urlscan.io logo urlscan.io
SecurityTrails logo

quotes.billsavingstips.com Open in urlscan Pro
54.164.205.7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://quotes.billsavingstips.com/
Effective URL: https://quotes.billsavingstips.com/home
Submission: On July 27 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 2 countries across 16 domains to perform 37 HTTP transactions. The main IP is 54.164.205.7, located in United States and belongs to AMAZON-AES, US. The main domain is quotes.billsavingstips.com.
TLS certificate: Issued by R3 on July 27th 2023. Valid for: 3 months.
This is the only time quotes.billsavingstips.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 54.164.205.7 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 54.173.193.148 14618 (AMAZON-AES)
1 23.45.108.17 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
4 2.23.7.19 20940 (AKAMAI-ASN1)
1 18.66.97.10 16509 (AMAZON-02)
2 2600:9000:223... 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 35.244.174.68 15169 (GOOGLE)
1 108.138.7.40 16509 (AMAZON-02)
6 54.88.184.109 14618 (AMAZON-AES)
1 18.66.112.19 16509 (AMAZON-02)
1 13.225.84.206 16509 (AMAZON-02)
1 54.208.108.235 14618 (AMAZON-AES)
5 54.91.89.140 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
37 18
8    54.164.205.7 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-164-205-7.compute-1.amazonaws.com
quotes.billsavingstips.com
login.healthquotes.us
2    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    54.173.193.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-193-148.compute-1.amazonaws.com
insurance.mediaalpha.com
1    23.45.108.17 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-108-17.deploy.static.akamaitechnologies.com
www.nextinsure.com
1    2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2.23.7.19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-23-7-19.deploy.static.akamaitechnologies.com
analytics.tiktok.com
1    18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net
static.hotjar.com
2    2600:9000:223d:6c00:1c:7f1a:6680:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.trustedform.com
1    2606:4700:10::6816:27b6 (United States)

ASN13335 (CLOUDFLARENET, US)
create.lidstatic.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
1    108.138.7.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-40.fra56.r.cloudfront.net
script.hotjar.com
6    54.88.184.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-184-109.compute-1.amazonaws.com
create.leadid.com
1    18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net
vc.hotjar.io
1    13.225.84.206 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-84-206.fra2.r.cloudfront.net
d2m2wsoho8qq12.cloudfront.net
1    54.208.108.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-108-235.compute-1.amazonaws.com
deviceid.trueleadid.com
5    54.91.89.140 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-91-89-140.compute-1.amazonaws.com
api.trustedform.com
1    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
7 trustedform.com
cdn.trustedform.com — Cisco Umbrella Rank: 25683
api.trustedform.com — Cisco Umbrella Rank: 22401
42 KB
7 billsavingstips.com
quotes.billsavingstips.com
888 KB
6 leadid.com
create.leadid.com — Cisco Umbrella Rank: 13613
4 KB
4 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 755
125 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 774
script.hotjar.com — Cisco Umbrella Rank: 961
60 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 76
1 KB
1 gstatic.com
fonts.gstatic.com
36 KB
1 healthquotes.us
login.healthquotes.us
281 KB
1 trueleadid.com
deviceid.trueleadid.com — Cisco Umbrella Rank: 14403
2 KB
1 cloudfront.net
d2m2wsoho8qq12.cloudfront.net
2 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2794
259 B
1 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 795
99 B
1 lidstatic.com
create.lidstatic.com — Cisco Umbrella Rank: 24400
39 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 72
70 KB
1 nextinsure.com
www.nextinsure.com — Cisco Umbrella Rank: 39197
32 KB
1 mediaalpha.com
insurance.mediaalpha.com — Cisco Umbrella Rank: 22882
6 KB
37 16
Domain Requested by
7 quotes.billsavingstips.com 1 redirects quotes.billsavingstips.com
6 create.leadid.com create.lidstatic.com
deviceid.trueleadid.com
5 api.trustedform.com cdn.trustedform.com
4 analytics.tiktok.com quotes.billsavingstips.com
analytics.tiktok.com
2 cdn.trustedform.com quotes.billsavingstips.com
cdn.trustedform.com
2 fonts.googleapis.com quotes.billsavingstips.com
client
1 fonts.gstatic.com fonts.googleapis.com
1 login.healthquotes.us quotes.billsavingstips.com
1 deviceid.trueleadid.com d2m2wsoho8qq12.cloudfront.net
1 d2m2wsoho8qq12.cloudfront.net create.lidstatic.com
1 vc.hotjar.io script.hotjar.com
1 script.hotjar.com static.hotjar.com
1 id.rlcdn.com quotes.billsavingstips.com
1 create.lidstatic.com quotes.billsavingstips.com
1 static.hotjar.com quotes.billsavingstips.com
1 www.googletagmanager.com quotes.billsavingstips.com
1 www.nextinsure.com quotes.billsavingstips.com
1 insurance.mediaalpha.com quotes.billsavingstips.com
37 18

This site contains links to these domains. Also see Links.

Domain
unsubscribes.healthquotes.us
Subject Issuer Validity Valid
quotes.billsavingstips.com
R3		 2023-07-27 -
2023-10-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
mediaalpha.com
Amazon RSA 2048 M01		 2023-06-11 -
2024-07-09		 a year crt.sh
www.quinstreet.com
GeoTrust RSA CA 2018		 2023-07-12 -
2024-07-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.hotjar.com
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
cdn.trustedform.com
Amazon RSA 2048 M02		 2023-03-15 -
2024-04-12		 a year crt.sh
lidstatic.com
Cloudflare Inc ECC CA-3		 2023-02-28 -
2024-02-28		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-02 -
2024-03-03		 a year crt.sh
create.leadid.com
Amazon RSA 2048 M02		 2023-02-23 -
2023-10-19		 8 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M01		 2023-03-09 -
2024-04-06		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
deviceid.trueleadid.com
Amazon RSA 2048 M02		 2023-02-24 -
2024-01-06		 10 months crt.sh
login.healthquotes.us
R3		 2023-06-06 -
2023-09-04		 3 months crt.sh
*.trustedform.com
Amazon RSA 2048 M02		 2023-02-22 -
2023-10-09		 8 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://quotes.billsavingstips.com/home
Frame ID: BA6CD32C7ED75D66E77E9AB0E93BCE44
Requests: 35 HTTP requests in this frame

Frame: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Frame ID: 67A35B93A7B1F6EB164F8525A7A3B4D1
Requests: 1 HTTP requests in this frame

Frame: https://deviceid.trueleadid.com/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Frame ID: F6AE21ED257CDBCB11B570D50DA58DF4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home

Page URL History Show full URLs

  1. https://quotes.billsavingstips.com/ HTTP 302
    https://quotes.billsavingstips.com/home Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

37
Requests

100 %
HTTPS

29 %
IPv6

16
Domains

18
Subdomains

18
IPs

2
Countries

1596 kB
Transfer

5207 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://quotes.billsavingstips.com/ HTTP 302
    https://quotes.billsavingstips.com/home Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home
quotes.billsavingstips.com/
Redirect Chain
  • https://quotes.billsavingstips.com/
  • https://quotes.billsavingstips.com/home
16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6b03a317539942f8e4d122cc207ccbae6b0a867cc515525b88f00b93f0825787
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 27 Jul 2023 18:44:55 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Thu, 27 Jul 2023 18:44:55 GMT
location
/home
server
nginx
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css2
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e9cd3408ee8eff9c2230c624baca4db92842af30a1979a7af1e56b9ec58f0335
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 27 Jul 2023 18:44:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 27 Jul 2023 17:05:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jul 2023 18:44:55 GMT
serve.js
insurance.mediaalpha.com/js/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://insurance.mediaalpha.com/js/serve.js
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.173.193.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-173-193-148.compute-1.amazonaws.com
Software
Apache /
Resource Hash
141a922b83cc6707d19885ed7aec59ed8331771664e38e57277ed5eb5636650f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
server
Apache
content-length
5516
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
sh
www.nextinsure.com/listingdisplay/loader/ 		109 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nextinsure.com/listingdisplay/loader/sh
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.45.108.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-108-17.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ef9a1193df719b51cd39c0377436806c0136ded70ca387018c67a376bb7633df
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-cfg-version
v107
date
Thu, 27 Jul 2023 18:44:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy-report-only
default-src 'self'; connect-src 'self' *.nextinsure.com *.anura.io; font-src 'self' *.nextinsure.com *.gstatic.com *.bootstrapcdn.com assets.intuitcdn.net i.pretected.com; style-src *.googleapis.com 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anura.io nextinsure.com *.nextinsure.com *.googleapis.com *.bootstrapcdn.com code.jquery.com *.linksynergy.com i.pretected.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.anura.io nextinsure.com *.nextinsure.com *.googleapis.com *.bootstrapcdn.com code.jquery.com *.linksynergy.com i.pretected.com; img-src * data:; style-src-elem * 'unsafe-inline';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;block-all-mixed-content;object-src 'none'; report-uri /ListingDisplay/handlers/csp.ashx;
content-length
32090
x-xss-protection
1; mode=block
last-modified
Thu, 20 Jul 2023 21:35:52 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=21600
timing-allow-origin
*
expires
Fri, 28 Jul 2023 00:44:55 GMT
manifest.js
quotes.billsavingstips.com/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/js/manifest.js
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5fa694a822fc324b8910b340caed16fab52d4a8eb4fd60f98c10479e28b2ec97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:38:19 GMT
server
nginx
etag
W/"64c2b99b-f84"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
vendor.js
quotes.billsavingstips.com/js/ 		197 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/js/vendor.js
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a47ea22742e43dcb593a1e5d9d90eda9811254b9818fad750f3e70a42993fb99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:38:19 GMT
server
nginx
etag
W/"64c2b99b-31336"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
app.js
quotes.billsavingstips.com/js/ 		3 MB
801 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/js/app.js
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
135b263b1793418703e6bb6b77b71a611b02ce17ae26c074dad331cf3c3f1706
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:38:19 GMT
server
nginx
etag
W/"64c2b99b-349b15"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		195 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10973295495
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c83dfe522163641b6a9b985e7db42fd53594a3b48d35833758f555a770f864b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71297
x-xss-protection
0
last-modified
Thu, 27 Jul 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 27 Jul 2023 18:44:56 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHROB2BC77UCDSLJ8GC0&lib=ttq
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.7.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-7-19.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ae008eb8b0574201939bbd1352abad263233a124c1b94884e41d50063bca7eb6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-akamai-request-id
a3ce1a1
date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-cache
TCP_MISS from a2-23-7-15.deploy.akamaitechnologies.com (AkamaiGHost/11.2.0-49819888) (-)
server-timing
inner; dur=3, cdn-cache; desc=MISS, edge; dur=0, origin; dur=91
content-length
1483
pragma
no-cache
server
nginx
x-tt-logid
202307271844566E35DC2CD2D0956FDCB6
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
91,2.23.7.15
x-tt-trace-host
01b74a492ee33aa6d7de70d387da5c1b4b746863df7a35f47a04e76685397ae3bb030ba3ddd6beaa2c8db9a887908fd1f2ab2d48742faa068ab7a1eef43b03a30896234e5ac4302753168d930e21355866c9baf6fb2af7a8891b76af3974fd5c9c
expires
Thu, 27 Jul 2023 18:44:56 GMT
hotjar-2031930.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2031930.js?sv=6
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-10.fra56.r.cloudfront.net
Software
/
Resource Hash
b68571f35c152142b45474ee4a641f42b3f8451ec5dec44f8a0a7b2d2b4ce972
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 27 Jul 2023 18:44:56 GMT
via
1.1 2af4ee189e50805a67bd62bbd51ad0dc.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/1daa4eff324479ed12dc7001dc09a4de
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
ZBeuooUFRtg11pD_4BzdWBA7DYHBSE0UtXmPD0vT2zgGcBoonsVtDQ==
bootstrap.js
cdn.trustedform.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl1&l=16904834958370.5298366968540631&invert_field_sensitivity=false
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:6c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d95166940395c50be562fe538c85311002d62b83da8f68a8500be092f4bf98fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
x-amz-version-id
v12liWRnaHEKOr5LEfFzkXabQ9ywQSw8
content-encoding
gzip
last-modified
Thu, 13 Jul 2023 15:07:36 GMT
server
AmazonS3
via
1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P3
etag
W/"88ddf717f635b54023edd7480431e1d1"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-cf-id
AwVhWWa2DTtw6xYNrKZFnuLEdexk7kFEJKT4TpxJrGMP6I6yDiaIoA==
c0af968b-28f7-6e3f-69fd-ffa0498297aa.js
create.lidstatic.com/campaign/ 		123 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:27b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1d265a09a0003d319fcb9d677e9ababa31c80f5abaf932b37aa171a803030ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
x-amz-version-id
Zp7PuF49ChTISw0hpISTJ4uPSPta_zdh
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 12 Nov 2021 01:08:23 GMT
server
cloudflare
x-amz-request-id
K7NVTBPXR88PX237
age
680
etag
W/"0687ed9b8ada600229be3f4b0e38e835"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=1800
x-amz-replication-status
COMPLETED
cf-ray
7ed7095afd106913-FRA
x-amz-id-2
TojYZrBVBSustKDb/39oMt7Ox8k3QjgykKsLxAciBiaWpd8YpkCYaCVxX4Sn8zmngMATLotfbSs=
712363.gif
id.rlcdn.com/ 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/712363.gif?cparams=wplId%3D58aa81ca-2fd1-48f0-b9d7-714e2251800d
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
modules.1add6ea328bf63ee1745.js
script.hotjar.com/ 		228 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.1add6ea328bf63ee1745.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2031930.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-40.fra56.r.cloudfront.net
Software
/
Resource Hash
2983407ba3eb28c2d5e908a4e1f963b79188fa101d5f7b492424d2c53871eba6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 14:18:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
16010
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56679
last-modified
Thu, 27 Jul 2023 14:17:57 GMT
etag
"c18911b02330e868307f9824828dc851"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
klv69Fep9kxvI1AEtgYIZCEzoeQw4uCiRBRHL3zfQw2GoQy1IGi_BQ==
GenerateToken
create.leadid.com/2.11.9/ 		36 B
662 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/GenerateToken?msn=1&pid=04ebbdbc-eb4b-408b-bdf4-f06824a272f1&_=758426895
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9d3c525097f00991df259935bc0212e5d53b51509cfeb9bcc2a4189bbcac06be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
2031930
vc.hotjar.io/sessions/ 		0
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/2031930?s=0.25&r=0.20730300104793842
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.1add6ea328bf63ee1745.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-19.fra56.r.cloudfront.net
Software
Python/3.8 aiohttp/3.8.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
via
1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
server
Python/3.8 aiohttp/3.8.4
x-amz-cf-pop
FRA56-P5
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-store
x-amz-cf-id
YKKaAaibP2c55ywRhFwVIotx6-56Oa7Yg3LQPu4BdFbPJsHLxkkWAw==
main.MTJmOGM0MDk1MA.js
analytics.tiktok.com/i18n/pixel/static/ 		337 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTJmOGM0MDk1MA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CHROB2BC77UCDSLJ8GC0&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.7.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-7-19.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8b435d8b0ae81cfebe5fc191b96cac18d8b936aa91e141d9493051babd21ff89

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-akamai-request-id
a3ce340
date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20230727143045357F8DEB966C97637324
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a2-23-7-15.deploy.akamaitechnologies.com (AkamaiGHost/11.2.0-49819888) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
019f9b04ca13e3c0bca80481eb1228874c995b76511804828acfbc6bc41b323db24b87a79545adf5fc58cb60b13952707d060fa009233f6d80717cbdd88b7160fdb9660767ad5aacb0cb98d4634d05af7fddf3fbfcc07941d0e2d4464d8d15c635
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length
93276
identify_185ec.js
analytics.tiktok.com/i18n/pixel/static/ 		114 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_185ec.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTJmOGM0MDk1MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.7.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-7-19.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
cef0a3ffb6993fc1ec7b5b67a16377ec1ec0a858b3cabb834033d7458ff0e4bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-akamai-request-id
a3ce403
date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20230727143045CCF39FB76E3D6F5FC547
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a2-23-7-15.deploy.akamaitechnologies.com (AkamaiGHost/11.2.0-49819888) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01fbb60191b159d51fa60dc7e49df506be619905e3ef0dbc404773672c2c50e6dad949558d2c6a0e3a99d713689ec2e903cd44fb25580807b4ebafde280d88f4b4c604510a93974d305727ae9e44c953d8c872e8d4e29734657b8b0a53c7e5810d
server-timing
cdn-cache; desc=HIT, edge; dur=1, inner; dur=4
content-length
30655
pixel
analytics.tiktok.com/api/v2/ 		0
549 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTJmOGM0MDk1MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.7.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-7-19.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 27 Jul 2023 18:44:56 GMT
x-akamai-request-id
a3ce4eb
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
server
nginx
x-tt-logid
202307271844565FB32C62B107DB778D9F
x-cache
TCP_MISS from a2-23-7-15.deploy.akamaitechnologies.com (AkamaiGHost/11.2.0-49819888) (-)
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
115,2.23.7.15
x-tt-trace-host
01b74a492ee33aa6d7de70d387da5c1b4b746863df7a35f47a04e76685397ae3bb2afb4cfb7b35fc274a81b2e3081379b033a8bad7524b889e84df7aaa51f703b418a2641a9b239620df21e9db327e7cbf27b1f0101b3216607053dd1321947e2b
server-timing
inner; dur=26, cdn-cache; desc=MISS, edge; dur=7, origin; dur=115
content-length
0
expires
Thu, 27 Jul 2023 18:44:56 GMT
iframe.html
d2m2wsoho8qq12.cloudfront.net/ Frame 67A3 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.84.206 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-84-206.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
e3ad82a69faf9ec1b298a080ce5974322a33cc501e1455071cf8db58c7f2462f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
64124
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 27 Jul 2023 00:56:12 GMT
ETag
W/"6487351c-dbb"
Last-Modified
Mon, 12 Jun 2023 15:09:16 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Via
1.1 03d509e8374e9f42668961b5e0201348.cloudfront.net (CloudFront)
X-Amz-Cf-Id
GVhxGc58VHFqMG_kEIbI89Cmm91H2At51jj5r2r2m9fZfXUB3WRThA==
X-Amz-Cf-Pop
FRA2-C2
X-Cache
Hit from cloudfront
SaveDom
create.leadid.com/2.11.9/ 		0
624 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/SaveDom?msn=2&pid=04ebbdbc-eb4b-408b-bdf4-f06824a272f1&token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&_=758426896
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
iframe.html
deviceid.trueleadid.com/ Frame F6AE 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://deviceid.trueleadid.com/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Requested by
Host: d2m2wsoho8qq12.cloudfront.net
URL: https://d2m2wsoho8qq12.cloudfront.net/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.208.108.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-108-235.compute-1.amazonaws.com
Software
nginx /
Resource Hash
602ea48b7fd2a48e702e43825b0d6f6495f78cb4cc1fa24cb8c95f61e014215a

Request headers

Referer
https://d2m2wsoho8qq12.cloudfront.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=86400 public
content-encoding
gzip
content-type
text/html
date
Thu, 27 Jul 2023 18:44:56 GMT
etag
W/"649348e0-1049"
expires
Fri, 28 Jul 2023 18:44:56 GMT
last-modified
Wed, 21 Jun 2023 19:00:48 GMT
p3p
CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
server
nginx
icon
fonts.googleapis.com/ 		569 B
465 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 27 Jul 2023 18:44:56 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jul 2023 18:44:56 GMT
app.css
quotes.billsavingstips.com/css/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/css/app.css
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/js/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
be97b2030aa3fbcc41adbd800d6163bdf25da8178ec9bd60939090abc0eb5b8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:38:19 GMT
server
nginx
etag
W/"64c2b99b-9142"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
phones.js
quotes.billsavingstips.com/js/ 		0
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://quotes.billsavingstips.com/js/phones.js
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/js/manifest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:38:19 GMT
server
nginx
etag
W/"64c2b99b-1b0d"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-xss-protection
1; mode=block
z3Avhf1OBth6o9OmY2BzlnIlX2jVc9eDqQEQ3kwe.png
login.healthquotes.us/storage/images/64c2ba1ae098f/ 		280 KB
281 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.healthquotes.us/storage/images/64c2ba1ae098f/z3Avhf1OBth6o9OmY2BzlnIlX2jVc9eDqQEQ3kwe.png
Requested by
Host: quotes.billsavingstips.com
URL: https://quotes.billsavingstips.com/home
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.164.205.7 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-164-205-7.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5f5b65b34c3c6b652d867332db7d92e5f0a9417f326eb07b66afcd215aea49ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
x-content-type-options
nosniff
last-modified
Thu, 27 Jul 2023 18:40:26 GMT
server
nginx
etag
"64c2ba1a-4607c"
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
286844
x-xss-protection
1; mode=block
certs
api.trustedform.com/ 		475 B
687 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.trustedform.com/certs
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl1&l=16904834958370.5298366968540631&invert_field_sensitivity=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.91.89.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-89-140.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
27f0bd0b3106d767f8e287d6520e8623747cdc5d08021416763147ff7371064d

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
server
Cowboy
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
475
SaveDeviceId.js
create.leadid.com/2.11.9/ Frame F6AE 		0
627 B 		Script
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/SaveDeviceId.js?lac=17B1014D-89D8-0A9A-D23F-B85698F480B4&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&methods=48&token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&uuid=658524416ca14084a813c61c10ad396f
Requested by
Host: deviceid.trueleadid.com
URL: https://deviceid.trueleadid.com/iframe.html?token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=C0AF968B-28F7-6E3F-69FD-FFA0498297AA&lac=17B1014D-89D8-0A9A-D23F-B85698F480B4
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://deviceid.trueleadid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v25/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://quotes.billsavingstips.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Wed, 26 Jul 2023 14:25:21 GMT
x-content-type-options
nosniff
age
101976
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35904
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:34:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 25 Jul 2024 14:25:21 GMT
Snap
create.leadid.com/2.11.9/ 		0
624 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/Snap?msn=3&pid=04ebbdbc-eb4b-408b-bdf4-f06824a272f1&token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&_=758426897
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
trustedform-1.8.39.js
cdn.trustedform.com/ 		102 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.trustedform.com/trustedform-1.8.39.js
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=xxTrustedFormCertUrl1&l=16904834958370.5298366968540631&invert_field_sensitivity=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:6c00:1c:7f1a:6680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fe63c3d6c4d4486e0a2323e205377a04c96e054f37f4d87a7b8bab0091c19c14

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://quotes.billsavingstips.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id
OadgesbszW_FbzYEqgjtb7SPpT8rHyZy
content-encoding
gzip
via
1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
date
Thu, 27 Jul 2023 18:44:57 GMT
last-modified
Fri, 12 May 2023 16:55:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
17
etag
W/"9c2830f2c2e5b9cb27e0e7f151317cbe"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
0uE94Q0SBdnDp_FG5Bg1qWMVkJJ9SfwViXgIXtB2PKMqc7l-6DAQ-w==
snapshot
api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/snapshot
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.8.39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.91.89.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-89-140.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jul 2023 18:44:57 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy
fingerprints
api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/fingerprints
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.8.39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.91.89.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-89-140.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jul 2023 18:44:57 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy
truncated
/ 		10 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
text/javascript
Snap
create.leadid.com/2.11.9/ 		0
624 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/Snap?msn=4&pid=04ebbdbc-eb4b-408b-bdf4-f06824a272f1&token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&_=758426898
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 27 Jul 2023 18:44:57 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
events
api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/events
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.8.39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.91.89.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-89-140.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jul 2023 18:44:58 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy
Snap
create.leadid.com/2.11.9/ 		0
623 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://create.leadid.com/2.11.9/Snap?msn=5&pid=04ebbdbc-eb4b-408b-bdf4-f06824a272f1&token=BE96AED8-E362-67D2-E4D1-B9B3B247C2A1&_=758426899
Requested by
Host: create.lidstatic.com
URL: https://create.lidstatic.com/campaign/c0af968b-28f7-6e3f-69fd-ffa0498297aa.js?snippet_version=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.88.184.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-88-184-109.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 27 Jul 2023 18:44:58 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
nginx
access-control-max-age
1728000
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
access-control-allow-headers
X-Requested-With, Content-Type
expires
Sat, 26 Jul 1997 05:00:00 GMT
events
api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/ 		0
160 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.trustedform.com/certs/66c9dfeb40ed321cf2da19aa7c8b8365454a7f4d/events
Requested by
Host: cdn.trustedform.com
URL: https://cdn.trustedform.com/trustedform-1.8.39.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.91.89.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-91-89-140.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://quotes.billsavingstips.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jul 2023 18:44:58 GMT
access-control-expose-headers
access-control-allow-credentials
true
cache-control
max-age=0, private, must-revalidate
server
Cowboy

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| dataLayer function| pass_agegroup_to_google function| gtag_report_conversion function| loadScript function| gtag function| getUrlVars string| TiktokAnalyticsObject object| ttq function| hj object| _hjSettings object| MediaAlphaExchange object| __maxch__thunk function| MediaAlphaExchange__fetchUserID function| MediaAlphaExchange__success function| MediaAlphaExchange__error function| MediaAlphaExchange__click function| MediaAlphaExchange__enableDirectLinks function| MediaAlphaExchange__disableDirectLinks function| MediaAlphaExchange__loadDirectLink function| MediaAlphaExchange__lead function| MediaAlphaExchange__loadIVRPool function| MediaAlphaExchange__loadNumPool function| MediaAlphaExchange__load undefined| targetID undefined| targetElt object| ShWebFont object| shNunjucks object| sh function| submitForm object| webpackChunk object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| LeadiDconfig object| LeadiD object| google_tag_manager object| google_tag_data object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| trustedForm function| trustedFormStartRecording function| trustedFormStopRecording object| defaultStyleFrame function| _ object| ace object| core function| axios object| regeneratorRuntime

12 Cookies

Domain/Path Name / Value
quotes.billsavingstips.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IlRneVgrcm5peXNaYWNtWTg5NjQ0MUE9PSIsInZhbHVlIjoiK21nQlNjNkt0RW5NMXJBWnE2TGFjTEwrWmMrNHRGTnV0alVNKzJYZnVrakE1U29BTksxRWVRL3ZFMzFzdkVBcWlPTjVMRjdaeHh3NVl3RjNDL0gxVXVXVlk1UGgwTTVZRGNHeEZYbDhkWmF4aXp2ekVDZ2VYSVFoUWZISElHcXEiLCJtYWMiOiJjMmNmNmI2NGMwYjJlYjg2MTYyNWJhZmY1NmNkYWI1NTI3OGM4ZjVkMGMzOWJmMjI3YWZlNDQ4ZWY1YTk4M2Y0IiwidGFnIjoiIn0%3D
quotes.billsavingstips.com/ Name: laravel_session
Value: eyJpdiI6IjRCdjRaZnBZU1c1L3JFeGR6M2I1YWc9PSIsInZhbHVlIjoiTzZXMDQ2cnhRU0N4SGNKbncyMUg2SGtXTXJ4Q0VqcjB4aHZBdnNFakVrR0FzMzN6TENKL005cEVpdDRBWFhBUFdrazVLTS82anJQQlpITnRrY2MwUGdqR2xodjRJOU5HK0lmNGNWcVNSRjBFTWJsZEp4ODJTMFZwY0VsNTdYVnEiLCJtYWMiOiI4YmU4Njg5NWM2NjZkMmVmM2U5NjdjNTJkNTFlNWU4ZWJhZjJhZGRhNzM1NzliYTVhNWNhYzE5MzFjMDk2ZDA0IiwidGFnIjoiIn0%3D
.billsavingstips.com/ Name: _hjSessionUser_2031930
Value: eyJpZCI6Ijg0YWFmOTkzLTRmMzYtNWUyMS1iYzNiLTFjY2RmYjE1ZDlhZiIsImNyZWF0ZWQiOjE2OTA0ODM0OTYyNTUsImV4aXN0aW5nIjpmYWxzZX0=
.billsavingstips.com/ Name: _hjFirstSeen
Value: 1
.billsavingstips.com/ Name: _hjIncludedInSessionSample_2031930
Value: 1
.billsavingstips.com/ Name: _hjSession_2031930
Value: eyJpZCI6Ijc2Zjk1YjY0LWVlODctNDE4Ni1iZjc4LTdiMzQ5MmVlNGJkNiIsImNyZWF0ZWQiOjE2OTA0ODM0OTYyNjEsImluU2FtcGxlIjp0cnVlfQ==
.billsavingstips.com/ Name: _hjAbsoluteSessionInProgress
Value: 1
.tiktok.com/ Name: _ttp
Value: 2TAQdxmhvOtKwgVZNbCnEA7gwgi
.billsavingstips.com/ Name: _tt_enable_cookie
Value: 1
.billsavingstips.com/ Name: _ttp
Value: mCXjBFsYeRRlE6Fq3H_6ZTa1F_I
quotes.billsavingstips.com/ Name: leadid_token-17B1014D-89D8-0A9A-D23F-B85698F480B4-C0AF968B-28F7-6E3F-69FD-FFA0498297AA
Value: BE96AED8-E362-67D2-E4D1-B9B3B247C2A1
.deviceid.trueleadid.com/ Name: uuid
Value: 658524416ca14084a813c61c10ad396f

1 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/712363.gif?cparams=wplId%3D58aa81ca-2fd1-48f0-b9d7-714e2251800d
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
api.trustedform.com
cdn.trustedform.com
create.leadid.com
create.lidstatic.com
d2m2wsoho8qq12.cloudfront.net
deviceid.trueleadid.com
fonts.googleapis.com
fonts.gstatic.com
id.rlcdn.com
insurance.mediaalpha.com
login.healthquotes.us
quotes.billsavingstips.com
script.hotjar.com
static.hotjar.com
vc.hotjar.io
www.googletagmanager.com
www.nextinsure.com
108.138.7.40
13.225.84.206
18.66.112.19
18.66.97.10
2.23.7.19
23.45.108.17
2600:9000:223d:6c00:1c:7f1a:6680:93a1
2606:4700:10::6816:27b6
2a00:1450:4001:806::2008
2a00:1450:4001:80b::2003
2a00:1450:4001:827::200a
35.244.174.68
54.164.205.7
54.173.193.148
54.208.108.235
54.88.184.109
54.91.89.140
135b263b1793418703e6bb6b77b71a611b02ce17ae26c074dad331cf3c3f1706
141a922b83cc6707d19885ed7aec59ed8331771664e38e57277ed5eb5636650f
27f0bd0b3106d767f8e287d6520e8623747cdc5d08021416763147ff7371064d
2983407ba3eb28c2d5e908a4e1f963b79188fa101d5f7b492424d2c53871eba6
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
5f5b65b34c3c6b652d867332db7d92e5f0a9417f326eb07b66afcd215aea49ba
5fa694a822fc324b8910b340caed16fab52d4a8eb4fd60f98c10479e28b2ec97
602ea48b7fd2a48e702e43825b0d6f6495f78cb4cc1fa24cb8c95f61e014215a
6b03a317539942f8e4d122cc207ccbae6b0a867cc515525b88f00b93f0825787
8b435d8b0ae81cfebe5fc191b96cac18d8b936aa91e141d9493051babd21ff89
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
9d3c525097f00991df259935bc0212e5d53b51509cfeb9bcc2a4189bbcac06be
a47ea22742e43dcb593a1e5d9d90eda9811254b9818fad750f3e70a42993fb99
ae008eb8b0574201939bbd1352abad263233a124c1b94884e41d50063bca7eb6
b1d265a09a0003d319fcb9d677e9ababa31c80f5abaf932b37aa171a803030ee
b68571f35c152142b45474ee4a641f42b3f8451ec5dec44f8a0a7b2d2b4ce972
be97b2030aa3fbcc41adbd800d6163bdf25da8178ec9bd60939090abc0eb5b8d
c83dfe522163641b6a9b985e7db42fd53594a3b48d35833758f555a770f864b8
cef0a3ffb6993fc1ec7b5b67a16377ec1ec0a858b3cabb834033d7458ff0e4bc
d95166940395c50be562fe538c85311002d62b83da8f68a8500be092f4bf98fd
e3ad82a69faf9ec1b298a080ce5974322a33cc501e1455071cf8db58c7f2462f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9cd3408ee8eff9c2230c624baca4db92842af30a1979a7af1e56b9ec58f0335
eed633a8002069e13f06351bfe014d0132941a0882144ccee95cdacfa403b954
ef9a1193df719b51cd39c0377436806c0136ded70ca387018c67a376bb7633df
fe63c3d6c4d4486e0a2323e205377a04c96e054f37f4d87a7b8bab0091c19c14