.8
13.33.219.205
141.226.228.48
151.101.193.44
2001:4860:4802:32::36
2600:1f18:24e6:b900:1b9f:2fe7:7ce5:577a
2600:1f18:24e6:b901:7caf:fdbd:23cb:8407
2606:4700:10::ac43:29e5
2606:4700:3031::6815:4021
2606:4700:3033::6815:487c
2606:4700::6812:147
2606:4700::6812:1c6d
2606:4700::6812:1ef5
2606:4700::6812:1ff5
2a00:1450:4001:809::2002
2a00:1450:4001:812::2003
2a00:1450:4001:812::2004
2a00:1450:4001:81d::2003
2a00:1450:4001:82b::2008
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c0a::9a
2a02:26f0:3500:16::215:1495
34.36.162.171
35.179.217.71
35.201.76.131
52.222.236.107
54.205.148.24
0e199bf514f7e188dc77231091ea8511a389920843d166330569ba9a82cabd14
0f2d5fc64665179a789f0dbf43e46378975f0a9613daa28fa2212e7407e346fd
10d5ef1b405cd6dc44d22d724d8692f064c839f8b37559b2441ae66db21083f1
1216919e30304840e600d72e70abc787b498ba33d59886172e0e43fdacffc569
19f07929b9f0aa241b5764afc069187dd4fd9d9608c2176d6b7c9a3ea56088b9
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1e2f0e3cf3c7d53bdd7402ff0b12c7585b28f8e664cd73c0d81c6696c2a7b0c4
28d2ebf5f66e6297f3a3525dcac45937f1081b80af93f9d54aa361feedc44535
292379fc85cb2efb54212c45e3a5154408086b3e94135c0ffef356f17ce902b8
2d0824ab2ff220d6fe6bfefe8e105db2fc0d3cb95a7ce7ce6253dd64d46e1aab
4375ebb4771e6dbb66555214b78781f96a3f6fc43f26b6e9acc4a4751551706b
442b0856c633c8a41e1566de5aea94873cfa27b85e74e2fb2df4c92b55ab5608
4c5fe38d8683653c4c8119023c447444eb97cc9e569db1e1edd79831d35a1b43
4c6768a1ce8e5f5b0b97fa1d51fa439060ad033b1f35e313e13bcb457629e903
5461e0722bbe365dfa0df4652c60a6ced5f83c840d03021c4abd04ae9f9c6980
6069bebbfc9a535fa8bf81fa81ce8741f6cef9e5fefd807aa1710a365cfed798
67b5ac1f5e41eea2ac66d86afacc9c86ca8940f9c67c44bee61fe6b972a4530b
76b65310895e8341f3804e1f3d436a0910928874964daf20f6e2d7a8a69553f4
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
78cae779d72dcdde6ef3938b0b83ab656cd2a9c2795a286cd9652ba68c41c589
78f6112cc353f90b0f71f3b1c2a5571b1b620290dd2048dc073eb91217c590e7
7a66bc47ffdc490676ad5eaadaf1e4e7e40447411c593e8c50116372e6d417ea
8765d2a44a7dd777579bd7559f6e45b54e908b48760e343609bf00a1a133a496
8a6f8d6721cb9284a4edfca184bc8ea84b0f07165435686528c19eda52923265
9afdd14bf99da6623d565f70abb79f9e9e865c0b632e53e96db05d9b7f1113b8
9bacad71ca24f6147c4b72a6c0f351b07ba93b70f992082b812681fb3b46d9b6
9efa247b70fc3a490d2027fb08eeb8acd539f38d41a77b3eff8895f6752d95ad
a7d9d066818d14071483fb738ada07980e96f9f418b0314fbfe4d3102d589316
a92ed9fc3a0e4248ece6c83014a40c1a07f7f4f05934d9449383e2c220b9dafe
b17bf34d1a0154a718efac5f389f86e795e42a9b2d22753d5bd5400966d0df5b
c093a402297a70b170c7f2be89d85a80b368e880d1f03fba728d4430a1063bf6
c1608c748ec9c89f092a8c3b454f4782c20ba182f53e8ae85966d64657895a7e
c69de41dda83f00cc1b13dba90a57f25df046286ecd227bdd0c4d51d94947b61
cc62200b7ffb4acffa5ced44e916789729b903e9a39bf86bb6175577500c9fc7
d09d0b03e053bcf9c0e4314fdc273c0217f1adc5289c4b9047ba378a3ac54a1f
d1d6a35594d8b1c89ba375149e22b31fe8d198b15e759f4a092a1629e8302d61
d5643cca4d294f5e61116b7ea84ddbd969ec5b621abed26e9fdf86c5fc41a78f
d60aa838e099599b51126886e7fa0334ad2022c7b4f76977c86f45463b55bfe9
dce8957415cd74484b77e1ed537bc6395998a4f42f86da60e9108f438968f5e1
e1b143a78532f8513d72eebbcb0ecbce15a320bace36d8b12f153abf60abef14
e39da8a2ed134c9dfe1b603c7d301f9a1210ab2e516f7db5e96e1e1cee69b209
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e596f12f57b9a9c6182ed14695044a3a64c5773dfc2b04c8a632444c76c8e001
e7112b70eed95d42b178135728e6153e34f07001827870748de87cd7dec3538e
eb8d89a2f12e25a59b766cc7e4c1b54f5c79d710a0fd36e2670ca479f982883d
eec70440bb98889d5c3b3126b7b36846af38d8195c69ca2897fb958898eff295
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1b1a51ebb7bd416e4b167757e0564629230f106ebb140f13d31c3e6eb9d9b57

loans.quickenloans.com Open in urlscan Pro 2606:4700::6812:1c6d Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

82 Requests

95 %HTTPS

68 %IPv6

24 Domains

33 Subdomains

26 IPs

5 Countries

1330 kBTransfer

4620 kBSize

28 Cookies

11 Outgoing links

Page URL History

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

loans.quickenloans.com Open in urlscan Pro
2606:4700::6812:1c6d Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

95 %
HTTPS

68 %
IPv6

24
Domains

33
Subdomains

26
IPs

5
Countries

1330 kB
Transfer

4620 kB
Size

28
Cookies

82 HTTP transactions
0 data transactions