urlscan.io logo urlscan.io
SecurityTrails logo

refinance.quickenloans.com Open in urlscan Pro
2606:4700::6812:c2b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://trk.klclick1.com/ls/click?upn=u001.Ew3qjVAdz4-2BiHp0oF0Ztt4BhhOQfCvjUznNFaj-2FSRRV7fkBerOwM5YYfwrGO0gat5q-2FqeFA0...
Effective URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&...
Submission: On July 20 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 1 countries across 15 domains to perform 22 HTTP transactions. The main IP is 2606:4700::6812:c2b, located in United States and belongs to CLOUDFLARENET, US. The main domain is refinance.quickenloans.com. The Cisco Umbrella rank of the primary domain is 737277.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 22nd 2023. Valid for: a year.
This is the only time refinance.quickenloans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:244... 16509 (AMAZON-02)
1 3 66.29.132.28 22612 (NAMECHEAP...)
1 1 34.36.162.171 396982 (GOOGLE-CL...)
1 1 35.201.76.131 396982 (GOOGLE-CL...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 3.162.125.20 16509 (AMAZON-02)
1 3.18.206.181 16509 (AMAZON-02)
1 2600:1408:ac0... 20940 (AKAMAI-ASN1)
1 18.67.65.77 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
4 2607:f8b0:400... 15169 (GOOGLE)
22 11
1    2600:9000:244d:4600:18:359:ab80:93a1 (United States)

ASN16509 (AMAZON-02, US)
trk.klclick1.com
3    66.29.132.28 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: business135-1.web-hosting.com
mortgagequickenloan.com
1    34.36.162.171 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 171.162.36.34.bc.googleusercontent.com
www.npvnt7trk.com
1    35.201.76.131 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 131.76.201.35.bc.googleusercontent.com
www.lmbahsj2.com
3    2606:4700::6812:c2b (United States)

ASN13335 (CLOUDFLARENET, US)
refinance.quickenloans.com
trackpixel.refinance.quickenloans.com
2    2606:4700::6812:d2b (United States)

ASN13335 (CLOUDFLARENET, US)
static-msql-prod.refinance.quickenloans.com
1    3.162.125.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-20.iad61.r.cloudfront.net
widget.trustpilot.com
1    3.18.206.181 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-206-181.us-east-2.compute.amazonaws.com
cs-cdn.deviceatlas.com
1    2600:1408:ac00:18e::1e80 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
1    18.67.65.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-65-77.iad89.r.cloudfront.net
api.pushnami.com
1    2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2606:4700:3036::ac43:b89e (United States)

ASN13335 (CLOUDFLARENET, US)
fonts.cdnfonts.com
4    2607:f8b0:4004:c1f::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
5 quickenloans.com
refinance.quickenloans.com — Cisco Umbrella Rank: 737277
static-msql-prod.refinance.quickenloans.com — Cisco Umbrella Rank: 979756
trackpixel.refinance.quickenloans.com
340 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
3 KB
3 mortgagequickenloan.com
mortgagequickenloan.com
3 KB
2 cdnfonts.com
fonts.cdnfonts.com — Cisco Umbrella Rank: 9520
1 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1223
7 KB
1 pushnami.com
api.pushnami.com — Cisco Umbrella Rank: 7428
19 KB
1 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 521
81 KB
1 deviceatlas.com
cs-cdn.deviceatlas.com — Cisco Umbrella Rank: 147009
22 KB
1 trustpilot.com
widget.trustpilot.com — Cisco Umbrella Rank: 7072
7 KB
1 lmbahsj2.com
www.lmbahsj2.com
1 KB
1 npvnt7trk.com
www.npvnt7trk.com
613 B
1 klclick1.com
trk.klclick1.com — Cisco Umbrella Rank: 52159
457 B
0 googletagmanager.com Failed
www.googletagmanager.com Failed
0 datadoghq-browser-agent.com Failed
www.datadoghq-browser-agent.com Failed
0 demdex.net Failed
dpm.demdex.net Failed
22 15
Domain Requested by
4 fonts.googleapis.com static-msql-prod.refinance.quickenloans.com
3 mortgagequickenloan.com 1 redirects
2 fonts.cdnfonts.com static-msql-prod.refinance.quickenloans.com
2 trackpixel.refinance.quickenloans.com refinance.quickenloans.com
trackpixel.refinance.quickenloans.com
2 static-msql-prod.refinance.quickenloans.com refinance.quickenloans.com
1 static.cloudflareinsights.com refinance.quickenloans.com
1 api.pushnami.com refinance.quickenloans.com
1 assets.adobedtm.com refinance.quickenloans.com
1 cs-cdn.deviceatlas.com refinance.quickenloans.com
1 widget.trustpilot.com refinance.quickenloans.com
1 refinance.quickenloans.com static-msql-prod.refinance.quickenloans.com
1 www.lmbahsj2.com 1 redirects
1 www.npvnt7trk.com 1 redirects
1 trk.klclick1.com 1 redirects
0 www.googletagmanager.com Failed refinance.quickenloans.com
0 www.datadoghq-browser-agent.com Failed refinance.quickenloans.com
0 dpm.demdex.net Failed assets.adobedtm.com
22 17

This site contains no links.

Subject Issuer Validity Valid
*.web-hosting.com
Sectigo RSA Domain Validation Secure Server CA		 2024-03-26 -
2025-04-05		 a year crt.sh
refinance.quickenloans.com
Cloudflare Inc ECC CA-3		 2023-12-22 -
2024-12-21		 a year crt.sh
*.trustpilot.com
Amazon RSA 2048 M03		 2024-01-03 -
2025-01-31		 a year crt.sh
*.deviceatlas.com
Go Daddy Secure Certificate Authority - G2		 2024-03-04 -
2025-04-05		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
*.pushnami.com
Amazon RSA 2048 M02		 2024-02-03 -
2025-03-03		 a year crt.sh
cloudflareinsights.com
WE1		 2024-07-06 -
2024-10-04		 3 months crt.sh
cdnfonts.com
GTS CA 1P5		 2024-05-25 -
2024-08-23		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Frame ID: 44B47EE090DCE254635A4358AC0F3CBB
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Refinance Mortgage, Refinancing Rates, Mortgage Rates

Page URL History Show full URLs

  1. https://trk.klclick1.com/ls/click?upn=u001.Ew3qjVAdz4-2BiHp0oF0Ztt4BhhOQfCvjUznNFaj-2FSRRV7fkBerOwM5Y... HTTP 302
    http://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 307
    https://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 301
    https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF Page URL
  2. https://www.npvnt7trk.com/28KL61/79C6G4/ HTTP 302
    https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=b60b9b01dd5a471bb18962e2aa726adf HTTP 302
    https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a4... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • api\.pushnami\.com

Page Statistics

22
Requests

73 %
HTTPS

54 %
IPv6

15
Domains

17
Subdomains

11
IPs

1
Countries

482 kB
Transfer

2245 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://trk.klclick1.com/ls/click?upn=u001.Ew3qjVAdz4-2BiHp0oF0Ztt4BhhOQfCvjUznNFaj-2FSRRV7fkBerOwM5YYfwrGO0gat5q-2FqeFA0Mg5bo0NGrPAQElvefn4o4N275t8E0j7dhmWo7PUM2Y0jLyR42Z7cqDR8XYErzchKwsfB2IvZIgDJFg-3D-3D-wfO_JZsOa46sh11y1pDU7B8vftGuRYGT-2Fe1PWhkROBjyJW396-2FSVpE3vHegENIQx4bOJDjbMgAO4lXGl98CLkh1u5Nxq9N8jvp7PhrYvEFwMoHwRhpyHrICxLhDYV7PmMGSfAWD3oflEnOt8xPfG3te9SJLqqkG-2FwHjtKKxycWh351jac-2BV-2FA66LKF5sSIZnbBb8uG2KtVPLjM8F-2BLE1n7WW6wqrJ5sFYwdcaPAARTXQfqUpWPDNDJcMv6HilkL2i5QdR5yFeAgYlbZFdIAyXEWL5uiKfeFg5Nj8CzTmef4sEvrQP3BYaZ-2F6Jevr1CPHYAjhqovbfou8-2BSmUXN2dR6tGPPYAdL6JISedD0iZnaJZoBVTzy9fFRgVv4JXxrOBpdKNePzsvzdDYq-2BjrVA890sugYUf-2BD47VjeIWFjFpcS85ZpgggUYgDfePWsLjud6BEo1WS8rLy-2BpaV6kOO11xBes7PunJravAGQE1woGG18PB7c-3D HTTP 302
    http://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 307
    https://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 301
    https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF Page URL
  2. https://www.npvnt7trk.com/28KL61/79C6G4/ HTTP 302
    https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=b60b9b01dd5a471bb18962e2aa726adf HTTP 302
    https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://trk.klclick1.com/ls/click?upn=u001.Ew3qjVAdz4-2BiHp0oF0Ztt4BhhOQfCvjUznNFaj-2FSRRV7fkBerOwM5YYfwrGO0gat5q-2FqeFA0Mg5bo0NGrPAQElvefn4o4N275t8E0j7dhmWo7PUM2Y0jLyR42Z7cqDR8XYErzchKwsfB2IvZIgDJFg-3D-3D-wfO_JZsOa46sh11y1pDU7B8vftGuRYGT-2Fe1PWhkROBjyJW396-2FSVpE3vHegENIQx4bOJDjbMgAO4lXGl98CLkh1u5Nxq9N8jvp7PhrYvEFwMoHwRhpyHrICxLhDYV7PmMGSfAWD3oflEnOt8xPfG3te9SJLqqkG-2FwHjtKKxycWh351jac-2BV-2FA66LKF5sSIZnbBb8uG2KtVPLjM8F-2BLE1n7WW6wqrJ5sFYwdcaPAARTXQfqUpWPDNDJcMv6HilkL2i5QdR5yFeAgYlbZFdIAyXEWL5uiKfeFg5Nj8CzTmef4sEvrQP3BYaZ-2F6Jevr1CPHYAjhqovbfou8-2BSmUXN2dR6tGPPYAdL6JISedD0iZnaJZoBVTzy9fFRgVv4JXxrOBpdKNePzsvzdDYq-2BjrVA890sugYUf-2BD47VjeIWFjFpcS85ZpgggUYgDfePWsLjud6BEo1WS8rLy-2BpaV6kOO11xBes7PunJravAGQE1woGG18PB7c-3D HTTP 302
  • http://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 307
  • https://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF HTTP 301
  • https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
mortgagequickenloan.com/QL/
Redirect Chain
  • https://trk.klclick1.com/ls/click?upn=u001.Ew3qjVAdz4-2BiHp0oF0Ztt4BhhOQfCvjUznNFaj-2FSRRV7fkBerOwM5YYfwrGO0gat5q-2FqeFA0Mg5bo0NGrPAQElvefn4o4N275t8E0j7dhmWo7PUM2Y0jLyR42Z7cqDR8XYErzchKwsfB2IvZIgDJ...
  • http://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
  • https://mortgagequickenloan.com/QL?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
  • https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
432 B
342 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.29.132.28 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business135-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
c65685c101f13bbed2a74a8c9ab6bd57920a9b371e7365631a97d69fc082a481

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
br
content-length
176
content-type
text/html
date
Sat, 20 Jul 2024 14:07:08 GMT
last-modified
Mon, 10 Jun 2024 03:13:19 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed

Redirect headers

content-length
795
content-type
text/html
date
Sat, 20 Jul 2024 14:07:08 GMT
location
https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
server
LiteSpeed
x-turbo-charged-by
LiteSpeed
favicon.ico
mortgagequickenloan.com/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://mortgagequickenloan.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.29.132.28 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business135-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Request headers

Referer
https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Jul 2024 14:07:08 GMT
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
content-length
1251
content-type
text/html
Primary Request /
refinance.quickenloans.com/
Redirect Chain
  • https://www.npvnt7trk.com/28KL61/79C6G4/
  • https://www.lmbahsj2.com/29PD1BG/FGXLG/?source_id=9&sub1=2&sub2=b60b9b01dd5a471bb18962e2aa726adf
  • https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&aff...
115 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
eb232871584a415d822b35192921ef416aba70091bd2cf9a7922083e47a87490
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mortgagequickenloan.com/QL/?_kx=gR7VIv8vTRf2JzpFscfHNtfQOQncTHjez3LroAHVhjQ.X4p4pF
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8a638422384431f7-LAX
content-encoding
gzip
content-security-policy
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
content-type
text/html; charset=utf-8
date
Sat, 20 Jul 2024 14:07:12 GMT
server
cloudflare
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
Express
x-xss-protection
1; mode=block

Redirect headers

accept-ch
Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
388
content-type
text/html; charset=utf-8
date
Sat, 20 Jul 2024 14:07:11 GMT
location
https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
server
nginx
vary
Origin
via
1.1 google
x-eflow-request-id
dda4288e-9851-45e2-bb1b-ebd898d67480
main.dd3603c48add10bbaae9.css
static-msql-prod.refinance.quickenloans.com/ 		384 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:d2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42b33a83f133036dadd5e7cdaedcb4f66b8a6696ddd8fa2b1ebc2f610359f43e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
x-amz-version-id
6Yb_JQ.CpZb64tm7QUQugPjwU1fZuIe6
via
1.1 11959e9950ca7def87cc494a853a40f6.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-amz-cf-pop
LAX50-C1
age
3667
x-amz-server-side-encryption
AES256
content-security-policy
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 03 Jul 2024 18:46:57 GMT
server
cloudflare
etag
W/"9ffeeb53017ec87e01f08aa2963cc437"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
cf-ray
8a638426abe231a9-LAX
x-amz-cf-id
xBifOt3xUAGld6zs5otbbI1Ir0KuLgOP0aaQv-bqXIRT9CLS8mVkHw==
expires
Sat, 20 Jul 2024 18:07:12 GMT
tp.widget.bootstrap.min.js
widget.trustpilot.com/bootstrap/v5/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-20.iad61.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 06:57:51 GMT
content-encoding
gzip
via
1.1 cfbbd45bc29ebb0e8475ffa26dff7618.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-amz-cf-pop
IAD61-P3
age
25762
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
6759
x-xss-protection
1; mode=block
last-modified
Thu, 26 Oct 2023 12:27:20 GMT
server
AmazonS3
etag
"15864ce88fa79a3e954417d0c3396798"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
0eME5Zo2_Z32-QAineiUf3MOO4xUP_cVK5gTRUx8BkUIkk19Jg4Sqg==
dacs.js
cs-cdn.deviceatlas.com/ 		21 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cs-cdn.deviceatlas.com/dacs.js
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
3.18.206.181 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-18-206-181.us-east-2.compute.amazonaws.com
Software
nginx/1.17.9 /
Resource Hash
145029bd46ef6268a3683431599d1cc5e9b0153c2c5bf840f931e78da99ee2a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 24 Jan 2024 11:56:56 GMT
server
nginx/1.17.9
accept-ch
DPR,Width,Viewport-Width,Viewport-Height,Device-Memory,RTT,Downlink,ECT,Lang,Sec-CH-DPR,Sec-CH-Width,Sec-CH-Viewport-Width,Sec-CH-Viewport-Height,Sec-CH-Device-Memory,Sec-CH-RTT,Sec-CH-Downlink,Sec-CH-ECT,Sec-CH-Lang,Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Bitness,Sec-CH-UA-WoW64,Sec-CH-Prefers-Reduced-Motion,Sec-CH-Prefers-Reduced-Transparency,Sec-CH-Prefers-Contrast,Sec-CH-Forced-Colors,Sec-CH-Prefers-Color-Scheme,Sec-CH-Prefers-Reduced-Data
etag
"cfe6e4ceafbea9f6e6c1edad91770ce9"
x-cache
HIT
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
content-length
21896
expires
Sat, 20 Jul 2024 14:07:11 GMT
pixel.js
trackpixel.refinance.quickenloans.com/msql-lre/ 		411 B
919 B 		Script
General
Check archive.org
Download Go to
Full URL
https://trackpixel.refinance.quickenloans.com/msql-lre/pixel.js
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a760071de574910b7f9d8d897a11a4027f41b5724ee2ac0a98eb6f4267e83438
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-website-redirect-location
/msql-lre/pixel-6538859d8502035f0edc.js
date
Sat, 20 Jul 2024 14:07:12 GMT
via
1.1 1d7ed53a70523e576bff9c3bcb5eea38.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
strict-transport-security
max-age=2592000
x-amz-cf-pop
LAX50-P5
age
5499
x-amz-server-side-encryption
AES256
content-security-policy
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 15 Jul 2024 22:05:52 GMT
server
cloudflare
etag
W/"57c24d6179ba06572b6aaa8f10a17c8b"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
8a638427de5c7c80-LAX
x-amz-cf-id
xLDrxgWdX22wp0-QSE3UKgLtRjpD7bVnTpzx7gXLWvgq3lDIBuVYug==
expires
Sat, 20 Jul 2024 18:07:12 GMT
launch-099982a746cc.min.js
assets.adobedtm.com/b14636b10888/a3ec7ef1f366/ 		257 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b14636b10888/a3ec7ef1f366/launch-099982a746cc.min.js
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ac00:18e::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
afedde1315a1103168065ff8a76bef2f117cfad411b3d19b80ddf2c29272d5b7

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
gzip
last-modified
Mon, 02 Oct 2023 19:55:09 GMT
server
AkamaiNetStorage
etag
"b31a1f9e9f88d2133e2b3a9abeeddcd7:1696276509.604687"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://refinance.quickenloans.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
82392
expires
Sat, 20 Jul 2024 15:07:12 GMT
5fa1b4cbe02a560012bcbdf7
api.pushnami.com/scripts/v1/push/ 		92 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.pushnami.com/scripts/v1/push/5fa1b4cbe02a560012bcbdf7
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.65.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-65-77.iad89.r.cloudfront.net
Software
/
Resource Hash
71ca1526b583a6283752d155fada0ed1a64f1ea43cf17d88f4d39cfc315cc7d9

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 13:58:12 GMT
content-encoding
gzip
via
1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-P1
age
541
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
no-cache
x-amz-cf-id
FCSXa6W7Ax0L1bt1D-Rddb-tCPF62yKoT3UdyuvXn15lThLMPu3eKw==
main.dd3603c48add10bbaae9.js
static-msql-prod.refinance.quickenloans.com/ 		1 MB
246 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.js
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:d2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2ceae1969bbea48adbdd6768a156dac3975e2c5d37a4634dc086ba327eb510d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
x-amz-version-id
pe3ET3xfdCy.d8JBi.ZgV22YEhN4HFF7
via
1.1 6ee3eecd683392286f206a7ea6e9ac0c.cloudfront.net (CloudFront)
cf-cache-status
HIT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-amz-cf-pop
SFO53-P2
age
1257
x-amz-server-side-encryption
AES256
content-security-policy
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 03 Jul 2024 18:46:57 GMT
server
cloudflare
etag
W/"1a85ff6394f78b84b90780b38dcbbd1a"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
8a638426bbe931a9-LAX
x-amz-cf-id
a29TXBmfMfaGHFswNt5QKepbl7xKdC0eZ9qOomUCZb6X-n_dcXcxPA==
expires
Sat, 20 Jul 2024 18:07:12 GMT
vcd15cbe7772f49c399c6a5babf22c1241717689176015
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by
Host: refinance.quickenloans.com
URL: https://refinance.quickenloans.com/?pkey1=809&pkey2=2&pkey3=be49df56f0354ec3a621855300537700&pkey=b60b9b01dd5a471bb18962e2aa726adf&sourceid=affl_everflow_ql-lre_9_809&sid=9&cmpid=9&crtid=&oid=9&affid=809&_ef_transaction_id=be49df56f0354ec3a621855300537700&utm_medium=affiliate&utm_source=nocapads.com&utm_content=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer
https://refinance.quickenloans.com/
Origin
https://refinance.quickenloans.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:13 GMT
content-encoding
gzip
last-modified
Thu, 06 Jun 2024 15:52:56 GMT
server
cloudflare
etag
W/"2024.6.1"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
8a63842c983c0fd5-LAX
stack-ssi
fonts.cdnfonts.com/css/ 		1 KB
722 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/css/stack-ssi
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:b89e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76b65310895e8341f3804e1f3d436a0910928874964daf20f6e2d7a8a69553f4

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10690942
cf-polished
origSize=1385
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 18 Mar 2024 20:24:50 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gJOxyvy4uOZDqx71F178C99Wd1oOalKYrToR4hqaq0FXbubDIFwBKoVdhZSJgw4pthqzUWnRdg4ujWAcHI2Kt0jUlU7QhgcURYnlZr0vuxTkLebp6ocKaKUWHnpmPaNP4fkqJSrTgaHRRofaXfSrHtA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2678400
cf-ray
8a63842838a352e9-LAX
myriad-pro
fonts.cdnfonts.com/css/ 		2 KB
558 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.cdnfonts.com/css/myriad-pro
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:b89e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ebc3cd1d0af023685181ad52ed67b334bad44ea95407db09b40c2de15fcc165

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
10706265
cf-polished
origSize=2010
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 18 Mar 2024 16:09:27 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=foZGkvKoUAI9I0qmhMXyBb2HJ83zA4kqb3hb084%2FVvUL13XVbIznrAE%2B4dfZsRaKT9f%2Bg98e1hGM%2FwWhwThO1AdAAB5oXUcR7hWE7w2YxcVa0T%2B9%2BKX2px6AhOCZTWQBQ6oF9FO45AJVGJDTSNMdxhM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2678400
cf-ray
8a63842838a052e9-LAX
css2
fonts.googleapis.com/ 		875 B
500 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Shadows+Into+Light+Two&display=swap
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4d2816f1f714364675a3a4ff25db96f2a5677b6cce94e150e61250bfdde4d258
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 20 Jul 2024 13:45:35 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 20 Jul 2024 14:07:12 GMT
css
fonts.googleapis.com/ 		13 KB
801 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:thin,extra-light,light,100,200,300,400,500,600,700,800
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
971b2673f92ee01c1b6e98372fdefdd4f0a83714167783eba0671fa0d966f9f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 20 Jul 2024 12:54:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 20 Jul 2024 14:07:12 GMT
css2
fonts.googleapis.com/ 		12 KB
859 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Slab:wght@100;200;300;400;500&display=swap
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fef95b324850099ff32808fb88cbf0af034d69cc4558110ea65e3b323fc17d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 20 Jul 2024 12:34:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 20 Jul 2024 14:07:12 GMT
css2
fonts.googleapis.com/ 		427 B
735 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Antic+Didone&display=swap
Requested by
Host: static-msql-prod.refinance.quickenloans.com
URL: https://static-msql-prod.refinance.quickenloans.com/main.dd3603c48add10bbaae9.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4f1f80216a63e56ce52cb1660993e5688ed78059d87116de59c43e4c2839d18b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://static-msql-prod.refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 20 Jul 2024 14:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 20 Jul 2024 13:45:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 20 Jul 2024 14:07:12 GMT
pixel-6538859d8502035f0edc.js
trackpixel.refinance.quickenloans.com/msql-lre/ 		191 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trackpixel.refinance.quickenloans.com/msql-lre/pixel-6538859d8502035f0edc.js
Requested by
Host: trackpixel.refinance.quickenloans.com
URL: https://trackpixel.refinance.quickenloans.com/msql-lre/pixel.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:c2b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91fbc5ef95019e78b753b40035db36fff0944a684a9c6b379f3a708742ce376c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://refinance.quickenloans.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 14:07:13 GMT
content-encoding
gzip
via
1.1 d60ff1abe1a8d6b57f911d047ccdc9b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=2592000
x-amz-cf-pop
LAX50-P5
age
5149
x-amz-server-side-encryption
AES256
content-security-policy
frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 15 Jul 2024 22:05:49 GMT
server
cloudflare
etag
W/"5e7748e0cafd4baeedc276507619c916"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
8a63842b497e7c80-LAX
x-amz-cf-id
yYbOaxNaL0c0wbXC_LREwt1Ad0wwFNnNt5KKeY714weII_yfWJgE8g==
expires
Sat, 20 Jul 2024 18:07:13 GMT
id
dpm.demdex.net/ 		0
0
datadog-rum-v3.js
www.datadoghq-browser-agent.com/ 		0
0
gtm.js
www.googletagmanager.com/ 		0
0
click
refinance.quickenloans.com/api/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dpm.demdex.net
URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1721484433236
Domain
www.datadoghq-browser-agent.com
URL
https://www.datadoghq-browser-agent.com/datadog-rum-v3.js
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtm.js?id=GTM-5B82MZ73
Domain
refinance.quickenloans.com
URL
https://refinance.quickenloans.com/api/click

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| datadog object| DeviceAtlas function| loadFallbackDAScript object| Trustpilot object| regeneratorRuntime object| pixel function| addPixelHTML object| _satellite boolean| __satelliteLoaded object| adobeDataLayer object| adobe function| Visitor object| s_c_il number| s_c_in function| alloy object| DD_RUM object| dataLayer object| __INITIAL_STATE__ object| __cfBeacon object| pushWrap function| pnFirebaseModuleInterfaceInstantiator object| pnFirebaseModuleInterface function| showFbChkOptIn object| mailnamiPromptModule function| showPromptOnLoad object| mailnami object| Pushnami

9 Cookies

Domain/Path Name / Value
www.npvnt7trk.com/ Name: uniqueClick_79C6G4
Value: 5ae03c4b-8da4-4823-bbef-cd6b699b8c05:1721484431
www.npvnt7trk.com/ Name: transaction_id
Value: b60b9b01dd5a471bb18962e2aa726adf
www.lmbahsj2.com/ Name: uniqueClick_FGXLG
Value: 1778149a-deae-48ab-9ba2-60aad7046f4c:1721484431
www.lmbahsj2.com/ Name: transaction_id
Value: be49df56f0354ec3a621855300537700
.quickenloans.com/ Name: visitorId
Value: bba0bd39-67d0-403d-bf24-a31b320e74bf
refinance.quickenloans.com/ Name: visitorId
Value: bba0bd39-67d0-403d-bf24-a31b320e74bf
refinance.quickenloans.com/ Name: contentTarget
Value: %7B%22sourceId%22%3A%22affl_everflow_ql-lre_9_809%22%7D
.refinance.quickenloans.com/ Name: __cf_bm
Value: zkpd5edPe4E_W9NCwU1Cr.uSW3fsKVXUtwFKxWMuhl0-1721484432-1.0.1.1-YXtzfAr3Ka0VPDVwrj7Vez89KJ9NSiIMsV0gjmcnsR4VX7woCtyZx8Z3ylSY5Hws7dRdrnsOdE16.Mc2jLY3Nw
.quickenloans.com/ Name: AMCV_5D60123F5245B13E0A490D45%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19925%7CvVersion%7C5.5.0

1 Console Messages

Source Level URL
Text
network error URL: https://mortgagequickenloan.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.pushnami.com
assets.adobedtm.com
cs-cdn.deviceatlas.com
dpm.demdex.net
fonts.cdnfonts.com
fonts.googleapis.com
mortgagequickenloan.com
refinance.quickenloans.com
static-msql-prod.refinance.quickenloans.com
static.cloudflareinsights.com
trackpixel.refinance.quickenloans.com
trk.klclick1.com
widget.trustpilot.com
www.datadoghq-browser-agent.com
www.googletagmanager.com
www.lmbahsj2.com
www.npvnt7trk.com
dpm.demdex.net
refinance.quickenloans.com
www.datadoghq-browser-agent.com
www.googletagmanager.com
18.67.65.77
2600:1408:ac00:18e::1e80
2600:9000:244d:4600:18:359:ab80:93a1
2606:4700:3036::ac43:b89e
2606:4700::6810:5049
2606:4700::6812:c2b
2606:4700::6812:d2b
2607:f8b0:4004:c1f::5f
3.162.125.20
3.18.206.181
34.36.162.171
35.201.76.131
66.29.132.28
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
145029bd46ef6268a3683431599d1cc5e9b0153c2c5bf840f931e78da99ee2a6
2ebc3cd1d0af023685181ad52ed67b334bad44ea95407db09b40c2de15fcc165
42b33a83f133036dadd5e7cdaedcb4f66b8a6696ddd8fa2b1ebc2f610359f43e
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
4d2816f1f714364675a3a4ff25db96f2a5677b6cce94e150e61250bfdde4d258
4f1f80216a63e56ce52cb1660993e5688ed78059d87116de59c43e4c2839d18b
71ca1526b583a6283752d155fada0ed1a64f1ea43cf17d88f4d39cfc315cc7d9
76b65310895e8341f3804e1f3d436a0910928874964daf20f6e2d7a8a69553f4
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
91fbc5ef95019e78b753b40035db36fff0944a684a9c6b379f3a708742ce376c
971b2673f92ee01c1b6e98372fdefdd4f0a83714167783eba0671fa0d966f9f7
a2ceae1969bbea48adbdd6768a156dac3975e2c5d37a4634dc086ba327eb510d
a760071de574910b7f9d8d897a11a4027f41b5724ee2ac0a98eb6f4267e83438
afedde1315a1103168065ff8a76bef2f117cfad411b3d19b80ddf2c29272d5b7
c65685c101f13bbed2a74a8c9ab6bd57920a9b371e7365631a97d69fc082a481
eb232871584a415d822b35192921ef416aba70091bd2cf9a7922083e47a87490
fef95b324850099ff32808fb88cbf0af034d69cc4558110ea65e3b323fc17d0e