mortgage.quickenloans.com Open in urlscan Pro
54.68.171.95 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~am...
Effective URL:
https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&s...
Submission: On July 26 via manual (July 26th 2021, 9:54:32 pm UTC) from US

Summary HTTP 177 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 80 IPs in 12 countries across 85 domains to perform 177 HTTP transactions. The main IP is 54.68.171.95, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is mortgage.quickenloans.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 21st 2021. Valid for: a year.

This is the only time mortgage.quickenloans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	162.251.181.240 162.251.181.240	62942 (WIDEVOICE...) (WIDEVOICE-MIA)
3 3	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
8	54.68.171.95 54.68.171.95	16509 (AMAZON-02) (AMAZON-02)
5	2a02:26f0:6c0... 2a02:26f0:6c00:299::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
4 11	52.214.44.171 52.214.44.171	16509 (AMAZON-02) (AMAZON-02)
1	23.45.107.170 23.45.107.170	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2a02:26f0:6c0... 2a02:26f0:6c00::210:bad2	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	143.204.98.88 143.204.98.88	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
8 8	34.253.145.149 34.253.145.149	16509 (AMAZON-02) (AMAZON-02)
1	68.232.35.38 68.232.35.38	15133 (EDGECAST) (EDGECAST)
2	151.101.13.140 151.101.13.140	54113 (FASTLY) (FASTLY)
4	44.229.252.126 44.229.252.126	16509 (AMAZON-02) (AMAZON-02)
1	13.224.111.13 13.224.111.13	16509 (AMAZON-02) (AMAZON-02)
3	52.40.27.155 52.40.27.155	16509 (AMAZON-02) (AMAZON-02)
2 2	3.120.52.200 3.120.52.200	16509 (AMAZON-02) (AMAZON-02)
12 13	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
6 12	99.80.199.35 99.80.199.35	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:bac1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	44.229.173.61 44.229.173.61	16509 (AMAZON-02) (AMAZON-02)
1	13.32.199.44 13.32.199.44	16509 (AMAZON-02) (AMAZON-02)
1	151.139.241.28 151.139.241.28	33438 (HIGHWINDS2) (HIGHWINDS2)
4	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a02:26f0:6c0... 2a02:26f0:6c00:295::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	95.217.105.253 95.217.105.253	24940 (HETZNER-AS) (HETZNER-AS)
2 2	2600:1f18:730... 2600:1f18:730:b130:4896:6298:98c:bff0	14618 (AMAZON-AES) (AMAZON-AES)
2	34.238.14.155 34.238.14.155	14618 (AMAZON-AES) (AMAZON-AES)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	144.76.98.137 144.76.98.137	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
3	151.101.132.84 151.101.132.84	54113 (FASTLY) (FASTLY)
1	136.144.49.174 136.144.49.174	54825 (PACKET) (PACKET)
8 8	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 32	52.46.133.124 52.46.133.124	16509 (AMAZON-02) (AMAZON-02)
1	13.224.111.49 13.224.111.49	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
2 3	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.119.150 74.119.119.150	19750 (AS-CRITEO) (AS-CRITEO)
4 5	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 7	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
2 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2	35.186.226.184 35.186.226.184	15169 (GOOGLE) (GOOGLE)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2 2	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	213.19.147.44 213.19.147.44	3356 (LEVEL3) (LEVEL3)
2 2	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
3 5	18.184.223.197 18.184.223.197	16509 (AMAZON-02) (AMAZON-02)
2 2	35.156.106.231 35.156.106.231	16509 (AMAZON-02) (AMAZON-02)
3 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	18.197.219.138 18.197.219.138	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4264:6067:ea36:4ec5:cf74	14618 (AMAZON-AES) (AMAZON-AES)
1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	13.224.115.175 13.224.115.175	16509 (AMAZON-02) (AMAZON-02)
1	107.22.179.180 107.22.179.180	14618 (AMAZON-AES) (AMAZON-AES)
1 1	34.231.184.117 34.231.184.117	14618 (AMAZON-AES) (AMAZON-AES)
1 1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 2	37.157.3.29 37.157.3.29	198622 (ADFORM) (ADFORM)
1 1	52.28.248.40 52.28.248.40	16509 (AMAZON-02) (AMAZON-02)
1 1	52.1.230.29 52.1.230.29	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.90.48.240 54.90.48.240	14618 (AMAZON-AES) (AMAZON-AES)
1	54.154.117.125 54.154.117.125	16509 (AMAZON-02) (AMAZON-02)
2 2	13.224.111.127 13.224.111.127	16509 (AMAZON-02) (AMAZON-02)
2 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	13.224.111.44 13.224.111.44	16509 (AMAZON-02) (AMAZON-02)
2 3	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1 1	45.79.181.237 45.79.181.237	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	151.101.14.132 151.101.14.132	54113 (FASTLY) (FASTLY)
2 2	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	91.192.149.30 91.192.149.30	42481 (BEGUN-AS) (BEGUN-AS)
3	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	52.209.68.132 52.209.68.132	16509 (AMAZON-02) (AMAZON-02)
1	3.127.62.220 3.127.62.220	16509 (AMAZON-02) (AMAZON-02)
1	124.146.215.52 124.146.215.52	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
1	202.241.208.2 202.241.208.2	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
1	52.199.44.14 52.199.44.14	16509 (AMAZON-02) (AMAZON-02)
1 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
2	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	34.102.166.132 34.102.166.132	15169 (GOOGLE) (GOOGLE)
1	3.35.111.161 3.35.111.161	16509 (AMAZON-02) (AMAZON-02)
1	54.64.168.5 54.64.168.5	16509 (AMAZON-02) (AMAZON-02)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::13	56396 (TURN) (TURN)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
177	80

1 162.251.181.240 (United States)

ASN62942 (WIDEVOICE-MIA, US)
PTR: mia-mx01.freeconferencecall.com

etrack.freeconferencecall.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.166 (Mountain View, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.68.171.95 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-68-171-95.us-west-2.compute.amazonaws.com

mortgage.quickenloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:299::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.214.44.171 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
quicken.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.107.170 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-107-170.deploy.static.akamaitechnologies.com

www.rockomni.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:6c00::210:bad2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.mortgage.quickenloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-88.fra50.r.cloudfront.net

privacy-policy.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

somni.quickenloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.253.145.149 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.232.35.38 (United States)

ASN15133 (EDGECAST, US)

g.3gl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 44.229.252.126 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-229-252-126.us-west-2.compute.amazonaws.com

ws.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.111.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-111-13.mad50.r.cloudfront.net

api.pushnami.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.40.27.155 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-40-27-155.us-west-2.compute.amazonaws.com

www.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.52.200 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.162 (United States) 12 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 99.80.199.35 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:bac1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.229.173.61 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-229-173-61.us-west-2.compute.amazonaws.com

pixmon.lowermybills.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.199.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-199-44.iad66.r.cloudfront.net

c.pmsrv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.241.28 (United States)

ASN33438 (HIGHWINDS2, US)

cdn1.lockerdomecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:295::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.217.105.253 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.253.105.217.95.clients.your-server.de

ads.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:730:b130:4896:6298:98c:bff0 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.238.14.155 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-14-155.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.76.98.137 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.137.98.76.144.clients.your-server.de

pix.revjet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.132.84 (Madrid, Spain)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.144.49.174 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
PTR: FRA-PKT-GLI-01

r.3gl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.194.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 52.46.133.124 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.111.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-111-49.mad50.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)

widget.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:2638::1c (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.33.220.145 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.226.184 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 184.226.186.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.94.180.126 (United States) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.99.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (United Kingdom) 3 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.131 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.184.223.197 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.106.231 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.197.219.138 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:6067:ea36:4ec5:cf74 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

amazon.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.115.175 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-115-175.mad50.r.cloudfront.net

www.imdb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.22.179.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-179-180.compute-1.amazonaws.com

usersync.samplicio.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.231.184.117 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-184-117.compute-1.amazonaws.com

ads.samba.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.29 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.248.40 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.1.230.29 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

lm.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.48.240 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.117.125 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-117-125.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.111.127 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-111-127.mad50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 2 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.111.44 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-111-44.mad50.r.cloudfront.net

pixel.placed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.181.237 (Cedar Knolls, United States) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

lciapi.ninthdecimal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.132 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

pi.ispot.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.115 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands) 1 redirects

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.133.78 (United States)

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.192.149.30 (Russian Federation)

ASN42481 (BEGUN-AS, RU)

profile.ssp.rambler.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

cw.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.209.68.132 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

partner.mediawallahscript.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.62.220 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.52 (Minato-ku, Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.241.208.2 (Japan)

ASN4694 (IDCF IDC Frontier Inc., JP)

adgen.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.199.44.14 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)

cs.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.166.132 (Kansas City, United States)

ASN15169 (GOOGLE, US)

ad.tpmn.co.kr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.35.111.161 (Incheon, Korea, Republic Of)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-35-111-161.ap-northeast-2.compute.amazonaws.com

adx.dable.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.64.168.5 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)

sync.ad-stir.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::13 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	24 KB
28	everesttech.net 22 redirects cm.everesttech.net pixel.everesttech.net sync-tm.everesttech.net	10 KB
17	quickenloans.com mortgage.quickenloans.com cdn.mortgage.quickenloans.com somni.quickenloans.com	229 KB
17	doubleclick.net 16 redirects ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	3 KB
11	demdex.net 4 redirects dpm.demdex.net quicken.demdex.net	15 KB
10	criteo.com 5 redirects sslwidget.criteo.com widget.us.criteo.com gum.criteo.com dis.criteo.com	7 KB
9	yahoo.com 3 redirects sp.analytics.yahoo.com ads.yahoo.com ups.analytics.yahoo.com cms.analytics.yahoo.com	6 KB
9	googletagmanager.com www.googletagmanager.com	340 KB
8	lowermybills.com ws.lowermybills.com www.lowermybills.com pixmon.lowermybills.com navapi-lb.lowermybills.com Failed	5 KB
7	adnxs.com 5 redirects ib.adnxs.com secure.adnxs.com	7 KB
5	bidswitch.net 3 redirects x.bidswitch.net	2 KB
5	pubmatic.com 2 redirects image2.pubmatic.com image6.pubmatic.com simage2.pubmatic.com	2 KB
5	liadm.com 2 redirects b-code.liadm.com rp.liadm.com rp4.liadm.com	13 KB
5	gstatic.com fonts.gstatic.com	91 KB
5	adobedtm.com assets.adobedtm.com	84 KB
4	mathtag.com pixel.mathtag.com	4 KB
3	tapad.com 2 redirects pixel.tapad.com	1 KB
3	spotxchange.com 2 redirects sync.search.spotxchange.com	2 KB
3	openx.net 2 redirects us-u.openx.net	729 B
3	casalemedia.com 2 redirects dsum-sec.casalemedia.com ssum-sec.casalemedia.com	3 KB
3	rubiconproject.com 1 redirects pixel.rubiconproject.com token.rubiconproject.com	810 B
3	pinterest.com ct.pinterest.com	977 B
2	3lift.com 1 redirects eb2.3lift.com	734 B
2	socdm.com tg.socdm.com adgen.socdm.com	1 KB
2	mediawallahscript.com 1 redirects partner.mediawallahscript.com	1 KB
2	addthis.com cw.addthis.com	850 B
2	semasio.net 2 redirects uipglob.semasio.net	1 KB
2	scorecardresearch.com 2 redirects sb.scorecardresearch.com	737 B
2	krxd.net 1 redirects usermatch.krxd.net beacon.krxd.net	498 B
2	serving-sys.com 2 redirects bs.serving-sys.com lm.serving-sys.com	778 B
2	adform.net 2 redirects c1.adform.net	998 B
2	myvisualiq.net 2 redirects t.myvisualiq.net	1 KB
2	advertising.com 2 redirects pixel.advertising.com	657 B
2	adsrvr.org 2 redirects match.adsrvr.org	912 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	bluekai.com 2 redirects tags.bluekai.com	2 KB
2	snapchat.com tr.snapchat.com	466 B
2	facebook.com www.facebook.com	367 B
2	revjet.com ads.revjet.com pix.revjet.com	9 KB
2	pinimg.com s.pinimg.com	18 KB
2	facebook.net connect.facebook.net	37 KB
2	taboola.com 1 redirects cdn.taboola.com sync.taboola.com	25 KB
2	google.com 1 redirects www.google.com adservice.google.com	261 B
2	agkn.com 2 redirects aa.agkn.com	665 B
2	3gl.net g.3gl.net r.3gl.net	31 KB
2	googleapis.com fonts.googleapis.com	1 KB
1	rlcdn.com idsync.rlcdn.com	417 B
1	turn.com 1 redirects d.turn.com	418 B
1	ad-stir.com sync.ad-stir.com	101 B
1	dable.io adx.dable.io	128 B
1	tpmn.co.kr ad.tpmn.co.kr	601 B
1	adingo.jp cs.adingo.jp	44 B
1	kargo.com crb.kargo.com	360 B
1	rambler.ru profile.ssp.rambler.ru	169 B
1	mgid.com cm.mgid.com	849 B
1	outbrain.com sync.outbrain.com	476 B
1	twitter.com analytics.twitter.com	658 B
1	ispot.tv 1 redirects pi.ispot.tv	344 B
1	ninthdecimal.com 1 redirects lciapi.ninthdecimal.com	612 B
1	exelator.com loadus.exelator.com	324 B
1	placed.com 1 redirects pixel.placed.com	567 B
1	mookie1.com 1 redirects odr.mookie1.com	601 B
1	samba.tv 1 redirects ads.samba.tv	292 B
1	samplicio.us usersync.samplicio.us	263 B
1	imdb.com 1 redirects www.imdb.com	887 B
1	stickyadstv.com 1 redirects ads.stickyadstv.com	763 B
1	zeotap.com spl.zeotap.com	731 B
1	tremorhub.com amazon.partners.tremorhub.com	183 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	484 B
1	t.co t.co	454 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	criteo.net static.criteo.net	13 KB
1	sc-static.net sc-static.net	6 KB
1	lockerdomecdn.com cdn1.lockerdomecdn.com	607 B
1	pmsrv.co c.pmsrv.co	4 KB
1	google.de www.google.de	108 B
1	reddit.com alb.reddit.com	125 B
1	pushnami.com api.pushnami.com	15 KB
1	redditstatic.com www.redditstatic.com	7 KB
1	googleadservices.com www.googleadservices.com	17 KB
1	truste.com privacy-policy.truste.com	15 KB
1	rockomni.com www.rockomni.com	10 KB
1	freeconferencecall.com etrack.freeconferencecall.com	2 KB
0	nate.com Failed sbm.nate.com Failed
0	survata.com Failed px.surveywall-api.survata.com Failed
177	85

	Domain	Requested by
32	s.amazon-adsystem.com	1 redirects mortgage.quickenloans.com s.amazon-adsystem.com
13	cm.g.doubleclick.net	12 redirects
12	pixel.everesttech.net	6 redirects
10	dpm.demdex.net	4 redirects mortgage.quickenloans.com cdn.mortgage.quickenloans.com
9	www.googletagmanager.com	mortgage.quickenloans.com assets.adobedtm.com
8	sync-tm.everesttech.net	8 redirects
8	cm.everesttech.net	8 redirects
8	mortgage.quickenloans.com	etrack.freeconferencecall.com mortgage.quickenloans.com
7	cdn.mortgage.quickenloans.com	mortgage.quickenloans.com
5	x.bidswitch.net	3 redirects
5	gum.criteo.com	4 redirects static.criteo.net
5	fonts.gstatic.com	fonts.googleapis.com
5	assets.adobedtm.com	mortgage.quickenloans.com assets.adobedtm.com
4	secure.adnxs.com	3 redirects
4	ups.analytics.yahoo.com	3 redirects
4	pixel.mathtag.com	mortgage.quickenloans.com pixel.mathtag.com
4	ws.lowermybills.com	cdn.mortgage.quickenloans.com
3	dis.criteo.com
3	pixel.tapad.com	2 redirects
3	sync.search.spotxchange.com	2 redirects
3	us-u.openx.net	2 redirects
3	ib.adnxs.com	2 redirects
3	ct.pinterest.com	s.pinimg.com mortgage.quickenloans.com
3	www.lowermybills.com	cdn.mortgage.quickenloans.com
3	ad.doubleclick.net	3 redirects
2	simage2.pubmatic.com
2	eb2.3lift.com	1 redirects
2	partner.mediawallahscript.com	1 redirects
2	cw.addthis.com
2	image6.pubmatic.com	2 redirects
2	uipglob.semasio.net	2 redirects
2	sb.scorecardresearch.com	2 redirects
2	c1.adform.net	2 redirects
2	t.myvisualiq.net	2 redirects
2	pixel.advertising.com	2 redirects
2	match.adsrvr.org	2 redirects
2	sync.1rx.io	2 redirects
2	tags.bluekai.com	2 redirects
2	tr.snapchat.com	mortgage.quickenloans.com
2	dsum-sec.casalemedia.com	1 redirects
2	pixel.rubiconproject.com
2	ads.yahoo.com
2	www.facebook.com	mortgage.quickenloans.com
2	rp4.liadm.com	mortgage.quickenloans.com
2	rp.liadm.com	2 redirects
2	s.pinimg.com	mortgage.quickenloans.com s.pinimg.com
2	connect.facebook.net	mortgage.quickenloans.com connect.facebook.net
2	sp.analytics.yahoo.com	mortgage.quickenloans.com
2	aa.agkn.com	2 redirects
2	somni.quickenloans.com	assets.adobedtm.com
2	fonts.googleapis.com	mortgage.quickenloans.com
1	idsync.rlcdn.com
1	d.turn.com	1 redirects
1	sync.ad-stir.com
1	adx.dable.io
1	ad.tpmn.co.kr
1	cs.adingo.jp
1	adgen.socdm.com
1	tg.socdm.com
1	crb.kargo.com
1	profile.ssp.rambler.ru
1	cm.mgid.com
1	sync.outbrain.com
1	analytics.twitter.com	static.ads-twitter.com
1	sync.taboola.com	1 redirects
1	pi.ispot.tv	1 redirects
1	lciapi.ninthdecimal.com	1 redirects
1	loadus.exelator.com	s.amazon-adsystem.com
1	pixel.placed.com	1 redirects
1	token.rubiconproject.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	beacon.krxd.net	s.amazon-adsystem.com
1	usermatch.krxd.net	1 redirects
1	lm.serving-sys.com	1 redirects
1	bs.serving-sys.com	1 redirects
1	odr.mookie1.com	1 redirects
1	ads.samba.tv	1 redirects
1	usersync.samplicio.us	s.amazon-adsystem.com
1	www.imdb.com	1 redirects
1	ads.stickyadstv.com	1 redirects
1	spl.zeotap.com	s.amazon-adsystem.com
1	cms.analytics.yahoo.com	s.amazon-adsystem.com
1	amazon.partners.tremorhub.com	s.amazon-adsystem.com
1	sync.targeting.unrulymedia.com	1 redirects
1	image2.pubmatic.com
1	t.co	mortgage.quickenloans.com
1	widget.us.criteo.com	mortgage.quickenloans.com
1	sslwidget.criteo.com	1 redirects
1	static.ads-twitter.com	mortgage.quickenloans.com
1	adservice.google.com	mortgage.quickenloans.com
1	static.criteo.net	mortgage.quickenloans.com
1	sc-static.net	mortgage.quickenloans.com
1	r.3gl.net	g.3gl.net
1	pix.revjet.com	ads.revjet.com
1	ads.revjet.com	mortgage.quickenloans.com
1	cdn.taboola.com	mortgage.quickenloans.com
1	cdn1.lockerdomecdn.com	mortgage.quickenloans.com
1	c.pmsrv.co	mortgage.quickenloans.com
1	pixmon.lowermybills.com	mortgage.quickenloans.com
1	b-code.liadm.com	mortgage.quickenloans.com
1	www.google.de
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	alb.reddit.com	mortgage.quickenloans.com
1	api.pushnami.com	etrack.freeconferencecall.com
1	www.redditstatic.com	mortgage.quickenloans.com
1	g.3gl.net	cdn.mortgage.quickenloans.com
1	quicken.demdex.net	assets.adobedtm.com
1	www.googleadservices.com	mortgage.quickenloans.com
1	privacy-policy.truste.com	mortgage.quickenloans.com
1	www.rockomni.com	assets.adobedtm.com
1	etrack.freeconferencecall.com
0	sbm.nate.com Failed
0	navapi-lb.lowermybills.com Failed	cdn.mortgage.quickenloans.com
0	px.surveywall-api.survata.com Failed	s.amazon-adsystem.com
177	115

This site contains links to these domains. Also see Links.

Domain
marketing.lowermybills.com
www.hud.gov
privacy.truste.com
www.thawte.com
www.bbb.org
www.mbaa.org
www.nmlsconsumeraccess.com
www.quickenloans.com

Subject Issuer	Validity	Valid
mortgage.quickenloans.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-21` - `2022-01-25`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-09-30`	9 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
www.rockomni.com DigiCert SHA2 Secure Server CA	`2020-12-04` - `2021-11-18`	a year	crt.sh
cdn.lowermybills.com R3	`2021-07-23` - `2021-10-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.truste.com Amazon	`2021-02-16` - `2022-03-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
somni.quickenloans.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-10` - `2022-04-10`	a year	crt.sh
s10.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-06-03` - `2022-08-24`	2 years	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
ws.lowermybills.com Thawte RSA CA 2018	`2020-12-17` - `2022-01-17`	a year	crt.sh
*.pushnami.com Amazon	`2021-04-18` - `2022-05-17`	a year	crt.sh
www.lowermybills.com Thawte RSA CA 2018	`2020-03-11` - `2022-03-12`	2 years	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
*.tmogul.com Amazon	`2021-07-16` - `2022-08-14`	a year	crt.sh
www.google.de GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
b-code.liadm.com DigiCert Secure Site ECC CA-1	`2020-06-23` - `2021-09-22`	a year	crt.sh
*.lowermybills.com Thawte RSA CA 2018	`2020-03-11` - `2022-03-11`	2 years	crt.sh
pmsrv.co Amazon	`2020-12-16` - `2022-01-14`	a year	crt.sh
cdn1.lockerdomecdn.com Go Daddy Secure Certificate Authority - G2	`2021-03-06` - `2022-04-07`	a year	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
*.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-24` - `2021-11-17`	6 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
*.pinterest.com DigiCert SHA2 High Assurance Server CA	`2020-07-16` - `2021-08-04`	a year	crt.sh
*.revjet.com Sectigo RSA Domain Validation Secure Server CA	`2020-03-12` - `2022-04-10`	2 years	crt.sh
*.liadm.com Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-07-08` - `2021-08-25`	2 months	crt.sh
r.3gl.net Go Daddy Secure Certificate Authority - G2	`2021-01-22` - `2022-02-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
sc-static.net DigiCert TLS RSA SHA256 2020 CA1	`2021-02-11` - `2022-02-15`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-06-28` - `2021-09-20`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.us.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-08` - `2021-09-05`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-06-27` - `2021-09-24`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
tr.snapchat.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-19` - `2022-01-23`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
*.samplicio.us Amazon	`2021-04-17` - `2022-05-16`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
profile.ssp.rambler.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh
*.mediawallahscript.com Amazon	`2021-05-19` - `2022-06-17`	a year	crt.sh
*.dev.kargo.com Amazon	`2021-03-16` - `2022-04-14`	a year	crt.sh
*.socdm.com GlobalSign RSA OV SSL CA 2018	`2020-04-24` - `2022-06-02`	2 years	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
ad.tpmn.co.kr GTS CA 1D4	`2021-07-06` - `2021-10-04`	3 months	crt.sh
*.dable.io Amazon	`2021-07-11` - `2022-08-09`	a year	crt.sh
*.ad-stir.com Amazon	`2021-05-11` - `2022-06-09`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Frame ID: 68EE971D205A4BFC750804E154B308DE
Requests: 51 HTTP requests in this frame

Frame: https://quicken.demdex.net/dest5.html?d_nsid=0
Frame ID: 91ACEB883E1E82CCCBD3A3268E0AF0E6
Requests: 19 HTTP requests in this frame

Frame: https://g.3gl.net/jp/3014/v3.2.6/M
Frame ID: 853079DCDDB9A53CD014C727793B4E4C
Requests: 1 HTTP requests in this frame

Frame: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Frame ID: 18C3EE74572CD34A962AA3EA734FEF2F
Requests: 30 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t
Frame ID: B0D4D4D2959C7E72E24DDA8EDF323CF9
Requests: 1 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=b45660ff-2f0a-4900-a377-e1846d22111c&no_iframe=1&mt_adid=245296&source=mathtag
Frame ID: 3EB720C2B96D03CC876205FE044A07DA
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=mortgage.quickenloans.com&origin=onetag
Frame ID: 7EF288D7FC488A27E290E687CC834469
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=409e6a74-8d7f-465e-87b0-cc6eb99f3a76
Frame ID: 2D55AF9115C01B284C0D2A6CCD407B8A
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: E59E14D51A8A64CC5D125C9CB4B1DE73
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Frame ID: C32D0EF77295E270B9EEE5D091E0A673
Requests: 37 HTTP requests in this frame

Frame: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5
Frame ID: 7C8A82FE14468CEA56BC2FF6DD9E963A
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn... Page URL
https://ad.doubleclick.net/ddm/clk/495337900;302266700;b?https://mortgage.quickenloans.com/lending/home... HTTP 302
https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!... Page URL

Detected technologies

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

177
Requests

98 %
HTTPS

20 %
IPv6

85
Domains

115
Subdomains

80
IPs

12
Countries

1041 kB
Transfer

2374 kB
Size

9
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://marketing.lowermybills.com/api/marketing/redirect?uid=214966&prd=MS
Title: Go To LowerMyBills

Search URL Search Domain Scan URL

URL: https://www.hud.gov/
Title:

Search URL Search Domain Scan URL

URL: https://privacy.truste.com/privacy-seal/validation?rid=36759420-4093-4a7b-bf8a-2029fcf0dd2d

Search URL Search Domain Scan URL

URL: https://www.thawte.com/ssl/secured-seal/

Search URL Search Domain Scan URL

URL: https://www.bbb.org/losangelessiliconvalley/business-reviews/internet-marketing-services/lower-my-bills-in-playa-vista-ca-13130473

Search URL Search Domain Scan URL

URL: http://www.mbaa.org/
Title:

Search URL Search Domain Scan URL

URL: https://www.nmlsconsumeraccess.com/EntityDetails.aspx/COMPANY/3030
Title: see the NMLS consumer access page

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/about/legal/email-policy
Title: E-Mail Policy

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/about/legal/security-privacy
Title: Security and Privacy

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/about/legal/disclosures-licenses
Title: Disclosures and Licenses

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/about/legal/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.quickenloans.com/about/legal/contact-options
Title: Communication Opt-Out

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~amp;j=g~amp;v= Page URL
https://ad.doubleclick.net/ddm/clk/495337900;302266700;b?https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=%m&%g HTTP 302
https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592

Request Chain 38

https://cm.everesttech.net/cm/dd?d_uuid=12344700082319070772021669783005969183 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YP8vCgAAAGCTBh0T HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YP8vCgAAAGCTBh0T

Request Chain 49

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=12344700082319070772021669783005969183 HTTP 302
https://dpm.demdex.net/ibs:dpid=21&dpuuid=165020903859000603557

Request Chain 51

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTIzNDQ3MDAwODIzMTkwNzA3NzIwMjE2Njk3ODMwMDU5NjkxODM= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MTIzNDQ3MDAwODIzMTkwNzA3NzIwMjE2Njk3ODMwMDU5NjkxODM=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKkrzbK2j3LzvDRsuG6vwL8&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 52

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 53

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 57

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D2634060der%253D51%2526seg%253D2634060&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 59

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782 HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2526v%253D11782&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 60

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/5830051840/?value=0&guid=ON&script=0&data=aam=21408935 HTTP 302
https://www.google.com/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122 HTTP 302
https://www.google.de/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122&ipr=y

Request Chain 72

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggybackCookie%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 74

https://rp.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUklDb21wb25lbnQgKDxhbm9ueW1vdXM-KVxuICAgIGF0IHBlIChodHRwczovL2ItY29kZS5saWFkbS5jb20vYS0wNmQ3Lm1pbi5qczoxOjgzMzMuLi4ifQ&tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&dtstmp=1627336458860 HTTP 302
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUklDb21wb25lbnQgKDxhbm9ueW1vdXM-KVxuICAgIGF0IHBlIChodHRwczovL2ItY29kZS5saWFkbS5jb20vYS0wNmQ3Lm1pbi5qczoxOjgzMzMuLi4ifQ&tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&dtstmp=1627336458860&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Request Chain 76

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__ HTTP 302
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1 HTTP 302
https://pixel.everesttech.net/1x1

Request Chain 79

https://rp.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&ext_s_ecid=MCMID%7C12557285890509403652036436709797822423&duid=ddc3c751f117--01fbjczgkbv0dxhcap7z1ae6rr&se=e30&dtstmp=1627336458974 HTTP 302
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&ext_s_ecid=MCMID%7C12557285890509403652036436709797822423&duid=ddc3c751f117--01fbjczgkbv0dxhcap7z1ae6rr&se=e30&dtstmp=1627336458974&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Request Chain 80

https://cm.everesttech.net/cm/yh HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=YP8vCgAAAGCTBh0T&sigv=1&esig=1~ade9dca58093c7ad13e784a4e176f7917356224a

Request Chain 84

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVA4dkNnQUFBR0NUQmgwVA==

Request Chain 85

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YP8vCgAAAGCTBh0T&expires=90

Request Chain 86

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500 HTTP 302
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t

Request Chain 89

https://ad.doubleclick.net/ddm/activity/src=5777706;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726437649620.67 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726437649620.67 HTTP 302
https://adservice.google.com/ddm/fls/z/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726437649620.67

Request Chain 94

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T&C=1

Request Chain 95

https://sslwidget.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498 HTTP 302
https://widget.us.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498

Request Chain 97

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=YP8vCgAAAGCTBh0T HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYP8vCgAAAGCTBh0T

Request Chain 100

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YP8vCgAAAGCTBh0T HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YP8vCgAAAGCTBh0T

Request Chain 103

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YP8vCgAAAGCTBh0T

Request Chain 104

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1&__user_check__=1&sync_id=07bb013c-ee5c-11eb-b091-1d0a0d900206

Request Chain 105

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YP8vCgAAAGCTBh0T&t=2592000&o=0

Request Chain 107

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dxtf-1621550208998%26id%3D%24_BK_UUID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=xtf-1621550208998&id=BY3A1y9999eAGw2Q

Request Chain 108

https://aa.agkn.com/adscores/g.pixel?sid=9212284268 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=165020903859000603557&ex=neustar.biz

Request Chain 109

https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8444361013 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8444361013 HTTP 302
https://sync.1rx.io/usersync/tradedesk/dfbd9d3f-c4c5-4698-8ce2-eb39d963a824 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DRX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003%26ex%3Drhythmone.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003&ex=rhythmone.com

Request Chain 110

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=501a1988cdda0e26949bcee6b36e5fe4

Request Chain 111

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=s2Qxw99999eAGw2Q

Request Chain 112

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1 HTTP 302
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UP0805c68a-ee5c-11eb-b89a-026950392bd0 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=0525fc3d0aa240a10976b58172b77c24db7d1243&ex=aoldisplay.com

Request Chain 113

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a9924038-0b41-46b0-b40b-620ced6a94bc

Request Chain 117

https://ads.stickyadstv.com/user-matching?id=2545 HTTP 302
https://s.amazon-adsystem.com/ecm3?id=cf1d3b14f12789c64c39565da42583dd&ex=freewheel.tv&gdpr=0&gdpr_consent=

Request Chain 118

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com HTTP 302
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Request Chain 120

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=de66d91c225bc4e2

Request Chain 121

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=Atl4znrQQQiETVonc_B7qA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=66768134765514766602542724573964968363

Request Chain 122

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=55N-zD5yT9mnc5glGa9y1Q HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10810679800388815608&gdpr=&gdpr_consent=

Request Chain 124

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=9064306567311593663

Request Chain 125

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=07bb0101-ee5c-11eb-b091-1d0a0d900206

Request Chain 126

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D HTTP 302
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%222ed881ca-1758-415c-8d3f-edba7d4c52c7%22,%22Time%22:%2220210726T175421.392495%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%] HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=2ed881ca-1758-415c-8d3f-edba7d4c52c7

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEPnsLGk97_gcgOJxO4Vsano&google_cver=1

Request Chain 128

https://usermatch.krxd.net/um/v2?partner=amzn HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn

Request Chain 129

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=c30c02866de47ba076ecc19ebaf5dbe6

Request Chain 130

https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=caef8208-12fc-c204-0d60-1f2266bbcf4c

Request Chain 131

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__ HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=index&id=Ka0YOxgIRW5jXQSi2eJSFDc4cI04ZgAC

Request Chain 132

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=DEAFB3A2874F2B41

Request Chain 133

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=5094468131023756336&ex=appnexus.com

Request Chain 134

https://token.rubiconproject.com/token?pid=2179&pt=n HTTP 302
https://s.amazon-adsystem.com/ecm3?id=PoDTl3fanpNIyDvXpk-Azw&ex=rubiconproject.com&status=ok

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=2tHC-tqCRBCYcTExJbvr1Q& HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Request Chain 136

https://pixel.placed.com/api/v2/sync/custom-pixel?https://s.amazon-adsystem.com/ecm3?ex=placed.com&id= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1682&partner_device_id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451&partner_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dplaced.com%26id%3Damazon-f6a7cd57-9c32-455c-959d-298e2ba6a451 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1682&partner_device_id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451&partner_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dplaced.com%26id%3Damazon-f6a7cd57-9c32-455c-959d-298e2ba6a451 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=placed.com&id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451

Request Chain 138

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=EDB54F2D0E2FFF600C59F766024CE398

Request Chain 139

https://ups.analytics.yahoo.com/ups/58297/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58297/sync?_origin=1&redir=true&verify=true HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=verizonums&id=y-iXJgTAd1l2O20QjRlKAsTo42_Bv437k-

Request Chain 140

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=cae62083e3e9b3258df994bed7532b4a448b81c2df63d72f206875e83c45323f

Request Chain 141

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=E1399A85-84D2-403B-8839-68DD7AB7B5FB

Request Chain 142

https://sync.taboola.com/sg/amazon-a9-network/1/rtb HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=62ee7f58-9358-4b3d-8d38-a6497f2bbc18-tuct7f8b48e

Request Chain 146

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5

Request Chain 149

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay11LU5yTXBRZ1ZfdVNWd2Fud3EzSC1WWWdZMkNKQUlmUWxuc3FTQQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay11LU5yTXBRZ1ZfdVNWd2Fud3EzSC1WWWdZMkNKQUlmUWxuc3FTQQ&google_tc= HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 157

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom=&tag_format=img&tag_action=sync&custom=&cb=90f60ab9-f00b-434e-8a71-8d2b3d7ddec5 HTTP 302
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=90f60ab9-f00b-434e-8a71-8d2b3d7ddec5&final=true&reqid=0a16a430-ee5c-11eb-9207-f76dd474af4d&timestamp=2021-07-26T21%3A54%3A23.859Z

Request Chain 162

https://secure.adnxs.com/setuid?entity=52&code=k-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw&seg=95287 HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw%26seg%3D95287

Request Chain 163

https://eb2.3lift.com/xuid?mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

Request Chain 171

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fcdb%252Fcookiematch.aspx%253F%2526extid%253D%2524!%7BTURN_UUID%7D HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/lFo0rhjTvyfDTVGoSI1HvyDGK6B_jiqz/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_UUID%7D HTTP 302
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2422797914043602119

Request Chain 172

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3832621518879884071

Request Chain 175

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40 HTTP 302
https://idsync.rlcdn.com/397596.gif?partner_uid=Bm-8Oag6crV5VQOxX2HdCd6DBo-XUqvD

177 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa Show response
etrack.freeconferencecall.com/t/ 2 KB
2 KB 310ms
285ms Document
text/html 162.251.181.240
WIDEVOICE-MIA

General

Check archive.org

Show headers Download Go to

Full URL: http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~amp;j=g~amp;v=
Protocol: HTTP/1.1
Server: 162.251.181.240 , United States, ASN62942 (WIDEVOICE-MIA, US),
Reverse DNS: mia-mx01.freeconferencecall.com
Software: /
Resource Hash: 570c606eb36d5cbcfa24c1dae70d5bcddbbc32ea0a79ddae79dcde24b740355c

Request headers

Host: etrack.freeconferencecall.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:16 GMT
Server
Cache-Control: no-cache, must-revalidate, max-age=0, no-store
Expires: -1
Pragma: no-cache
Content-Length: 1870
Connection: close
Content-Type: text/html;charset=ascii

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
mortgage.quickenloans.com/lending/home-refinance/
Redirect Chain

https://ad.doubleclick.net/ddm/clk/495337900;302266700;b?https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=30...
https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodN...

159 KB
36 KB

1038ms
413ms

Document
text/html

54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA

Requested by

Host: etrack.freeconferencecall.com
URL: http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~amp;j=g~amp;v=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

cd225dd18a2e6ddee591ba7a6a908362985197096a94c2f3449b047dc1d33c4a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: mortgage.quickenloans.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: http://etrack.freeconferencecall.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~amp;j=g~amp;v=

Response headers

Date: Mon, 26 Jul 2021 21:54:17 GMT
Set-Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; path=/; expires=Wed, 26-Jul-23 21:54:17 GMT JSESSIONID=LNVyaabBmq6wvz0XSXhRpDUd.WAPP07.MOON.CDM-MC-07; Path=/lending sourceid_cookie=302266700-495337900; Expires=Wed, 25-Aug-2021 21:54:17 GMT; Path=/ LMB_VISITOR_ID=3972433051; Expires=Tue, 26-Jul-2022 21:54:17 GMT; Path=/ lmb_repeat_visitor=Y; Expires=Tue, 26-Jul-2022 21:54:17 GMT; Path=/ BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com TS01ec506a=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; path=/lending
Pragma: no-cache
Cache-Control: max-stale=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="CAO PSA OUR" CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 35275
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Mon, 26 Jul 2021 21:54:16 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUmn6a4gLGQWdUZqDEKVVUohgjguoYLZ3GVBzl4LLTo02L76Zs-C4-i-okOiOWU; expires=Sat, 20-Aug-2022 21:54:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none FLC=CLqkoQMQzPKQkAEYrIOZ7AEox4Y0MIje_IcG; expires=Mon, 26-Jul-2021 21:54:26 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 launch-ENac0456a305144bd1997bb2b709c90a1c.min.js Show response
assets.adobedtm.com/ 199 KB
60 KB 20ms
6ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c6b8979ec652d4045389decce5b601bb17780e4f861221d2dd23ca3940e66f92

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 15:16:28 GMT
server: AkamaiNetStorage
etag: "3a935cbb3c1557298df1d14937f25291:1626966988.621431"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 61458
expires: Mon, 26 Jul 2021 22:54:17 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
763 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap

Requested by

Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51a81ff5087d8ce810440d4ba5fc26db94dca3b0669746ef14f9e01385a6b995

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 20:02:26 GMT
server: ESF
date: Mon, 26 Jul 2021 21:54:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 css
fonts.googleapis.com/ 776 B
482 B 22ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Shadows+Into+Light+Two

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

14e004ec8033e60ddcbb7d3ed7a720231321dc30a076698d71d9780faa8dd179

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:54:17 GMT
server: ESF
date: Mon, 26 Jul 2021 21:54:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592
https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592

4 KB
2 KB

69ms
68ms

XHR
application/json

52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ce9d768855d46e9f40d463718f85de28869451f6f757e8695887103681b509bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-098cbf070.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: HytZjG7ISMs=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1252
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v012-0eecf40e0.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
X-TID: 1+zii9O8Scg=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&ts=1627336457592
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 33 KB
12 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
etag: "f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12184
expires: Mon, 26 Jul 2021 22:54:17 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 3 KB
2 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 22:09:52 GMT
server: AkamaiNetStorage
etag: "5dedcda2c8a6c3a51fd419d306427010:1597270192.857753"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1594
expires: Mon, 26 Jul 2021 22:54:17 GMT

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 25 KB
9 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: e5f0058d3d737d25b691728bce12a7d0b77183781c936ca8152e28cacf9e6e3f

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: gzip
last-modified: Wed, 12 Aug 2020 22:09:53 GMT
server: AkamaiNetStorage
etag: "c8afb92bc0d997ba5b673367e69b9ff1:1597270193.156081"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8762
expires: Mon, 26 Jul 2021 22:54:17 GMT

GET
H2 200 data-layer.js Show response
www.rockomni.com/mcds/assets/GlobalContent/bi-datalayer/ 34 KB
10 KB 178ms
58ms Script
application/x-javascript 23.45.107.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rockomni.com/mcds/assets/GlobalContent/bi-datalayer/data-layer.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.107.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-107-170.deploy.static.akamaitechnologies.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 70478869f2c090cdc2ec5d6a6f129ad7e234c5eb2778424965cedee78913839a

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: gzip
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-length: 9794
x-aspnetmvc-version: 5.2
last-modified: Tue, 20 Jul 2021 20:11:45 GMT
server: Microsoft-IIS/10.0
etag: "g1Js9wgn81X82so2XhR4Pg=="
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/x-javascript
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: *
expires: Mon, 26 Jul 2021 22:14:17 GMT

GET
H/1.1 200
OK Cookie set qllogo.png
mortgage.quickenloans.com/lending-images/2020/msql0030/ 4 KB
5 KB 404ms
216ms Image
image/png 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/2020/msql0030/qllogo.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

7f4a787fc9a4b2a5aba8fb8cacef8408bbea999b0352565fda8fac6dc96f36e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 3877
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:29:34 GMT
X-Frame-Options: SAMEORIGIN
ETag: "5b8e2f171466dac5-f25-5c2cdd495e1f0"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: BIGipServerpl.prod-static-66=!bqxAzjIWkC1sEDlRHhj5eaSY0gTQ+Pt8A174pbnmIqhF88+8z2POpMzs71B9TxccBSt09H6IPzHdCfw=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H/1.1 200
OK redarrow1.png
cdn.mortgage.quickenloans.com/lending-images/2019/arrow/ 7 KB
7 KB 49ms
6ms Image
image/png 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mortgage.quickenloans.com/lending-images/2019/arrow/redarrow1.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f09a1f55680dfd61629bce9cb7c51a4a73b6e81f7af441573b65f2550c27c9b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 21 May 2021 02:28:51 GMT
ETag: "d5b3fa4bcaafbe7-1a00-5c2cdd20bb4a0"
X-Frame-Options: SAMEORIGIN
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Cache-Control: max-age=734055
Date: Mon, 26 Jul 2021 21:54:17 GMT
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 6656
X-XSS-Protection: 1; mode=block
Expires: Wed, 04 Aug 2021 09:48:32 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://mortgage.quickenloans.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:27:07 GMT
x-content-type-options: nosniff
age: 1630
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19172
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:11:52 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 26 Jul 2022 21:27:07 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://mortgage.quickenloans.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 14:01:00 GMT
x-content-type-options: nosniff
age: 546797
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19480
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 14:01:00 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_bZF3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://mortgage.quickenloans.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 05:41:48 GMT
x-content-type-options: nosniff
age: 576749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19264
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:13:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 05:41:48 GMT

GET
H2 200 4iC86LVlZsRSjQhpWGedwyOoW-0A6_kpsyNmpAzHGQ.woff2
fonts.gstatic.com/s/shadowsintolighttwo/v8/ 15 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/shadowsintolighttwo/v8/4iC86LVlZsRSjQhpWGedwyOoW-0A6_kpsyNmpAzHGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Shadows+Into+Light+Two

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9881a70e1ba7b9c3409931942e5c9870d9295667ee29e9a84f7437543a94d0d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://mortgage.quickenloans.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Jul 2021 03:09:40 GMT
x-content-type-options: nosniff
age: 585877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15856
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:47:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Jul 2022 03:09:40 GMT

GET
H/1.1 200
OK overlay-close.svg
cdn.mortgage.quickenloans.com/lending-images/msql/EdisonOverlay/ 586 B
1 KB 516ms
507ms Image
image/svg+xml 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mortgage.quickenloans.com/lending-images/msql/EdisonOverlay/overlay-close.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4271182f88bdd24c04c139be25fa435a8ee7d84b36b69f6790a060db5ab1de71

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
Content-Length: 313
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:40:38 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Jul 2021 21:54:18 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=0
ETag: "aa30a20622fd75f1-24a-5c2cdfc2ca5f0"
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Accept-Ranges: bytes
Expires: Mon, 26 Jul 2021 21:54:18 GMT

GET
H/1.1 200
OK Testimonial_Stars_-_LMB_LRE_FNL_00015.png
cdn.mortgage.quickenloans.com/lending-images/2020/lre00015/ 551 B
1 KB 21ms
6ms Image
image/png 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mortgage.quickenloans.com/lending-images/2020/lre00015/Testimonial_Stars_-_LMB_LRE_FNL_00015.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 21 May 2021 02:29:32 GMT
ETag: "8157c96388973ffe-227-5c2cdd4790f08"
X-Frame-Options: SAMEORIGIN
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Cache-Control: max-age=603238
Date: Mon, 26 Jul 2021 21:54:17 GMT
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 551
X-XSS-Protection: 1; mode=block
Expires: Mon, 02 Aug 2021 21:28:15 GMT

GET
H/1.1 200
OK seal
privacy-policy.truste.com/privacy-seal/ 14 KB
15 KB 183ms
57ms Image
image/svg+xml 143.204.98.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://privacy-policy.truste.com/privacy-seal/seal?rid=36759420-4093-4a7b-bf8a-2029fcf0dd2d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

143.204.98.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-98-88.fra50.r.cloudfront.net

Software

TXS /

Resource Hash

4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 06:20:16 GMT
Via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff, nosniff
Age: 56041
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 14237
X-Xss-Protection: 1; mode=block, 1; mode=block
Server: TXS
ETag: W/"14237-1594834154000"
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=0
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
X-Amz-Cf-Id: LaP8u2zpWawXSEq2bvVTpNxIY_0KAMG0pxvZJ7LpDZVR2Ak5VQeRyA==

GET
H/1.1 200
OK Cookie set quicken_sprite_4_4_18.png
mortgage.quickenloans.com/lending-images/theme/web_2.0/mobile/lp/ 75 KB
76 KB 572ms
220ms Image
image/png 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/theme/web_2.0/mobile/lp/quicken_sprite_4_4_18.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

1f8a0f8934a39dd0cf8070958124385b83e38b2965be076bee6470c0aac88532

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 76537
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:45:04 GMT
X-Frame-Options: SAMEORIGIN
ETag: "3e6d47a13297a309-12af9-5c2ce0c046378"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=39
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H/1.1 200
OK Cookie set hud_logo.gif
mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/ 3 KB
4 KB 589ms
221ms Image
image/gif 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/hud_logo.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

ccff8a3c0e83db7c16b8ae0d36c4b6ee89a8184d890c7ca4667f0895d2e8d941

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 2874
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:44:06 GMT
X-Frame-Options: SAMEORIGIN
ETag: "80751a6806a907d0-b3a-5c2ce0890ff08"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: BIGipServerpl.prod-static-66=!pW+IDYl9SUZgK6FRHhj5eaSY0gTQ+MsYVT9tgYqbyeaP9QSdE6hykHHntmkLJuVm54NpWVuSGJcUJxQ=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H/1.1 200
OK Cookie set misc_thawte.jpg
mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/ 6 KB
7 KB 816ms
399ms Image
image/jpeg 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/misc_thawte.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

23b2e69fb360d73cf3442e3cd7d0e4365340ad08c668c13446123ffea4af0d30

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 6266
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:44:06 GMT
X-Frame-Options: SAMEORIGIN
ETag: "ee28410a69dc4b9e-187a-5c2ce0897adf8"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: BIGipServerpl.prod-static-66=!lvD6fnRCRcUUmRxRHhj5eaSY0gTQ+OgdiXl9ti4V3LDLv4PvrBhs8d2HZ4qJp/iqzyp/QjGX8EGtgAU=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H/1.1 200
OK Cookie set bbb_ReliabilitySeal4.png
mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/ 2 KB
3 KB 638ms
219ms Image
image/png 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/bbb_ReliabilitySeal4.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

d3c9d3b10779283f68949ace9c4ee322bdd4df8fffa8c0addffa625278ed6e46

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 1939
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:44:05 GMT
X-Frame-Options: SAMEORIGIN
ETag: "b072f5958bfe084e-793-5c2ce0886a698"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: BIGipServerpl.prod-static-66=!892JmloqYJWeTzBRHhj5eaSY0gTQ+JL7GtzmwIcIs2R4NreAtR3RC8pYaOVY9GC4eBUcLscxel6Zv60=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H/1.1 200
OK Cookie set mortgageBankersAssoc.jpg
mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/ 1 KB
2 KB 643ms
221ms Image
image/jpeg 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mortgage.quickenloans.com/lending-images/theme/web_2.0/footer/design_element/mortgageBankersAssoc.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

a9a5e400ff30d48c503c19d17c7925e71c3b5b3c51215bd236296abb9f0a6e0d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: mortgage.quickenloans.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Cookie: SERVER_COOKIE=1251abf0.5c80dcb7688c8; sourceid_cookie=302266700-495337900; LMB_VISITOR_ID=3972433051; lmb_repeat_visitor=Y; BIGipServerpl.prod-http-mql=!1a8rQux1KXNhkr1RHhj5eaSY0gTQ+JAzbOG98NRfSrVtYAVmt0m5UgAksnpkxA1qr8f3dm7y63KqtvE=; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CvVersion%7C5.2.0
Connection: keep-alive
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: Keep-Alive
Content-Length: 1029
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:44:07 GMT
X-Frame-Options: SAMEORIGIN
ETag: "f18e1e5e503f1106-405-5c2ce089dad20"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Set-Cookie: BIGipServerpl.prod-static-66=!oCxOdghyRCphPvlRHhj5eaSY0gTQ+F8ZSCT+YvPo+PR9eCPQ4nxOt2bckZLTKPbkmiKhDESK5W32Urc=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Expires: Wed, 25 Aug 2021 21:54:18 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v15/ 19 KB
19 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_ZpC3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://mortgage.quickenloans.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 25 Jul 2021 07:15:47 GMT
x-content-type-options: nosniff
age: 139110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19272
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:11:03 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 25 Jul 2022 07:15:47 GMT

GET
H/1.1 200
OK wsmvc2-global.js Show response
cdn.mortgage.quickenloans.com/lending/jawr/gzip_1670765905/jawr/ 203 KB
58 KB 8ms
7ms Script
text/javascript 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_1670765905/jawr/wsmvc2-global.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa29c47126b8ab5710c68bcba604dd44e3e30f607a4df34ccaa2ff6e4d9cb99b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
Content-Length: 58896
X-XSS-Protection: 1; mode=block
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Jul 2021 21:54:17 GMT
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: public, max-age=309572945, post-check=309572945, pre-check=315360000
ETag: 2740050219
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Expires: Sun, 18 May 2031 22:23:22 GMT

GET
H/1.1 200
OK deviceatlas-global.js Show response
cdn.mortgage.quickenloans.com/lending/jawr/gzip_N2020317185/jawr/ 9 KB
4 KB 7ms
6ms Script
text/javascript 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_N2020317185/jawr/deviceatlas-global.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

426c01c0231812a69abddf7146bf8bd12355ce703f1479a51399622b816e3099

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
Content-Length: 3250
X-XSS-Protection: 1; mode=block
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Jul 2021 21:54:17 GMT
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: public, max-age=314320942, post-check=314320942, pre-check=315360000
ETag: 2740050219
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Expires: Sat, 12 Jul 2031 21:16:39 GMT

GET
H/1.1 200
OK 2791533-1.js Show response
cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/ 42 KB
12 KB 16ms
7ms Script
text/javascript 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28c835ac8401fc518085b784b7e2a70aaeee8e61f86d3bddc585fa1a49537990

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
Content-Length: 11201
X-XSS-Protection: 1; mode=block
Last-Modified: Sun, 06 Nov 2005 12:00:00 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Jul 2021 21:54:17 GMT
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: public, max-age=314760500, post-check=314760500, pre-check=315360000
ETag: 2740050219
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Expires: Thu, 17 Jul 2031 23:22:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 44ms
43ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-813495030

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e6de87492532ff8716c32d18f9e0cf0010817cb621809cfd30bc623c4119ca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38516
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 91 KB
37 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-852807

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99a34ba9afe7b21ac5a3103732d044ad6a6e2610e1a57d571b05aaadd7b05b8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37289
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-865435318

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5014a86aebea5ef6460ea0127b2f3dc0f6a24a55d27ab3fe63403710211e04dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38515
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 44 KB
17 KB 177ms
63ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ce94ce9803227a2a17e4c30b795d7f01f9895375c38a63a0d67bacc5cc9f9df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17231
x-xss-protection: 0
server: cafe
etag: 8883282111868048360
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Jul 2021 21:54:18 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 21ms
18ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-966730890

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

025a8982bc263961fbe7adb7871a714ccb6adbd27ae9be7219605564c5a493f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38515
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 23ms
20ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-755089552

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eef2218be4aa1bc2224cc5dba8c88d747e3aff56b296f5a1a074a2ec95f42776

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38516
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 35ms
32ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-857412364

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d111fba2a225a3d1bb08b7117db52690f0eca663b46113deeae7182ae4f64c85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38515
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 31ms
28ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-700319321

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42c7079d69e15888adb19504ae61710feb46656a18a640cac1b56c837f42a29a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38516
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 36ms
33ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-813531217

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e81963508bf6cf76d5cf158b3312b1800823fad464fbeab252b83b082126f355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38512
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:17 GMT

GET
H/1.1 200
OK dest5.html Show response
quicken.demdex.net/ Frame 91AC 7 KB
3 KB 254ms
63ms Document
text/html 52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://quicken.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: quicken.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mortgage.quickenloans.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=12344700082319070772021669783005969183
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 26 Jul 2021 21:54:18 GMT
DCS: dcs-prod-irl1-1-v012-05b640ae4.edge-irl1.demdex.com 6.3.1.20210623115127
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 2 Jul 2021 08:33:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: K36PxiWxScw=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 id Show response
somni.quickenloans.com/ 48 B
519 B 194ms
60ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://somni.quickenloans.com/id?d_visid_ver=5.2.0&d_fieldgroup=A&mcorgid=5D60123F5245B13E0A490D45%40AdobeOrg&mid=12557285890509403652036436709797822423&ts=1627336457927

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

66ddf1d3123a0e9732319569469133cb85c54f78f48f21eaa189015e8d318901

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-58944c9887-fmr89
vary: Origin
x-c: main-1489.I96e1bb.M0-504
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=12344700082319070772021669783005969183
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YP8vCgAAAGCTBh0T
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YP8vCgAAAGCTBh0T

42 B
964 B

65ms
64ms

Image
image/gif

52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YP8vCgAAAGCTBh0T

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcscanary-prod-irl1-1-v018-0d697b020.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: tBsZijMKTN0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v012-0a68183d3.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: JNpd4F0kTmQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YP8vCgAAAGCTBh0T
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 M Show response
g.3gl.net/jp/3014/v3.2.6/ Frame 8530 31 KB
31 KB 779ms
700ms Script
text/javascript 68.232.35.38
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://g.3gl.net/jp/3014/v3.2.6/M
Requested by: Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 68.232.35.38 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5fcb41e46147fd8f21e5fcacb9b8d61b9aa882992bfd30e54237bf7f27be53f8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
cache-control: public
expires: Mon, 26 Jul 2021 22:54:18 GMT
server: Microsoft-IIS/10.0
timing-allow-origin: *
content-length: 31555
content-type: text/javascript; charset=utf-8

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 22 KB
7 KB 156ms
51ms Script
application/javascript 151.101.13.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 7125a66456daa35dd3e3e8cca4b9523e05caf0b4fa5bd5874676e7c6db40f3aa

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 14 Jul 2021 17:50:00 GMT
server: snooserv
etag: "912f60c72fda50b2f21068c65115175d"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7018

GET
H2 200 RC4a39c618b2b3460f9622428edc956ee7-source.min.js Show response
assets.adobedtm.com/b14636b10888/d7daadd28f79/d88b52794fa2/ 430 B
522 B 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:299::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b14636b10888/d7daadd28f79/d88b52794fa2/RC4a39c618b2b3460f9622428edc956ee7-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 059ecf746d6d4bfb1f13a0c05f25807e59dbffc946474d435b949e31d8f8c484

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 15:16:29 GMT
server: AkamaiNetStorage
etag: "9414aeb8162a48aa47d133ef4c995af4:1626966989.360016"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://mortgage.quickenloans.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 251
expires: Mon, 26 Jul 2021 22:54:18 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 66ms
65ms XHR
application/json 52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5D60123F5245B13E0A490D45%40AdobeOrg&d_nsid=0&d_mid=12557285890509403652036436709797822423&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=MCID%0112557285890509403652036436709797822423&ts=1627336458182

Requested by

Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3683744a5048fed3aa088c19832d9cab2f4885e704c53bc6af8d1656728ad24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v012-0ce83c453.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: pYAocIsLQWk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1252
Expires: Thu, 01 Jan 1970 00:00:00 UTC

OPTIONS
H/1.1 200
OK event
ws.lowermybills.com/ws/logger/ Frame 0
0 847ms
217ms Preflight 44.229.252.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.lowermybills.com/ws/logger/event
Protocol: HTTP/1.1
Server: 44.229.252.126 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-252-126.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,token
Origin: https://mortgage.quickenloans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Vary: Origin,User-Agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: content-type, token
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1800
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

OPTIONS
H/1.1 200
OK event
ws.lowermybills.com/ws/logger/ Frame 0
0 856ms
218ms Preflight 44.229.252.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.lowermybills.com/ws/logger/event
Protocol: HTTP/1.1
Server: 44.229.252.126 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-252-126.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,token
Origin: https://mortgage.quickenloans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Vary: Origin,User-Agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: content-type, token
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1800
Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

POST
H/1.1 200
OK event Show response
ws.lowermybills.com/ws/logger/ 0
522 B 216ms
216ms XHR
text/plain 44.229.252.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.lowermybills.com/ws/logger/event
Requested by: Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.229.252.126 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-252-126.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Token: o3v1yBKp80aVF+lxCR+jmQ1p875uXI6FqBV3G2PLfRA=
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Date: Mon, 26 Jul 2021 21:54:19 GMT
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 0
Vary: Origin,User-Agent

POST
H/1.1 200
OK event Show response
ws.lowermybills.com/ws/logger/ 0
522 B 218ms
218ms XHR
text/plain 44.229.252.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.lowermybills.com/ws/logger/event
Requested by: Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.229.252.126 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-252-126.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Token: o3v1yBKp80aVF+lxCR+jmQ1p875uXI6FqBV3G2PLfRA=
Content-Type: application/json

Response headers

Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Date: Mon, 26 Jul 2021 21:54:19 GMT
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 0
Vary: Origin,User-Agent

GET
H2 200 5fa1b4cbe02a560012bcbdf7 Show response
api.pushnami.com/scripts/v1/pushnami-adv/ 74 KB
15 KB 259ms
100ms Script
application/javascript 13.224.111.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.pushnami.com/scripts/v1/pushnami-adv/5fa1b4cbe02a560012bcbdf7
Requested by: Host: etrack.freeconferencecall.com
URL: http://etrack.freeconferencecall.com/t/gcH1AAcbaB-TwQAEXuBESj2MpaJLnFYLG9aaaaBEVkBQP2TPzaa?r=3_7763~amp;b=ogefccn.ajYpe~256ygb.imx~amp;j=g~amp;v=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.111.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-111-13.mad50.r.cloudfront.net
Software: /
Resource Hash: 5c703133abe334732267e157493ec71e1083228c5981607f5442827b0d627a29

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:52:47 GMT
via: 1.1 06bb36c6f8415e5c64e03df316bffb5b.cloudfront.net (CloudFront)
age: 91
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: no-cache
x-amz-cf-pop: MAD50-C1
content-encoding: gzip
x-amz-cf-id: Ba2InOVzaQtIKV7dXMPHbPx1deyQfdzQuX2DqX0UMrzx7xfSjgxlYQ==

GET
H/1.1 200 31.13.191.142 Show response
www.lowermybills.com/api/location/geo/ip/ 165 B
1 KB 838ms
216ms XHR
application/json 52.40.27.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lowermybills.com/api/location/geo/ip/31.13.191.142

Requested by

Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.40.27.155 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-40-27-155.us-west-2.compute.amazonaws.com

Software

Resource Hash

6aeaeb9bc21274b8d1ca5e7f664bebe59223918dcfc7ec146c75f6e19d632ded

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Content-Disposition: inline;filename=f.txt
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: application/json
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Keep-Alive: timeout=60
Expires: 0

GET
H/1.1

200
OK

ibs:dpid=21&dpuuid=165020903859000603557
dpm.demdex.net/ Frame 91AC
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=12344700082319070772021669783005969183
https://dpm.demdex.net/ibs:dpid=21&dpuuid=165020903859000603557

42 B
958 B

66ms
66ms

Image
image/gif

52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=21&dpuuid=165020903859000603557

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-0ade9229d.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Aw3Y9CwVSeg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dpm.demdex.net/ibs:dpid=21&dpuuid=165020903859000603557
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 268ms
164ms Image
image/gif 151.101.13.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1627336458282&id=t2_1fj2owc9&event=PageVisit&m.itemCount=&m.value=&m.currency=&m.transactionId=&m.customEventName=&uuid=3f6c5aac-2038-489a-ba83-966ecc00e2c2&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_a797b96e
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEKkrzbK2j3LzvDRsuG6vwL8&google_cver=1
dpm.demdex.net/ Frame 91AC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MTIzNDQ3MDAwODIzMTkwNzA3NzIwMjE2Njk3ODMwMDU5NjkxODM=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=MTIzNDQ3MDAwODIzMTkwNzA3NzIwMjE2Njk3ODMwMDU5NjkxODM=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKkrzbK2j3LzvDRsuG6vwL8&google_cver=1?gdpr=0&gdpr_consent=

42 B
958 B

67ms
66ms

Image
image/gif

52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKkrzbK2j3LzvDRsuG6vwL8&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-0fbda37af.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: wbvNa9g8Qe0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEKkrzbK2j3LzvDRsuG6vwL8&google_cver=1?gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.everesttech.net%2F1x1%3F
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.everesttech.net%252F1x1%253F&google_gid=CAESEMWda4zO-c0GLADthEed1n8&google_cver=1
https://pixel.everesttech.net/1x1

128 B
796 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "36b510-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:18 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072980%26val%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072980%2526val%253D__EFGSURFER__.__EFGCK__&google_gid=CAESEM...
https://pixel.everesttech.net/1x1

128 B
691 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "b3b51c-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:18 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK Cookie set qlPixelTrackingForIframe.jsp Show response
mortgage.quickenloans.com/lending/ Frame 18C3 9 KB
5 KB 221ms
221ms Document
text/html 54.68.171.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.68.171.95 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-68-171-95.us-west-2.compute.amazonaws.com

Software

Resource Hash

62e609c5d13eb9a718330f54a646941fd3c09cd0f9596b3debaee95de31d19a0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: mortgage.quickenloans.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: s_ecid=MCMID%7C12557285890509403652036436709797822423; TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; AMCVS_5D60123F5245B13E0A490D45%40AdobeOrg=1; _rdt_uuid=1627336458281.3f6c5aac-2038-489a-ba83-966ecc00e2c2; AMCV_5D60123F5245B13E0A490D45%40AdobeOrg=-1124106680%7CMCIDTS%7C18835%7CMCMID%7C12557285890509403652036436709797822423%7CMCAAMLH-1627941258%7C6%7CMCAAMB-1627941258%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1627343658s%7CNONE%7CMCAID%7CNONE%7CMCCIDH%7C-1118555131%7CMCSYNCSOP%7C411-18842%7CvVersion%7C5.2.0; BIGipServerpl.prod-static-66=!lvD6fnRCRcUUmRxRHhj5eaSY0gTQ+OgdiXl9ti4V3LDLv4PvrBhs8d2HZ4qJp/iqzyp/QjGX8EGtgAU=; daCookie=da_3981287965
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/lending/home-refinance/?providerId=14278391&pkey1=%ppkey1=!;&pkey2=%ppkey2=!;&pkey3=%ppkey3=!;&sourceid=302266700-495337900&UserID=0&%g&dclid=CMb7qtvcgfICFdaYdwodNIEMZA

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Set-Cookie: SERVER_COOKIE=7e6f9a10.5c80dcb8cfaa6; path=/; expires=Wed, 26-Jul-23 21:54:18 GMT JSESSIONID=QGVm03sGhFigRTEmmSvu1PdU.WAPP04.MOON.CDM-MC-04; Path=/lending BIGipServerpl.prod-http-mql=!fTVPD7oRAU9IiLVRHhj5eaSY0gTQ+LfYrbpQDkQ11hHemMD0Gq28mev7K2hQv1Akrkeia1k2NgTYT4c=; path=/; Httponly; Secure TS01b868f7=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; Path=/; Domain=.mortgage.quickenloans.com TS01ec506a=012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215; path=/lending
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Transfer-Encoding: chunked

OPTIONS
H/1.1 200 3981287965
www.lowermybills.com/api/device/deviceatlas/visitorSessions/ Frame 0
0 662ms
212ms Preflight 52.40.27.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lowermybills.com/api/device/deviceatlas/visitorSessions/3981287965

Protocol

HTTP/1.1

Server

52.40.27.155 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-40-27-155.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type
Origin: https://mortgage.quickenloans.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Access-Control-Allow-Methods: PUT
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1800
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 0
Date: Mon, 26 Jul 2021 21:54:19 GMT
Keep-Alive: timeout=60
Connection: keep-alive
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com

PUT
H/1.1 201 3981287965 Show response
www.lowermybills.com/api/device/deviceatlas/visitorSessions/ 2 KB
3 KB 219ms
219ms XHR
application/json 52.40.27.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lowermybills.com/api/device/deviceatlas/visitorSessions/3981287965

Requested by

Host: cdn.mortgage.quickenloans.com
URL: https://cdn.mortgage.quickenloans.com/lending/jawr/gzip_994063464/jawr/2791533-1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.40.27.155 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-40-27-155.us-west-2.compute.amazonaws.com

Software

Resource Hash

5c93972bb9aad77c7a427229282ae7fb9b4b4cf448b6217be796a23cbcf0a8c8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Location: http://all-deviceatlas02.prod.cdm:8080/deviceatlas/visitorSessions/3981287965
X-Frame-Options: DENY
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type: application/json
Access-Control-Allow-Origin: https://mortgage.quickenloans.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com app.optimizely.com analytics.google.com
Keep-Alive: timeout=60
Expires: 0

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fib.adnxs.com%2Fpxj%3Faction%3Dsetuid(%27__EFGSURFER__.__EFGCK__%27)%26bidder%3D51%26seg%3D2634060der%3D51%26seg%3D2634060
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%25...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fib.adnxs.com%252Fpxj%253Faction%253Dsetuid(%2527__EFGSURFER__.__EFGCK__%2527)%2526bidder%253D51%2526seg%253D26...
https://pixel.everesttech.net/1x1

128 B
691 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "b3b51c-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:18 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 s96137883013889 Show response
somni.quickenloans.com/b/ss/quickenglobalprod/10/JS-2.22.0-LBSQ/ 4 KB
5 KB 85ms
85ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://somni.quickenloans.com/b/ss/quickenglobalprod/10/JS-2.22.0-LBSQ/s96137883013889?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=26%2F6%2F2021%2023%3A54%3A18%201%20-120&cid.&MCID.&id=12557285890509403652036436709797822423&.MCID&.cid&d.&nsid=0&jsonv=1&.d&mid=12557285890509403652036436709797822423&aamlh=6&ce=UTF-8&ns=quickenloans&pageName=ql%3Almb%3Alending%3Ahome%20refinance%3Ahome%20typecredit%20type&g=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&r=http%3A%2F%2Fetrack.freeconferencecall.com%2F&cc=USD&ch=lmb&events=event10&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v7=monday%7C6%3A30pm&c12=D%3Dv8&v12=First%20Visit&v14=%2Flending%2Fhome-refinance%2F&c17=D%3Dv13&c18=%2Flending%2Fhome-refinance%2F&c19=lmb&v30=ql%3Almb%3Alending%3Ahome%20refinance%3Ahome%20typecredit%20type&c50=Launch%3ALower%20My%20Bills%20-%20Lead%20Forms%20%3A%202021-07-22T15%3A16%3A19Z%20%7C%20AA%3A2.22.0%20%7C%20DD%3Atrue&c51=12557285890509403652036436709797822423&c53=Desktop&c54=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&c55=1627336458586&v89=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5D60123F5245B13E0A490D45%40AdobeOrg&AQE=1

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

f9f6e1846126d537172d0ff02d88fe4bc6d2be2ac5d53e5f43b6479b9de48420

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-aam-tid: xOIJBT6wRDI=
date: Mon, 26 Jul 2021 21:54:18 GMT
x-content-type-options: nosniff
x-c: main-1489.I96e1bb.M0-504
p3p: CP="This is not a P3P policy"
vary: *
content-length: 4267
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v012-0b80c2d87.edge-irl1.demdex.com 6.3.1.20210623115127
pragma: no-cache
last-modified: Tue, 27 Jul 2021 21:54:18 GMT
server: jag
xserver: anedge-58944c9887-s9rpj
etag: 3494678433859108864-4619817389683583673
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 25 Jul 2021 21:54:18 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fexpires%3D30%26nid%3D2181%26put%3D__EFGSURFER__.__EFGCK__%26v%3D11782
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpir...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fpixel.rubiconproject.com%252Ftap.php%253Fexpires%253D30%2526nid%253D2181%2526put%253D__EFGSURFER__.__EFGCK__%2...
https://pixel.everesttech.net/1x1

128 B
691 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "36b51c-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:18 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2

200

/
www.google.de/pagead/1p-user-list/5830051840/ Frame 91AC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/5830051840/?value=0&guid=ON&script=0&data=aam=21408935
https://www.google.com/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122
https://www.google.de/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122&ipr=y

42 B
108 B

16ms
16ms

Image
image/gif

2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/5830051840/?value=0&guid=ON&script=0&data=aam=21408935&is_vtc=1&random=275939122&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a-06d7.min.js Show response
b-code.liadm.com/ Frame 18C3 25 KB
10 KB 33ms
11ms Script
application/javascript 2a02:26f0:6c00::210:bac1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-06d7.min.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:bac1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b7d9a28286c2e41978dd916c71ef160e15e95a4ffe50df36906c3243a5b674b5

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
last-modified: Thu, 13 May 2021 17:24:59 GMT
etag: "d077f07537e921966aeab48be40cda21"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3506
accept-ranges: bytes
content-length: 9833

GET
H/1.1 200
OK cdn-monitoring-pixel.gif
pixmon.lowermybills.com/pixmon/ Frame 18C3 43 B
499 B 841ms
214ms Image
image/gif 44.229.173.61
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixmon.lowermybills.com/pixmon/cdn-monitoring-pixel.gif?vertical=&testId=&presentationId=&pageId=&sourceId=&vvId=&sId=
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.229.173.61 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-229-173-61.us-west-2.compute.amazonaws.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Last-Modified: Fri, 09 Sep 2016 23:54:48 GMT
Server: Apache
ETag: "82508fa45fa63c48-2b-53c1bdf148200"
Content-Type: image/gif
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40
Content-Length: 43
Expires: Wed, 25 Aug 2021 21:54:19 GMT

GET
H/1.1 200
OK deviceAtlasLmb.min.js Show response
cdn.mortgage.quickenloans.com/lending-images/presentations/common/navapi/ Frame 18C3 8 KB
4 KB 512ms
510ms Script
text/javascript 2a02:26f0:6c00::210:bad2
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mortgage.quickenloans.com/lending-images/presentations/common/navapi/deviceAtlasLmb.min.js

Requested by

Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:bad2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .lowermybills.com .quickenloans.com app.optimizely.com analytics.google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
P3P: CP="NON DSP COR LAW CONi TELi OUR SAM IND CNT"
Connection: keep-alive
Content-Length: 2867
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 21 May 2021 02:42:28 GMT
X-Frame-Options: SAMEORIGIN
Date: Mon, 26 Jul 2021 21:54:19 GMT
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
ETag: "fed6c65f5b084671-20fc-5c2ce02c32fd8"
Content-Security-Policy: frame-ancestors 'self' *.lowermybills.com *.quickenloans.com app.optimizely.com analytics.google.com
Accept-Ranges: bytes
Expires: Mon, 26 Jul 2021 21:54:19 GMT

GET
H2 200 src Show response
c.pmsrv.co/v2/conversion/ Frame 18C3 3 KB
4 KB 448ms
204ms Script
text/javascript 13.32.199.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pmsrv.co/v2/conversion/src?a=01c6d627-6102-4850-a756-2978545ac884&event=land&dnt=true
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.199.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-199-44.iad66.r.cloudfront.net
Software: / Express
Resource Hash: 3e2939a707a74a9d84c87364660c4e1c107f4b14586cbc69f6eacea6bcc3b4ae

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 c396de17c1b5d58233088e40dd170cf5.cloudfront.net (CloudFront)
etag: W/"d6b-sia6N7ids5ScRDuTaHkjdTsJcfc"
x-amzn-remapped-content-length: 3435
x-amzn-remapped-date: Mon, 26 Jul 2021 21:54:19 GMT
x-amz-cf-pop: IAD66-C1
x-powered-by: Express
x-cache: Miss from cloudfront
x-amz-apigw-id: DGRJxETtyK4FcVQ=
content-length: 3435
pragma: no-cache
x-amzn-requestid: b7fba883-c417-416d-9152-0fa14efd647f
x-amzn-trace-id: Root=1-60ff2f0b-48011ba827ce8ad464b317b5;Sampled=0
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
x-amz-cf-id: tNX3tEsTzDDIkJ59ZDPspyFQ18p7gLS8bvJJ_QEmxiHCkHjaKOwuKw==
x-amzn-remapped-connection: close
expires: -1

GET
H2 200 quickenloans_lander.js Show response
cdn1.lockerdomecdn.com/tracking/ Frame 18C3 737 B
607 B 87ms
26ms Script
application/javascript 151.139.241.28
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn1.lockerdomecdn.com/tracking/quickenloans_lander.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.241.28 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 83c43bd904966541549600341d72de1ad6e24f4ef8d99f386901242e9b25b5f9

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
last-modified: Mon, 29 Mar 2021 18:57:30 GMT
server: nginx
etag: W/"a28f0deba4086540f82dc5d6b5e47753"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
accept-ranges: bytes
content-length: 406

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ Frame 18C3 1 KB
2 KB 191ms
73ms Script
text/javascript 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/event/js?mt_id=1541200&mt_adid=245296&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3810 5cb7d7e master cdg-pixel-x15 /
Resource Hash: 337be70e344919bb267a13ab3a5ca57c77a764f8a72e8c1d39b06911f29576c3

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
Server: MT3 3810 5cb7d7e master cdg-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 1411
Expires: Mon, 26 Jul 2021 21:56:42 GMT

GET
H/1.1 200
OK spp.pl
sp.analytics.yahoo.com/ Frame 18C3 43 B
964 B 207ms
69ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10022426

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:18 GMT
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: ATS
X-Frame-Options: DENY
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Expires: Mon, 26 Jul 2021 21:54:18 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1074476/ Frame 18C3 74 KB
25 KB 159ms
51ms Script
application/javascript 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1074476/tfa.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 92b22a732ce71dcd609af8c421491b01eb6f01ac417dde143e9b161162f5e745

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: .8v7s6GhupL67fJHKuDaPiMqAh2KSotd
content-encoding: gzip
etag: "71736c84c5fa91cd834fc66e2c1b7488"
age: 91
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 24696
x-amz-id-2: OZzOnZMhfodjYl7uRMx+i0xBzR0nOrm53XqafqdZudqE6kJi75TR2hCYDN1haqEU74a8pH8GHp0=
x-served-by: cache-fra19177-FRA
last-modified: Wed, 14 Jul 2021 09:32:00 GMT
server: AmazonS3
x-timer: S1627336459.954155,VS0,VE1
date: Mon, 26 Jul 2021 21:54:18 GMT
vary: Accept-Encoding
x-amz-request-id: 1G2J11EPV29TYZT7
via: 1.1 varnish
cache-control: private,max-age=14401
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
abp: 83
x-cache-hits: 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 18C3 95 KB
24 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24676
x-xss-protection: 0
pragma: public
x-fb-debug: c9qq5OBG0qLD11Th36jszZ/xbEV/5sZV9d07U0kuxbJxEQi/86JNl1RNtSBuoq3bHUJ4j4idxSiK8xFFmugpNg==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Mon, 26 Jul 2021 21:54:18 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ Frame 18C3 1 KB
832 B 128ms
111ms Script
application/javascript 2a02:26f0:6c00:295::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ce23bdc14eb22eecad91cef112ea740ebd6928a8cdef11362d1d5b25320bd5d4

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "d281f5ef4add283680ff41edc6dd28c4"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
x-fallback: 27a4964c-2.16.186.126
accept-ranges: bytes
content-length: 584
access-control-expose-headers: X-CDN

GET
H2 200 analytics Show response
ads.revjet.com/ Frame 18C3 19 KB
8 KB 124ms
41ms Script
application/javascript 95.217.105.253
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.revjet.com/analytics?acu=3394
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 95.217.105.253 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.253.105.217.95.clients.your-server.de
Software: nginx /
Resource Hash: b5f9c75c030a591da3f9e1b0eb653d9a7fef4b784d8e8d190be5d6382de90a37

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
last-modified: Sat, 17 Apr 2021 17:25:46 GMT
server: nginx
etag: W/"607b1a1a-4c10"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=600
expires: Mon, 26 Jul 2021 22:04:18 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%3D%26piggybackCookie%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fv...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fimage2.pubmatic.com%252FAdServer%252FPug%253Fvcode%253Dbz0yJnR5cGU9MSZjb2RlPTI2NjgmdGw9NDMyMDA%253D%2526piggyb...
https://pixel.everesttech.net/1x1

128 B
691 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "b3b51c-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:18 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H3-29 200 1736491679707345 Show response
connect.facebook.net/signals/config/ Frame 18C3 46 KB
12 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1736491679707345?v=2.9.43&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

15b5cf60c9b7daae3d248989c0eab9a461bfa4432f61d6d1687e26cce55bec34

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 12689
x-xss-protection: 0
pragma: public
x-fb-debug: cIQI2cWFsA2ZeyxO7D/HNvoK35ssSBz/0ukqeyE4MZezdNn6XPJOuwC7X8CCYMKC5IEdqxanNQE9LVxrTZYXDA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 26 Jul 2021 21:54:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

p
rp4.liadm.com/ Frame 18C3
Redirect Chain

https://rp.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUkl...
https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUk...

43 B
542 B

415ms
128ms

Image
image/gif

34.238.14.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUklDb21wb25lbnQgKDxhbm9ueW1vdXM-KVxuICAgIGF0IHBlIChodHRwczovL2ItY29kZS5saWFkbS5jb20vYS0wNmQ3Lm1pbi5qczoxOjgzMzMuLi4ifQ&tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&dtstmp=1627336458860&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.14.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-14-155.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
x-pixel-event-id: e640659c-3846-4a9c-a29c-30d1aafda413
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
x-frame-options: DENY
content-type: image/gif
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: b2eb70aa14527cfb
request-time: 1
content-length: 43
x-content-type-options: nosniff

Redirect headers

date: Mon, 26 Jul 2021 21:54:19 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
x-frame-options: DENY
location: https://rp4.liadm.com/p?ae=eyJtZXNzYWdlIjoiRXJyb3Igd2hpbGUgbWFuYWdpbmcgZGVjaXNpb24gaWRzIiwibmFtZSI6IkRlY2lzaW9uc1Jlc29sdmUiLCJzdGFja1RyYWNlIjoiVVJJRXJyb3I6IFVSSSBtYWxmb3JtZWRcbiAgICBhdCBkZWNvZGVVUklDb21wb25lbnQgKDxhbm9ueW1vdXM-KVxuICAgIGF0IHBlIChodHRwczovL2ItY29kZS5saWFkbS5jb20vYS0wNmQ3Lm1pbi5qczoxOjgzMzMuLi4ifQ&tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&dtstmp=1627336458860&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: ae90ea8066e3a388
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H2 200 /
www.facebook.com/tr/ Frame 18C3 44 B
297 B 19ms
6ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1736491679707345&ev=PageView&dl=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2FqlPixelTrackingForIframe.jsp%3FpageName%3DQL_LRE_LANDING%26highFundingSource%3Dfalse%26matched%3Dfalse%26isLeadScrubHeld%3Dfalse%26premierEligible%3Dfalse%26ssnAgreementFlag%3Dfalse%26pageId%3D5649914&rl=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&if=true&ts=1627336458867&sw=1600&sh=1200&v=2.9.43&r=stable&ec=0&o=28&fbp=fb.1.1627336458865.312827355&it=1627336458839&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 26 Jul 2021 21:54:18 GMT

GET
H/1.1

200
OK

1x1
pixel.everesttech.net/ Frame 91AC
Redirect Chain

https://pixel.everesttech.net/1/gr?url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D71%26external_user_id%3D__EFGSURFER__.__EFGCK__
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_cm&google_sc&ev_rs=1&google_hm=WVA4dkNnQUFBR0NUQmgwVA&url=/1/gr%3furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id...
https://cm.everesttech.net/cm/ax?cookieid=&ev_rs=1&url=/1/gr%3Furl=https%253A%252F%252Fdsum-sec.casalemedia.com%252Frum%253Fcm_dsp_id%253D71%2526external_user_id%253D__EFGSURFER__.__EFGCK__&google_...
https://pixel.everesttech.net/1x1

128 B
691 B

64ms
64ms

Image
image/png

99.80.199.35
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.everesttech.net/1x1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.199.35 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-199-35.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Last-Modified: Wed, 23 Jun 2021 11:50:42 GMT
Server: Apache
ETag: "36b51d-80-5c56d841aa880"
P3P: CP="NOI DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT", CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache, no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 128

Redirect headers

Location: https://pixel.everesttech.net/1x1
Date: Mon, 26 Jul 2021 21:54:19 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 main.89cd5bf4.js Show response
s.pinimg.com/ct/lib/ Frame 18C3 49 KB
17 KB 114ms
113ms Script
application/javascript 2a02:26f0:6c00:295::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: be30e6d615b0320761fe08aa8c68278aa17dbebec644d5af27089cbb9dc239e4

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
x-cdn: akamai
etag: "6deee3ea7ecc4a5d9687c1bd57018c16"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
x-fallback: 27a49689-2.16.186.126
accept-ranges: bytes
content-length: 17418
access-control-expose-headers: X-CDN

GET
H2 200 pd2259 Show response
pix.revjet.com/track/ Frame 18C3 46 B
214 B 146ms
48ms Script
text/javascript 144.76.98.137
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pix.revjet.com/track/pd2259?__noscript=false&__cbf=revjet.callbacks.cb1627336458961&location=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&referrer=http%3A%2F%2Fetrack.freeconferencecall.com%2F&creditProfile=&firstMortgageBalance=&firstMortgageInterestRate=&hasFHALoan=&homeValue=&loanToValue=&propertyCity=&propertyDescription=&propertyState=&propertyStreetAddress=&propertyZipCode=&rateType=&typeOfLoan=&loanRefiPurpose=
Requested by: Host: ads.revjet.com
URL: https://ads.revjet.com/analytics?acu=3394
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 144.76.98.137 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.137.98.76.144.clients.your-server.de
Software: /
Resource Hash: 98dcaa65b270f4d8230267f126c85302950c9379be4a4802f492b2ed7be1cfa2

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
content-length: 46
content-type: text/javascript

GET
H2

200

j Show response
rp4.liadm.com/ Frame 18C3
Redirect Chain

https://rp.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25p...
https://rp4.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%...

13 B
569 B

416ms
129ms

XHR
application/json

34.238.14.155
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&ext_s_ecid=MCMID%7C12557285890509403652036436709797822423&duid=ddc3c751f117--01fbjczgkbv0dxhcap7z1ae6rr&se=e30&dtstmp=1627336458974&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.238.14.155 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-238-14-155.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
x-pixel-event-id: eff1b944-8f2e-4e1c-9608-5e45bf41b668
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
request-time: 1
vary: Origin
content-length: 13
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: eb425841989792b4

Redirect headers

date: Mon, 26 Jul 2021 21:54:19 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
location: https://rp4.liadm.com/j?tna=v2.0.1&aid=a-06d7&wpn=lc-bundle&pu=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D%21%3B%26pkey2%3D%25ppkey2%3D%21%3B%26pkey3%3D%25ppkey3%3D%21%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&refr=http%3A%2F%2Fetrack.freeconferencecall.com%2F&ext_s_ecid=MCMID%7C12557285890509403652036436709797822423&duid=ddc3c751f117--01fbjczgkbv0dxhcap7z1ae6rr&se=e30&dtstmp=1627336458974&i6=MmEwMTo0Zjg6MTkyOjU0MTQ6OjI%3D&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://mortgage.quickenloans.com
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: ae3988e0bad9a6d0
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 91AC
Redirect Chain

https://cm.everesttech.net/cm/yh
https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=YP8vCgAAAGCTBh0T&sigv=1&esig=1~ade9dca58093c7ad13e784a4e176f7917356224a

0
445 B

20ms
7ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=YP8vCgAAAGCTBh0T&sigv=1&esig=1~ade9dca58093c7ad13e784a4e176f7917356224a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10001117525&eid=YP8vCgAAAGCTBh0T&sigv=1&esig=1~ade9dca58093c7ad13e784a4e176f7917356224a
Date: Mon, 26 Jul 2021 21:54:19 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 / Show response
ct.pinterest.com/user/ Frame 18C3 316 B
683 B 270ms
113ms XHR
application/json 151.101.132.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2620075802369&pd=%7B%22em%22%3A%22e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%22%7D&cb=1627336459071
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.132.84 Madrid, Spain, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d48338735df35a1809a90ce6b18aa24ec4aed6b06ed9632a42ce7fd662910334

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
content-encoding: gzip
referrer-policy: origin
x-cdn: fastly
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mortgage.quickenloans.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
pin-unauth: dWlkPU5qY3paVFprTUdZdE9EaGtOaTAwWWpRM0xXSmtOMlF0WW1ZMU4ySXhaREJtTXpCag
x-pinterest-rid: 3348252813536522
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
content-length: 296
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ Frame 18C3 35 B
96 B 270ms
113ms Image
image/gif 151.101.132.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2620075802369&pd=%7B%22em%22%3A%22e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2FqlPixelTrackingForIframe.jsp%3FpageName%3DQL_LRE_LANDING%26highFundingSource%3Dfalse%26matched%3Dfalse%26isLeadScrubHeld%3Dfalse%26premierEligible%3Dfalse%26ssnAgreementFlag%3Dfalse%26pageId%3D5649914%22%2C%22ref%22%3A%22https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA%22%2C%22if%22%3Atrue%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%2289cd5bf4%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1627336459072
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.132.84 Madrid, Spain, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
x-pinterest-rid: 4223448416238226
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 r.p
r.3gl.net/hawklogserver/ 0
363 B 163ms
52ms Ping
application/octet-stream 136.144.49.174
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://r.3gl.net/hawklogserver/r.p

Requested by

Host: g.3gl.net
URL: https://g.3gl.net/jp/3014/v3.2.6/M

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

136.144.49.174 Amsterdam, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

FRA-PKT-GLI-01

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
x-content-type-options: nosniff
access-control-allow-methods: POST
content-type: application/octet-stream
access-control-allow-origin: https://mortgage.quickenloans.com
x-cp-r: 1
cache-control: no-cache
content-length: 0
x-xss-protection: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVA4dkNnQUFBR0NUQmgwVA==

170 B
188 B

65ms
65ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVA4dkNnQUFBR0NUQmgwVA==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1627336459.224330,VS0,VE0
x-served-by: cache-bma1632-BMA
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WVA4dkNnQUFBR0NUQmgwVA==
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YP8vCgAAAGCTBh0T&expires=90

0
239 B

229ms
57ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YP8vCgAAAGCTBh0T&expires=90
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1627336459.272114,VS0,VE0
x-served-by: cache-bma1632-BMA
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=YP8vCgAAAGCTBh0T&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Cookie set iu3 Show response
s.amazon-adsystem.com/ Frame B0D4
Redirect Chain

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3B...
https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3B...

582 B
1 KB

148ms
148ms

Document
text/html

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

a01c6576423e22c1c99ebc2af8e57556c1eb7b70360145fd9f3428445e2e6379

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Host: s.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mortgage.quickenloans.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A6jMsis9pUvAvZsxUnKRuIQ|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

Server: Server
Date: Mon, 26 Jul 2021 21:54:19 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 582
Connection: keep-alive
x-amz-rid: GWRBTP8QZ02FWD4GBPGF
Set-Cookie: ad-id=A6jMsis9pUvAvZsxUnKRuIQ; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 21:54:19 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Thu, 01-Oct-2026 21:54:19 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Mon, 26 Jul 2021 21:54:19 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 704Y6Y3FKE1QYZJR6JG7
Set-Cookie: ad-id=A6jMsis9pUvAvZsxUnKRuIQ|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Apr-2022 21:54:19 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 scevent.min.js Show response
sc-static.net/ Frame 18C3 15 KB
6 KB 282ms
118ms Script
application/javascript 13.224.111.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.111.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-111-49.mad50.r.cloudfront.net
Software: CloudFront /
Resource Hash: a92b99b413aa8afe65e9a4943c148fdedab142e7b913dafc52a040d850a5b197

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
content-encoding: gzip
server: CloudFront
x-amz-cf-pop: MAD50-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 5873
via: 1.1 02fcbf68a81897cc093ee1510fb7e93e.cloudfront.net (CloudFront)
x-amz-cf-id: yOV6D5VFkroqZDxyLb-Ugj3iyhDLO9tbiYsqv09g7yvXELyIPD7TAQ==

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ Frame 18C3 39 KB
13 KB 59ms
28ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/ld.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
content-encoding: gzip
last-modified: Thu, 17 Jun 2021 10:54:06 GMT
server: nginx
etag: W/"60cb29ce-9d98"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Tue, 27 Jul 2021 21:54:19 GMT

GET
H2

200

src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726...
adservice.google.com/ddm/fls/z/ Frame 18C3
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=5777706;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;or...
https://ad.doubleclick.net/ddm/activity/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_...
https://adservice.google.com/ddm/fls/z/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_c...

42 B
107 B

42ms
42ms

Image
image/gif

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726437649620.67

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=5777706;dc_pre=CPTA3dzcgfICFdVGkQUdmrMPXw;type=invmedia;cat=cored001;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=2726437649620.67
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ Frame 18C3 5 KB
2 KB 158ms
53ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 varnish
last-modified: Mon, 12 Jul 2021 21:25:31 GMT
age: 78431
etag: "65cf0c0ceb852397f0d1e6732cd3c533+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1958
x-timer: S1627336459.471188,VS0,VE0
x-served-by: cache-fra19181-FRA

GET
H/1.1 200
OK iframe Show response
pixel.mathtag.com/sync/ Frame 3EB7 631 B
949 B 143ms
71ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=b45660ff-2f0a-4900-a377-e1846d22111c&no_iframe=1&mt_adid=245296&source=mathtag
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/event/js?mt_id=1541200&mt_adid=245296&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3810 5cb7d7e master cdg-pixel-x15 /
Resource Hash: 304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65

Request headers

Host: pixel.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://mortgage.quickenloans.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid=b45660ff-2f0a-4900-a377-e1846d22111c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

Content-Type: text/html
Content-Length: 631
Server: MT3 3810 5cb7d7e master cdg-pixel-x15
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Mon, 26 Jul 2021 21:56:42 GMT
Date: Mon, 26 Jul 2021 21:54:19 GMT
Connection: keep-alive

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame 18C3 43 B
480 B 72ms
71ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3810 5cb7d7e master cdg-pixel-x24 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: MT3 3810 5cb7d7e master cdg-pixel-x24
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 2021 21:56:42 GMT

POST
H2 204 / Show response
ct.pinterest.com/md/ Frame 18C3 0
198 B 264ms
110ms XHR
text/plain 151.101.132.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/md/
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.89cd5bf4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.132.84 Madrid, Spain, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
referrer-policy: origin
x-cdn: fastly
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 1
x-pinterest-rid: 1494613944602709
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T&C=1

43 B
1001 B

85ms
85ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 2021 21:54:19 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YP8vCgAAAGCTBh0T&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 279
Expires: Mon, 26 Jul 2021 21:54:19 GMT

GET
H2

200

event Show response
widget.us.criteo.com/ Frame 18C3
Redirect Chain

https://sslwidget.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498
https://widget.us.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498

7 KB
4 KB

403ms
142ms

Script
application/x-javascript

74.119.119.150
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.us.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498
Requested by: Host: mortgage.quickenloans.com
URL: https://mortgage.quickenloans.com/lending/qlPixelTrackingForIframe.jsp?pageName=QL_LRE_LANDING&highFundingSource=false&matched=false&isLeadScrubHeld=false&premierEligible=false&ssnAgreementFlag=false&pageId=5649914
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3a9443d86f68168b21a8bd4ce119edb53d06957d2e7b08d2aa9f0177ebaddeb

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:18 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 21396
content-type: application/x-javascript
content-length: 3490
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
location: https://widget.us.criteo.com/event?a=38328&v=5.7.1&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvp%26p%3D1&p2=e%3Ddis&adce=1&tld=quickenloans.com&dtycbr=62498
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2246
timing-allow-origin: *
content-length: 0
expires: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 7EF2 291 B
724 B 47ms
16ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=mortgage.quickenloans.com&origin=onetag

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=mortgage.quickenloans.com&origin=onetag
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mortgage.quickenloans.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1917
set-cookie: uid=05a60864-be7e-4f78-8f1e-e9f0e4d06dd6; expires=Tue, 26 Jul 2022 21:54:19 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Mon, 26 Jul 2021 21:54:18 GMT
content-length: 321

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=YP8vCgAAAGCTBh0T
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYP8vCgAAAGCTBh0T

43 B
1 KB

49ms
48ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYP8vCgAAAGCTBh0T

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:19 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f2f648ed-54a9-417a-9a0a-62a8d1f103d7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:19 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4c19abb2-1ea0-49a8-a2ab-a77c6dd82b15
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYP8vCgAAAGCTBh0T
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ Frame 3EB7 43 B
480 B 69ms
68ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=b45660ff-2f0a-4900-a377-e1846d22111c&no_iframe=1&mt_adid=245296&source=mathtag
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 3810 5cb7d7e master cdg-pixel-x26 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://pixel.mathtag.com/sync/iframe?mt_uuid=b45660ff-2f0a-4900-a377-e1846d22111c&no_iframe=1&mt_adid=245296&source=mathtag
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: MT3 3810 5cb7d7e master cdg-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 2021 21:56:42 GMT

GET
H2 200 adsct
t.co/i/ Frame 18C3 43 B
454 B 268ms
164ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=nzqxe&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&tw_document_href=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2FqlPixelTrackingForIframe.jsp%3FpageName%3DQL_LRE_LANDING%26highFundingSource%3Dfalse%26matched%3Dfalse%26isLeadScrubHeld%3Dfalse%26premierEligible%3Dfalse%26ssnAgreementFlag%3Dfalse%26pageId%3D5649914

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 26 Jul 2021 21:54:19 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 5ef6cda4a497fae5854d35b8248413a81bdc80533e5af2a9389cb40a99d82cb4
x-transaction: cd2cac48903c1cd9
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YP8vCgAAAGCTBh0T
https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YP8vCgAAAGCTBh0T

43 B
180 B

53ms
53ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YP8vCgAAAGCTBh0T
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.211.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 google
server: OXGW/16.211.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537148856&val=YP8vCgAAAGCTBh0T
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 google
server: OXGW/16.211.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 2D55 0
262 B 121ms
58ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=409e6a74-8d7f-465e-87b0-cc6eb99f3a76

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: GET
:authority: tr.snapchat.com
:scheme: https
:path: /cm/i?pid=409e6a74-8d7f-465e-87b0-cc6eb99f3a76
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mortgage.quickenloans.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

server: nginx/1.17.3
date: Mon, 26 Jul 2021 21:54:19 GMT
content-type: text/html
content-length: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 p Show response
tr.snapchat.com/ Frame E59E 0
204 B 117ms
67ms Document
text/html 35.186.226.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.226.184 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

184.226.186.35.bc.googleusercontent.com

Software

nginx/1.17.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

:method: POST
:authority: tr.snapchat.com
:scheme: https
:path: /p
content-length: 733
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://mortgage.quickenloans.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mortgage.quickenloans.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://mortgage.quickenloans.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://mortgage.quickenloans.com/

Response headers

server: nginx/1.17.3
date: Mon, 26 Jul 2021 21:54:19 GMT
content-type: text/html
content-length: 0
access-control-allow-origin: *
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBiQ0AIAgEsIlIkOeAccToFAxvu2HCqUqdKDLIo2pParmHt8fJxsyChCrMa/gD4jM1sDIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YP8vCgAAAGCTBh0T

1 B
548 B

151ms
50ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YP8vCgAAAGCTBh0T
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:18 GMT
cache-control: no-store, no-cache, private
x-lat: amspug003:0:518
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1627336460.677285,VS0,VE0
x-served-by: cache-bma1632-BMA
x-cache: HIT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YP8vCgAAAGCTBh0T
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1&__user_check__=1&sync_id=07bb013c-ee5c-11eb-b091-1d0a0d900206

43 B
548 B

46ms
46ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1&__user_check__=1&sync_id=07bb013c-ee5c-11eb-b091-1d0a0d900206
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 87
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Mon, 26 Jul 2021 21:54:19 GMT
Server: nginx
Location: /partner?adv_id=6409&uid=YP8vCgAAAGCTBh0T&img=1&__user_check__=1&sync_id=07bb013c-ee5c-11eb-b091-1d0a0d900206
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 129
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

b.php
www.facebook.com/fr/ Frame 91AC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
https://www.facebook.com/fr/b.php?p=1531105787105294&e=YP8vCgAAAGCTBh0T&t=2592000&o=0

43 B
70 B

38ms
37ms

Image
image/gif

2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/fr/b.php?p=1531105787105294&e=YP8vCgAAAGCTBh0T&t=2592000&o=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://quicken.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 14:54:19 PDT
content-encoding: br
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: BTihuWbqs5mrn8xOaA9dXxQ9aG0InyA1g75/QMzl0yHWtc4xA6LnfEcXQM59m3M1d/khj1w8VimuHwWH+g50hw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: image/gif
vary: Accept-Encoding
cache-control: public, max-age=0
priority: u=3,i
expires: Mon, 26 Jul 2021 14:54:19 PDT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1627336460.879533,VS0,VE0
x-served-by: cache-bma1632-BMA
x-cache: HIT
location: https://www.facebook.com/fr/b.php?p=1531105787105294&e=YP8vCgAAAGCTBh0T&t=2592000&o=0
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame C32D 5 KB
6 KB 134ms
133ms Document
text/html 52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

d8e486b180a5ebb6ff35fdbfbeed846ab3dc5ae8fd35d2de5e4173c40f240e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Host: s.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=A6jMsis9pUvAvZsxUnKRuIQ; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.amazon-adsystem.com/iu3?d=generic&ex-fargs=%3Fid%3D4358a6c4-5d5a-295d-5da9-f2c4c7c1e8ea%26type%3DUNKNOWN%26m%3D1&ex-fch=416613&ex-src=https://mortgage.quickenloans.com&ex-hargs=v%3D1.0%3Bc%3D3115294160201%3Bp%3D4358A6C4-5D5A-295D-5DA9-F2C4C7C1E8EA&cb=400554746834052500&dcc=t

Response headers

Server: Server
Date: Mon, 26 Jul 2021 21:54:19 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 5180
Connection: keep-alive
x-amz-rid: 9DTPSTKCZSEHA9WP2Y4K
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dxtf-1621550208998%26id%3D%24_BK_UUID
https://s.amazon-adsystem.com/ecm3?ex=xtf-1621550208998&id=BY3A1y9999eAGw2Q

43 B
556 B

523ms
134ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=xtf-1621550208998&id=BY3A1y9999eAGw2Q

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: G97PSGYQAZX72ZX62HXN
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=xtf-1621550208998&id=BY3A1y9999eAGw2Q
Date: Mon, 26 Jul 2021 21:54:20 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 5bfb
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212284268
https://s.amazon-adsystem.com/ecm3?id=165020903859000603557&ex=neustar.biz

43 B
556 B

134ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=165020903859000603557&ex=neustar.biz

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8MDX925QKMKME12WF0HB
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:20 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://s.amazon-adsystem.com/ecm3?id=165020903859000603557&ex=neustar.biz
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8444361013
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8444361013
https://sync.1rx.io/usersync/tradedesk/dfbd9d3f-c4c5-4698-8ce2-eb39d963a824
https://sync.targeting.unrulymedia.com/csync/RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DRX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003%26ex%3Dr...
https://s.amazon-adsystem.com/ecm3?id=RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003&ex=rhythmone.com

43 B
556 B

538ms
134ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003&ex=rhythmone.com

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: DZV7MK4D9ZW99V2E7CA2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?id=RX-f99b40de-e17a-4b88-bdb7-e5376ea65575-003&ex=rhythmone.com
date: Mon, 26 Jul 2021 21:54:20 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXf99b40dee17a4b88bdb7e5376ea65575003
content-type: text/html

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://x.bidswitch.net/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://x.bidswitch.net/ul_cb/sync_a9/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbidswitch.com%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=501a1988cdda0e26949bcee6b36e5fe4

43 B
556 B

661ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=501a1988cdda0e26949bcee6b36e5fe4

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: S77DK8PXGMHAP973030E
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=bidswitch.com&id=501a1988cdda0e26949bcee6b36e5fe4
date: Mon, 26 Jul 2021 21:54:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://tags.bluekai.com/site/36840?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbluekai.com%26id%3D%24_BK_UUID
https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=s2Qxw99999eAGw2Q

43 B
556 B

390ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=s2Qxw99999eAGw2Q

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Q5Q9EYWTMZN2R1RB9XTY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=bluekai.com&id=s2Qxw99999eAGw2Q
Date: Mon, 26 Jul 2021 21:54:20 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 6286
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1
https://pixel.advertising.com/ups/56466/sync?redir=true&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/56466/sync?redir=true&_origin=1&apid=UP0805c68a-ee5c-11eb-b89a-026950392bd0
https://s.amazon-adsystem.com/ecm3?id=0525fc3d0aa240a10976b58172b77c24db7d1243&ex=aoldisplay.com

43 B
556 B

621ms
134ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=0525fc3d0aa240a10976b58172b77c24db7d1243&ex=aoldisplay.com

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 769SZ84TR11K1AHKTD5Q
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 26 Jul 2021 21:54:20 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://s.amazon-adsystem.com/ecm3?id=0525fc3d0aa240a10976b58172b77c24db7d1243&ex=aoldisplay.com
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://t.myvisualiq.net/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://t.myvisualiq.net/ul_cb/sync?prid=AMZNPNR1&ao=0&red=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dvisualiq%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a9924038-0b41-46b0-b40b-620ced6a94bc

43 B
556 B

206ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a9924038-0b41-46b0-b40b-620ced6a94bc

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: W0AVGS6J1R1MHXY841SE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

access-control-allow-origin: *
Date: Mon, 26 Jul 2021 21:54:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0
Location: https://s.amazon-adsystem.com/ecm3?ex=visualiq&id=a9924038-0b41-46b0-b40b-620ced6a94bc

GET
H2 200 sync
amazon.partners.tremorhub.com/ Frame C32D 43 B
183 B 292ms
94ms Image
image/gif 2600:1f18:612b:4264:6067:ea36:4ec5:cf74
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://amazon.partners.tremorhub.com/sync?UIAM&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dtelaria.com%26id%3D%5BPARTNER_ID%5D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:6067:ea36:4ec5:cf74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:20 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 204 cms
cms.analytics.yahoo.com/ Frame C32D 0
0 1492ms
69ms Image
text/html 212.82.100.182
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cms.analytics.yahoo.com/cms?partner_id=AMAZON&ex=gemini
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.82.100.182 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS: spcms.pbp.vip.ir2.yahoo.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 /
spl.zeotap.com/ Frame C32D 731 B
731 B 49ms
28ms Image
text/html 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://spl.zeotap.com/?zdid=1353&env=mWeb&eventType=pageview&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dzeotap%26id%3D%24_ZTP_UUID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:20 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6750ddab3c4e1762-FRA
content-type: text/html
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=2545
https://s.amazon-adsystem.com/ecm3?id=cf1d3b14f12789c64c39565da42583dd&ex=freewheel.tv&gdpr=0&gdpr_consent=

43 B
556 B

952ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=cf1d3b14f12789c64c39565da42583dd&ex=freewheel.tv&gdpr=0&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 3B4BRYKCTW4ZW0APG2P2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=cf1d3b14f12789c64c39565da42583dd&ex=freewheel.tv&gdpr=0&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1627336460871082-567
Expires: Mon, 26 Jul 2021 21:54:21 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://www.imdb.com/ads/idsync?cid=a706a6beb&ex=imdb.com
https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

43 B
556 B

589ms
131ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: Y4K3RK77B5BJ5RHZWPT7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 26 Jul 2021 21:54:20 GMT
via: 1.1 eb28dde7b66308b26496e3a543c93412.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MAD50-C1
content-security-policy-report-only: default-src http://*.amazon.com http://*.media-amazon.com http://*.ssl-images-amazon.com http://*.amazon-adsystem.com; script-src http://*.amazon.com http://*.media-amazon.com http://*.ssl-images-amazon.com http://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src http://*.amazon.com http://*.media-amazon.com http://*.ssl-images-amazon.com http://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=ATVPDKIKX0DER:sid=:rid=3GP6JPK2X6THX8C3P69F:sn=www.imdb.com
x-cache: Miss from cloudfront
vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
content-length: 0
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
server: Server
x-amz-rid: 3GP6JPK2X6THX8C3P69F
strict-transport-security: max-age=47474747; includeSubDomains; preload
location: https://s.amazon-adsystem.com/ecm3?rcode=1&ex=imdb.com
permissions-policy: interest-cohort=()
x-amz-cf-id: 3pK0wQqh66obGLGi5IU21IjRIRnhq1s7g1EpuhmbxA3JpkgeV88nUg==

GET
H/1.1 200
OK pixel.gif
usersync.samplicio.us/amazon/ Frame C32D 0
263 B 761ms
127ms Image
text/plain 107.22.179.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.samplicio.us/amazon/pixel.gif?https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.22.179.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-22-179-180.compute-1.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Server: nginx/1.16.1
Location: https://s.amazon-adsystem.com/ecm3?ex=luc.id&id=
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://ads.samba.tv/cookie_sync?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsamba.tv%26id%3D
https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=de66d91c225bc4e2

43 B
556 B

676ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=de66d91c225bc4e2

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1DRJXXMWA35J69GFWG8H
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=samba.tv&id=de66d91c225bc4e2
date: Mon, 26 Jul 2021 21:54:21 GMT
access-control-allow-origin: *
access-control-allow-headers: Content-Type, Authorization
content-length: 93
access-control-allow-methods: HEAD,OPTIONS,GET
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://dpm.demdex.net/ibs:dpid=139200&dpuuid=Atl4znrQQQiETVonc_B7qA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=66768134765514766602542724573964968363

43 B
556 B

595ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=66768134765514766602542724573964968363

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KK4GDMWQYX1D16CMZ21W
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS: dcs-prod-irl1-1-v012-05b640ae4.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: W0bmuLmiR5c=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=66768134765514766602542724573964968363
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://odr.mookie1.com/t/v2?tagid=V2_393725&AMAZON_REGION_SPECIFIC_ENDPOINT=s.amazon-adsystem.com&src.visitorID=55N-zD5yT9mnc5glGa9y1Q
https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10810679800388815608&gdpr=&gdpr_consent=

43 B
556 B

565ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10810679800388815608&gdpr=&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: D200H5WWX0YVWYJDH16M
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:21 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://s.amazon-adsystem.com/ecm3?ex=mplatform.com&id=10810679800388815608&gdpr=&gdpr_consent=
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET z
px.surveywall-api.survata.com/ Frame C32D 0
0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
https://c1.adform.net/serving/cookie/match?CC=1&party=1153&redirect_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadform.net%26id%3D%24%7BUUID%7D
https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=9064306567311593663

43 B
556 B

835ms
131ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=9064306567311593663

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: N0TJGBMH1P9H3S3SV2TY
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:21 GMT
server: nginx
location: https://s.amazon-adsystem.com/ecm3?ex=adform.net&id=9064306567311593663
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7922&redir=https://s.amazon-adsystem.com/ecm3?ex%3Dspotx.com%26id%3D%24SPOTX_USER_ID
https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=07bb0101-ee5c-11eb-b091-1d0a0d900206

43 B
556 B

759ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=07bb0101-ee5c-11eb-b091-1d0a0d900206

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: FGHFPGJETDJ48C9JTC3Z
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 26 Jul 2021 21:54:21 GMT
Server: nginx
Location: https://s.amazon-adsystem.com/ecm3?ex=spotx.com&id=07bb0101-ee5c-11eb-b091-1d0a0d900206
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 51
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://bs.serving-sys.com/Serving?cn=cs&rtu=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsizmek%26id%3D%5B%25tp_UserID%25%5D
https://lm.serving-sys.com/lm/acs?json={%22GUID%22:%222ed881ca-1758-415c-8d3f-edba7d4c52c7%22,%22Time%22:%2220210726T175421.392495%22}&rtu=https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=[%tp_UserID%]
https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=2ed881ca-1758-415c-8d3f-edba7d4c52c7

43 B
556 B

544ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=2ed881ca-1758-415c-8d3f-edba7d4c52c7

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4TE1Z4RJXWC0WVPHJP6N
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=sizmek&id=2ed881ca-1758-415c-8d3f-edba7d4c52c7
Server: LogModule 0.4
Content-Length: 204
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_cm&ex=doubleclick.net
https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEPnsLGk97_gcgOJxO4Vsano&google_cver=1

43 B
556 B

508ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEPnsLGk97_gcgOJxO4Vsano&google_cver=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: AEF3SXM1DS43XDWW9JDZ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=doubleclick.net&google_gid=CAESEPnsLGk97_gcgOJxO4Vsano&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame C32D
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=amzn
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn

0
338 B

195ms
64ms

Image
text/plain

54.154.117.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.117.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-117-125.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:21 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1627336461
x-served-by: beacon-n015-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=amzn
date: Mon, 26 Jul 2021 21:54:21 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a007-ash-prod.krxd.net

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://sb.scorecardresearch.com/p?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://sb.scorecardresearch.com/p2?c1=9&c2=27552257&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcomscore.com%26id%3D%25AX_UUID%25
https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=c30c02866de47ba076ecc19ebaf5dbe6

43 B
556 B

863ms
135ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=c30c02866de47ba076ecc19ebaf5dbe6

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: MAFM65HKVZXPRRVK71ZH
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 26 Jul 2021 21:54:21 GMT
via: 1.1 8747333bac66b8350649da1b14bbb5e5.cloudfront.net (CloudFront)
x-amz-cf-pop: MAD50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://s.amazon-adsystem.com/ecm3?ex=comscore.com&id=c30c02866de47ba076ecc19ebaf5dbe6
content-length: 108
x-amz-cf-id: f6IG0b-FSinoe5o3OZvgGKRwosot9dxhlnrXUp9fVmHuqXAf6N5M7w==

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=caef8208-12fc-c204-0d60-1f2266bbcf4c

43 B
556 B

259ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=caef8208-12fc-c204-0d60-1f2266bbcf4c

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: TQRT7FTQ1PD933RT1HNC
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Mon, 26 Jul 2021 21:54:20 GMT
content-encoding: gzip
server: OXGW/16.211.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=caef8208-12fc-c204-0d60-1f2266bbcf4c
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184155&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex%26id%3D__UID__
https://s.amazon-adsystem.com/ecm3?ex=index&id=Ka0YOxgIRW5jXQSi2eJSFDc4cI04ZgAC

43 B
556 B

603ms
136ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=index&id=Ka0YOxgIRW5jXQSi2eJSFDc4cI04ZgAC

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 687CP2XPKJ32FZVFT3DA
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://s.amazon-adsystem.com/ecm3?ex=index&id=Ka0YOxgIRW5jXQSi2eJSFDc4cI04ZgAC
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 267
Expires: Mon, 26 Jul 2021 21:54:21 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://uipglob.semasio.net/amazon/1/get?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://uipglob.semasio.net/amazon/1/get2?_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsemasio%26id%3D%24%7BUIPID%28%29%7D
https://s.amazon-adsystem.com/ecm3?ex=semasio&id=DEAFB3A2874F2B41

43 B
556 B

635ms
132ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=semasio&id=DEAFB3A2874F2B41

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GX92XQ3RN27T3KY2F5XJ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:21 GMT
frontend-id: 13
location: https://s.amazon-adsystem.com/ecm3?ex=semasio&id=DEAFB3A2874F2B41
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://s.amazon-adsystem.com/ecm3?id=5094468131023756336&ex=appnexus.com

43 B
556 B

750ms
133ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=5094468131023756336&ex=appnexus.com

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: SX4TNAFV5HEVFP9MA479
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:21 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8d1c9764-d1d4-4ba4-9483-08339d0a086e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.amazon-adsystem.com/ecm3?id=5094468131023756336&ex=appnexus.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://token.rubiconproject.com/token?pid=2179&pt=n
https://s.amazon-adsystem.com/ecm3?id=PoDTl3fanpNIyDvXpk-Azw&ex=rubiconproject.com&status=ok

43 B
556 B

691ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=PoDTl3fanpNIyDvXpk-Azw&ex=rubiconproject.com&status=ok

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: JXD965T09VJ2QD042EV9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?id=PoDTl3fanpNIyDvXpk-Azw&ex=rubiconproject.com&status=ok
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=a9&google_hm=2tHC-tqCRBCYcTExJbvr1Q&
https://s.amazon-adsystem.com/ecm3?ex=googleHMT

43 B
556 B

376ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=googleHMT

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:20 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: T8CGAVGKDR3JCKTMXXA7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:20 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.amazon-adsystem.com/ecm3?ex=googleHMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 244
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://pixel.placed.com/api/v2/sync/custom-pixel?https://s.amazon-adsystem.com/ecm3?ex=placed.com&id=
https://pixel.tapad.com/idsync/ex/receive?partner_id=1682&partner_device_id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451&partner_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dplaced.com%26id...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1682&partner_device_id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451&partner_url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dplaced.co...
https://s.amazon-adsystem.com/ecm3?ex=placed.com&id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451

43 B
556 B

641ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=placed.com&id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4CBXYC4NCKZR3X73QNHN
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=placed.com&id=amazon-f6a7cd57-9c32-455c-959d-298e2ba6a451
date: Mon, 26 Jul 2021 21:54:22 GMT
via: 1.1 google
alt-svc: clear
content-length: 0
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 204 /
loadus.exelator.com/load/ Frame C32D 0
324 B 193ms
63ms Image
text/plain 54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadus.exelator.com/load/?p=204&g=8888&j=0
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-xtf-1621550208998_ns_rx_bsw_bk_aold_n-visualiq_n-telaria_gem_n-zeotap-4_fw_imdb_n-lucid_n-samba.tv_adelphic_adb_mp_sv_af_sx_n-sk_g_kr_n-comscr.com_ox_index_n-semasio-ecm_an_rb_n-g-hmt_n-plced_nsln_nd_n-verizon_n-ispot_pm_tbl&fv=1.0&a=cm&ex-pl-n-g-hmt=2tHC-tqCRBCYcTExJbvr1Q&ep=YbLdW2XCW36s4IBVMG2zwOiZ_zuqoIDOe5eLKTyjEqq4N-spJLBByRNNuclXdp2p_1ZEpcO5yMk7qsJKz73HPUEzHPiXLtLuPUs3innZwjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:22 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://lciapi.ninthdecimal.com/v1/lci/sync/adv-amzn/c-23445/?rdr=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3F%26ex%3Dninthdecimal.com%26id%3D%24%7BND_UID%7D
https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=EDB54F2D0E2FFF600C59F766024CE398

43 B
556 B

809ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=EDB54F2D0E2FFF600C59F766024CE398

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 6SCS2SDHFF5WH9ZM9EVX
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 26 Jul 2021 21:54:22 GMT
Server: openresty/1.15.8.2
P3P: CP="This is not a P3P policy! See http://www.ninthdecimal.com/privacy-policy-terms-of-service for more info."
Location: https://s.amazon-adsystem.com/ecm3?&ex=ninthdecimal.com&id=EDB54F2D0E2FFF600C59F766024CE398
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html
Content-Length: 151
Expires: Mon, 26 Jul 2021 21:54:21 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://ups.analytics.yahoo.com/ups/58297/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58297/sync?_origin=1&redir=true&verify=true
https://s.amazon-adsystem.com/ecm3?ex=verizonums&id=y-iXJgTAd1l2O20QjRlKAsTo42_Bv437k-

43 B
556 B

629ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=verizonums&id=y-iXJgTAd1l2O20QjRlKAsTo42_Bv437k-

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:22 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 4GX5TG045TPZEZAQ10KQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 26 Jul 2021 21:54:22 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://s.amazon-adsystem.com/ecm3?ex=verizonums&id=y-iXJgTAd1l2O20QjRlKAsTo42_Bv437k-
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://pi.ispot.tv/v2/TC-3673-1.gif?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dispot.tv%26id%3D%7BISID%7D
https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=cae62083e3e9b3258df994bed7532b4a448b81c2df63d72f206875e83c45323f

43 B
556 B

768ms
131ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=cae62083e3e9b3258df994bed7532b4a448b81c2df63d72f206875e83c45323f

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: NGY2CW7P106QC6XE2BMV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:22 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=ispot.tv&id=cae62083e3e9b3258df994bed7532b4a448b81c2df63d72f206875e83c45323f
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 0
retry-after: 0
expires: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3D%23PM_USER_ID&rdf=1
https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=E1399A85-84D2-403B-8839-68DD7AB7B5FB

43 B
556 B

800ms
131ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=E1399A85-84D2-403B-8839-68DD7AB7B5FB

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 5F9MXCBT96AB0MYVJE5R
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=pubmatic.com&id=E1399A85-84D2-403B-8839-68DD7AB7B5FB
date: Mon, 26 Jul 2021 21:54:22 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C32D
Redirect Chain

https://sync.taboola.com/sg/amazon-a9-network/1/rtb
https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=62ee7f58-9358-4b3d-8d38-a6497f2bbc18-tuct7f8b48e

43 B
556 B

745ms
130ms

Image
image/gif

52.46.133.124
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=62ee7f58-9358-4b3d-8d38-a6497f2bbc18-tuct7f8b48e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.133.124 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 2ZRKY2V6R3RMVW5SZ0AN
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=taboola.com&id=62ee7f58-9358-4b3d-8d38-a6497f2bbc18-tuct7f8b48e
tbl-x-upstream: 10.41.10.104:10213
date: Mon, 26 Jul 2021 21:54:22 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 24862

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-3849768-74&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e81ff0c3f4c8b27289d6ef48a4158d9e6e57fe1f1379835476529d92e5c5982e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40060
x-xss-protection: 0
last-modified: Mon, 26 Jul 2021 21:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Jul 2021 21:54:20 GMT

POST da
navapi-lb.lowermybills.com/ Frame 18C3 0
0

GET
H2 200 adsct Show response
analytics.twitter.com/i/ Frame 18C3 31 B
658 B 266ms
163ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.1&p_id=Twitter&p_user_id=0&txn_id=nzqxe&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2Fhome-refinance%2F%3FproviderId%3D14278391%26pkey1%3D%25ppkey1%3D!%3B%26pkey2%3D%25ppkey2%3D!%3B%26pkey3%3D%25ppkey3%3D!%3B%26sourceid%3D302266700-495337900%26UserID%3D0%26%25g%26dclid%3DCMb7qtvcgfICFdaYdwodNIEMZA&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fmortgage.quickenloans.com%2Flending%2FqlPixelTrackingForIframe.jsp%3FpageName%3DQL_LRE_LANDING%26highFundingSource%3Dfalse%26matched%3Dfalse%26isLeadScrubHeld%3Dfalse%26premierEligible%3Dfalse%26ssnAgreementFlag%3Dfalse%26pageId%3D5649914

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://mortgage.quickenloans.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 26 Jul 2021 21:54:23 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: b2bbbaf4ab1c70625ddc33b0ed3435dfda072db0ab83587adcc28c87d37cda37
x-transaction: 09f37c92d24c6c2c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 7C8A
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5

43 B
345 B

51ms
51ms

Image
image/gif

18.184.223.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.223.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-BKL5dpQgV_uSVwanwq3H-VYgY2B4aKkhNsAVCw&expires=30&user_group=5
date: Mon, 26 Jul 2021 21:54:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame 7C8A 95 B
426 B 55ms
52ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2926&partner_device_id=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:23 GMT
via: 1.1 google
content-type: image/png
alt-svc: clear
content-length: 95
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame 7C8A 0
476 B 483ms
121ms Image
text/plain 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-AL233pQgV_uSVwanwq3H-VYgY2DWvmOV9MDfMQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:23 GMT
Cache-Control: no-cache
X-TraceId: 35511e75b1fc9d5641073b728d732efe
Content-Length: 0

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 7C8A
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU

42 B
958 B

64ms
64ms

Image
image/gif

52.214.44.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.214.44.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-44-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-045d9dd59.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: B0ruAe1uTIA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v012-0724e0829.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: PoSj5B9XRIw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=28645&dpuuid=tx8zmW6VuPH76iDXb19ZmGLtM88By4MU
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 m
cm.mgid.com/ Frame 7C8A 43 B
849 B 367ms
57ms Image
image/gif 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617660&c=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:23 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: c9255de1-6ab5-492e-ad3a-740cbc1cfcc4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: max-age=0, no-store, no-cache, must-revalidate
access-control-allow-credentials: true
cf-ray: 6750ddc32975dac0-ARN
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
server: cloudflare

GET
H2 204 sync2.204
profile.ssp.rambler.ru/ Frame 7C8A 0
169 B 147ms
47ms Image
text/plain 91.192.149.30
BEGUN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://profile.ssp.rambler.ru/sync2.204?pid=186&anket_id=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

91.192.149.30 , Russian Federation, ASN42481 (BEGUN-AS, RU),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=0
x-passed: 1bal2
server: nginx
date: Mon, 26 Jul 2021 21:54:23 GMT
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 7C8A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay11LU5yTXBRZ1ZfdVNWd2Fud3EzSC1WWWdZMkNKQUlmUWxuc3FTQQ
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc=&google_ula=913071&google_hm=ay11LU5yTXBRZ1ZfdVNWd2Fud3EzSC1WWWdZMkNKQUlmUWxuc3FTQQ&google_tc=
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
344 B

183ms
61ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:23 GMT
server: Microsoft-IIS/10.0
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 488
timing-allow-origin: *
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:23 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 t.gif
cw.addthis.com/ Frame 7C8A 0
425 B 594ms
226ms Image
text/plain 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 26 Jul 2021 21:54:24 GMT

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 7C8A 0
292 B 9ms
7ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:23 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK spp.pl
sp.analytics.yahoo.com/ Frame 7C8A 43 B
964 B 71ms
69ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=10028862&js=no

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:23 GMT
X-Content-Type-Options: nosniff
Age: 0
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Server: ATS
X-Frame-Options: DENY
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
Content-Type: image/gif
Cache-Control: no-cache, private, must-revalidate
Accept-Ranges: bytes
Expires: Mon, 26 Jul 2021 21:54:23 GMT

GET
H/1.1 204
No Content sync
ups.analytics.yahoo.com/ups/58301/ Frame 7C8A 0
747 B 1178ms
55ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-CsBU6JQgV_uSVwanwq3H-VYgY2C_ZNZ3JpP5YA

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:24 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204
No Content

/
partner.mediawallahscript.com/ Frame 7C8A
Redirect Chain

https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom=&tag_format=img&tag_action=sync&custom=&cb=90f60ab9-f00b-434e-8a71-8d2b3d7...
https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=90f60ab9-f00b-434...

0
638 B

69ms
69ms

Image
text/plain

52.209.68.132
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.mediawallahscript.com/?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=90f60ab9-f00b-434e-8a71-8d2b3d7ddec5&final=true&reqid=0a16a430-ee5c-11eb-9207-f76dd474af4d&timestamp=2021-07-26T21%3A54%3A23.859Z
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.68.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 26 Jul 2021 21:54:23 GMT
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Server: nginx/1.18.0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Mon, 26 Jul 2021 21:54:23 GMT
Server: nginx/1.18.0
Vary: Accept, Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: /?account_id=1043&partner_id=1048&uid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA&custom%5B0%5D=&custom%5B1%5D=&tag_format=img&tag_action=sync&cb=90f60ab9-f00b-434e-8a71-8d2b3d7ddec5&final=true&reqid=0a16a430-ee5c-11eb-9207-f76dd474af4d&timestamp=2021-07-26T21%3A54%3A23.859Z
Cache-Control: private, no-cache, must-revalidate, no-store, max-age=0
Connection: keep-alive
Content-Type: text/plain; charset=utf-8
Content-Length: 294
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK Criteo
crb.kargo.com/api/v1/dsync/ Frame 7C8A 43 B
360 B 1218ms
52ms Image
image/gif 3.127.62.220
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/Criteo?exid=k-u-NrMpQgV_uSVwanwq3H-VYgY2CJAIfQlnsqSA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.62.220 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:24 GMT
Vary: Origin
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Krk-Reject-Reason: consent
Content-Length: 43
X-Accel-Expires: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK idsync
tg.socdm.com/aux/ Frame 7C8A 43 B
722 B 1488ms
653ms Image
image/gif 124.146.215.52
INFOSPHERE NTT PC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tg.socdm.com/aux/idsync?proto=criteo&dsp_uid=k-p0EvvZQgV_uSVwanwq3H-VYgY2ArDilOB53hbA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 124.146.215.52 Minato-ku, Japan, ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-SO-Cluster-ID: 8
Date: Mon, 26 Jul 2021 21:54:25 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?dsp_uid=k-p0EvvZQgV_uSVwanwq3H-VYgY2ArDilOB53hbA&proto=criteo","cluster_id":8,"gdpr":true,"ipv4":"0.0.0.0","key":"YP8vEMCo8XoAADEgGAkAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad9"}
X-SO-Ads-Time: 210
X-SO-Key: YP8vEMCo8XoAADEgGAkAAAAA
Server: nginx
X-SO-Upstream-ID: m-ad9
P3P: CP="See also http://www.scaleout.jp/privacy/"
Cache-Control: private
X-SO-HostName: m-ad9.dc4p.scaleout.jp
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-SO-LB-Hostname: m-tgng22.dc4p.scaleout.jp
X-SO-IP: 31.13.191.142

GET
H/1.1 200
OK sync
adgen.socdm.com/rtb/ Frame 7C8A 43 B
692 B 1824ms
269ms Image
image/gif 202.241.208.2
IDCF IDC Frontier...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adgen.socdm.com/rtb/sync?proto=adgen&dspid=23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 202.241.208.2 , Japan, ASN4694 (IDCF IDC Frontier Inc., JP),
Reverse DNS
Software: nginx /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-SO-Cluster-ID: 14
Date: Mon, 26 Jul 2021 21:54:25 GMT
X-SO-LB-Data: {"ban":false,"clean_query":"\/rtb\/sync?dspid=23&proto=adgen","cluster_id":14,"gdpr":true,"ipv4":"0.0.0.0","key":"YP8vEcCo5rgAAOGSC5wAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40180"}
X-SO-Ads-Time: 1
X-SO-Key: YP8vEcCo5rgAAOGSC5wAAAAA
Server: nginx
X-SO-Upstream-ID: a-ad40180
P3P: CP="See also http://www.scaleout.jp/privacy/"
Cache-Control: private
X-SO-HostName: a-ad40180.dc2p.scaleout.jp
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-SO-LB-Hostname: a-ng40004.dc2p.scaleout.jp
X-SO-IP: 31.13.191.142

GET
H2 204 /
cs.adingo.jp/sync/ Frame 7C8A 0
44 B 1863ms
280ms Image
text/plain 52.199.44.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.adingo.jp/sync/?from=criteo&id=k-KU_7F5QgV_uSVwanwq3H-VYgY2B_b5o8BuREqQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.199.44.14 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:25 GMT
server: awselb/2.0

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame 7C8A
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw&seg=95287
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw%26seg%3D95287

43 B
1 KB

51ms
51ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw%26seg%3D95287

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:24 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 6c7370b0-a89c-4a56-844f-b0be2ddc285c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:23 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0f455855-9595-417f-91b3-e0834cb92806
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw%26seg%3D95287
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 7C8A
Redirect Chain

https://eb2.3lift.com/xuid?mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

46ms
46ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2711&xuid=k-NaxgEJQgV_uSVwanwq3H-VYgY2DH4yYHt34Tkg&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date: Mon, 26 Jul 2021 21:54:25 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 7C8A 42 B
542 B 423ms
57ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMjMmdGw9MTI5NjAw&piggybackCookie=uid:k-1joBspQgV_uSVwanwq3H-VYgY2CVvmhG-PwYmQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug006:0:589
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 pixelCt.tpmn
ad.tpmn.co.kr/ Frame 7C8A 170 B
601 B 357ms
297ms Image
image/png 34.102.166.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.tpmn.co.kr/pixelCt.tpmn?tpmn_nid=26a681017b4fdc02f3aef3aa921ede3e&tpmn_buid=k-BaCOl5QgV_uSVwanwq3H-VYgY2COKHRjzjTG_g
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.166.132 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:23 GMT
content-encoding: gzip
vary: accept-encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
content-type: image/png;charset=utf-8
alt-svc: clear
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 7C8A 0
239 B 59ms
58ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-vN0p4pQgV_uSVwanwq3H-VYgY2CzSJGgzrxPwQ&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 66ef90d06496cfd000aab8206f2b6221
Content-Type: image/gif

GET
H2 204 pixel
adx.dable.io/ Frame 7C8A 0
128 B 921ms
302ms Image
text/plain 3.35.111.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adx.dable.io/pixel?dsp_id=6&uid=k-pt5GBpQgV_uSVwanwq3H-VYgY2CMpWhQlN-0XA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.35.111.161 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-35-111-161.ap-northeast-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:24 GMT
server: nginx

GET
H2 200 /
sync.ad-stir.com/ Frame 7C8A 35 B
101 B 845ms
279ms Image
image/gif 54.64.168.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.ad-stir.com/?symbol=CRITEO&uid=k-QgPUjJQgV_uSVwanwq3H-VYgY2DKvYXqEmXp3A
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.64.168.5 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:24 GMT
content-length: 35
content-type: image/gif

GET setCookie
sbm.nate.com/ Frame 7C8A 0
0

GET
H2 200 sync
x.bidswitch.net/ Frame 7C8A 43 B
145 B 53ms
53ms Image
image/gif 18.184.223.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-eDe2u5QgV_uSVwanwq3H-VYgY2BMQT2VHljmKw&expires=30&user_group=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.223.197 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/cdb/ Frame 7C8A
Redirect Chain

https://gum.criteo.com/sync?c=383&r=1&a=1&u=https%3A%2F%2Fd.turn.com%2Fr%2Fdd%2Fid%2FL2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI%2Fdpuid%2F%40USERID%40%2Furl%2Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%25...
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODc0NDU2Ni90LzI/dpuid/lFo0rhjTvyfDTVGoSI1HvyDGK6B_jiqz/url/https%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fcdb%2Fcookiematch.aspx%3F%26extid%3D%24!%7BTURN_...
https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2422797914043602119

43 B
345 B

62ms
62ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2422797914043602119
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:23 GMT
server: Microsoft-IIS/10.0
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 4170
timing-allow-origin: *
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://dis.criteo.com/dis/rtb/cdb/cookiematch.aspx?&extid=2422797914043602119
pragma: no-cache
date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 7C8A
Redirect Chain

https://secure.adnxs.com/seg?add=95287&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3832621518879884071

43 B
345 B

62ms
62ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3832621518879884071
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:24 GMT
server: Microsoft-IIS/10.0
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3573
timing-allow-origin: *
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Jul 2021 21:54:24 GMT
X-Proxy-Origin: 31.13.191.142; 31.13.191.142; 623.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b8216ad3-0bf1-4744-901b-9cb0b9d7181a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=3832621518879884071
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 204 t.gif
cw.addthis.com/ Frame 7C8A 0
425 B 222ms
222ms Image
text/plain 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cw.addthis.com/t.gif?pid=113&pdid=k-vN0p4pQgV_uSVwanwq3H-VYgY2CzSJGgzrxPwQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 26 Jul 2021 21:54:24 GMT

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame 7C8A 42 B
231 B 58ms
57ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-1joBspQgV_uSVwanwq3H-VYgY2CVvmhG-PwYmQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 26 Jul 2021 21:54:24 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug013:0:391
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

397596.gif
idsync.rlcdn.com/ Frame 7C8A
Redirect Chain

https://gum.criteo.com/sync?c=6&r=1&a=1&u=https%3A%2F%2Fidsync.rlcdn.com%2F397596.gif%3Fpartner_uid%3D%40USERID%40
https://idsync.rlcdn.com/397596.gif?partner_uid=Bm-8Oag6crV5VQOxX2HdCd6DBo-XUqvD

42 B
417 B

105ms
52ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/397596.gif?partner_uid=Bm-8Oag6crV5VQOxX2HdCd6DBo-XUqvD
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Jul 2021 21:54:25 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/397596.gif?partner_uid=Bm-8Oag6crV5VQOxX2HdCd6DBo-XUqvD
strict-transport-security: max-age=31536000
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 72183
date: Mon, 26 Jul 2021 21:54:24 GMT
content-length: 197
content-type: text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: px.surveywall-api.survata.com
URL: https://px.surveywall-api.survata.com/z?l=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsurvata.com%26id%3D

Domain: navapi-lb.lowermybills.com
URL: https://navapi-lb.lowermybills.com/da

Domain: sbm.nate.com
URL: https://sbm.nate.com/setCookie?venderKey=criteo&userKey=k-qgPws5QgV_uSVwanwq3H-VYgY2CQIassq8xbLg

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-20 00:21:28	Name: dextp Value: 21-1-1627336458216\|771-1-1627336458317\|1083-1-1627336458418\|1085-1-1627336458518
mortgage.quickenloans.com/	1969-12-31 23:59:59	Name: BIGipServerpl.prod-static-66 Value: !lvD6fnRCRcUUmRxRHhj5eaSY0gTQ+OgdiXl9ti4V3LDLv4PvrBhs8d2HZ4qJp/iqzyp/QjGX8EGtgAU=
mortgage.quickenloans.com/	1970-01-19 20:02:18	Name: daCookie Value: da_3981287965
.quickenloans.com/	1969-12-31 23:59:59	Name: AMCVS_5D60123F5245B13E0A490D45%40AdobeOrg Value: 1
.mortgage.quickenloans.com/	1969-12-31 23:59:59	Name: TS01b868f7 Value: 012d8c2fc30905c468e3428517744d6f1999b6bf8b69dbced24a9bf55fc59268ef0bca6cfdb036b2b580f8583288720953aaea4215
.quickenloans.com/	1970-01-20 13:33:28	Name: AMCV_5D60123F5245B13E0A490D45%40AdobeOrg Value: -1124106680%7CMCIDTS%7C18835%7CMCMID%7C12557285890509403652036436709797822423%7CMCAAMLH-1627941258%7C6%7CMCAAMB-1627941258%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1627343658s%7CNONE%7CMCAID%7CNONE%7CMCCIDH%7C-1118555131%7CMCSYNCSOP%7C411-18842%7CvVersion%7C5.2.0
.quickenloans.com/	1970-01-19 22:11:52	Name: _rdt_uuid Value: 1627336458281.3f6c5aac-2038-489a-ba83-966ecc00e2c2
.demdex.net/	1970-01-20 00:21:28	Name: demdex Value: 66768134765514766602542724573964968363
.quickenloans.com/	1970-01-20 13:33:28	Name: s_ecid Value: MCMID%7C12557285890509403652036436709797822423

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js(Line 7) Message: 🚀 _satellite.notify is deprecated. Please use the `_satellite.logger` API.
console-api	warning	URL: https://assets.adobedtm.com/launch-ENac0456a305144bd1997bb2b709c90a1c.min.js(Line 7) Message: 🚀 _satellite.notify is deprecated. Please use the `_satellite.logger` API.
console-api	log	URL: https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_AudienceManagement.min.js(Line 2) Message: visitor.publishDestinations() result: The destination publishing iframe is already attached and loaded.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ad.doubleclick.net
ad.tpmn.co.kr
adgen.socdm.com
ads.revjet.com
ads.samba.tv
ads.stickyadstv.com
ads.yahoo.com
adservice.google.com
adx.dable.io
alb.reddit.com
amazon.partners.tremorhub.com
analytics.twitter.com
api.pushnami.com
assets.adobedtm.com
b-code.liadm.com
beacon.krxd.net
bs.serving-sys.com
c.pmsrv.co
c1.adform.net
cdn.mortgage.quickenloans.com
cdn.taboola.com
cdn1.lockerdomecdn.com
cm.everesttech.net
cm.g.doubleclick.net
cm.mgid.com
cms.analytics.yahoo.com
connect.facebook.net
crb.kargo.com
cs.adingo.jp
ct.pinterest.com
cw.addthis.com
d.turn.com
dis.criteo.com
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
etrack.freeconferencecall.com
fonts.googleapis.com
fonts.gstatic.com
g.3gl.net
googleads.g.doubleclick.net
gum.criteo.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image6.pubmatic.com
lciapi.ninthdecimal.com
lm.serving-sys.com
loadus.exelator.com
match.adsrvr.org
mortgage.quickenloans.com
navapi-lb.lowermybills.com
odr.mookie1.com
partner.mediawallahscript.com
pi.ispot.tv
pix.revjet.com
pixel.advertising.com
pixel.everesttech.net
pixel.mathtag.com
pixel.placed.com
pixel.rubiconproject.com
pixel.tapad.com
pixmon.lowermybills.com
privacy-policy.truste.com
profile.ssp.rambler.ru
px.surveywall-api.survata.com
quicken.demdex.net
r.3gl.net
rp.liadm.com
rp4.liadm.com
s.amazon-adsystem.com
s.pinimg.com
sb.scorecardresearch.com
sbm.nate.com
sc-static.net
secure.adnxs.com
simage2.pubmatic.com
somni.quickenloans.com
sp.analytics.yahoo.com
spl.zeotap.com
sslwidget.criteo.com
ssum-sec.casalemedia.com
static.ads-twitter.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.ad-stir.com
sync.outbrain.com
sync.search.spotxchange.com
sync.taboola.com
sync.targeting.unrulymedia.com
t.co
t.myvisualiq.net
tags.bluekai.com
tg.socdm.com
token.rubiconproject.com
tr.snapchat.com
uipglob.semasio.net
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
usersync.samplicio.us
widget.us.criteo.com
ws.lowermybills.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.imdb.com
www.lowermybills.com
www.redditstatic.com
www.rockomni.com
x.bidswitch.net
navapi-lb.lowermybills.com
px.surveywall-api.survata.com
sbm.nate.com
104.19.133.78
104.244.42.131
104.244.42.197
104.75.88.126
107.22.179.180
124.146.215.52
13.224.111.127
13.224.111.13
13.224.111.44
13.224.111.49
13.224.115.175
13.248.245.213
13.32.199.44
136.144.49.174
141.226.228.48
142.250.185.226
142.250.186.162
143.204.98.88
144.76.98.137
15.236.176.210
151.101.12.157
151.101.13.140
151.101.13.44
151.101.132.84
151.101.14.132
151.101.194.49
151.139.241.28
162.251.181.240
178.250.0.163
178.250.2.151
18.184.223.197
18.197.219.138
185.33.220.145
185.64.189.110
185.64.189.115
185.64.190.80
185.94.180.126
2.18.233.201
2.18.234.21
2.18.234.233
2001:678:cb4:bbbb::13
202.241.208.2
212.82.100.181
212.82.100.182
213.19.147.44
216.58.212.166
23.45.107.170
23.45.99.241
2600:1f18:612b:4264:6067:ea36:4ec5:cf74
2600:1f18:730:b130:4896:6298:98c:bff0
2606:4700:10::6816:1857
2a00:1288:80:800::7001
2a00:1450:4001:800::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2008
2a00:1450:4001:831::2002
2a00:1450:4001:831::200a
2a02:2638::1c
2a02:2638::3
2a02:26f0:6c00:295::1931
2a02:26f0:6c00:299::1e80
2a02:26f0:6c00::210:bac1
2a02:26f0:6c00::210:bad2
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.120.52.200
3.126.56.137
3.127.62.220
3.35.111.161
34.102.166.132
34.231.184.117
34.238.14.155
34.253.145.149
34.98.64.218
34.98.67.61
35.156.106.231
35.186.226.184
35.227.248.159
35.244.174.68
37.157.3.29
44.229.173.61
44.229.252.126
45.79.181.237
52.1.230.29
52.199.44.14
52.209.68.132
52.214.44.171
52.28.248.40
52.40.27.155
52.46.133.124
54.154.117.125
54.64.168.5
54.68.171.95
54.78.254.47
54.90.48.240
68.232.35.38
69.173.144.138
69.173.144.165
70.42.32.191
74.119.119.150
76.223.111.131
77.243.60.138
91.192.149.30
95.217.105.253
99.80.199.35
025a8982bc263961fbe7adb7871a714ccb6adbd27ae9be7219605564c5a493f8
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2
059ecf746d6d4bfb1f13a0c05f25807e59dbffc946474d435b949e31d8f8c484
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cff5de0a6dddcb01b664acb7cce79cd85b5a941e7e8f74423c8024e60704005
0d17b8a38d3dce6f7357bbc8da105d92c21b6cf1c4b92351ce2b1861b065f2c5
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14e004ec8033e60ddcbb7d3ed7a720231321dc30a076698d71d9780faa8dd179
15b5cf60c9b7daae3d248989c0eab9a461bfa4432f61d6d1687e26cce55bec34
1f8a0f8934a39dd0cf8070958124385b83e38b2965be076bee6470c0aac88532
23b2e69fb360d73cf3442e3cd7d0e4365340ad08c668c13446123ffea4af0d30
28c835ac8401fc518085b784b7e2a70aaeee8e61f86d3bddc585fa1a49537990
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
304a0259406001319e10acd097537e33bbc0157670417a48fdd527a889951f65
337be70e344919bb267a13ab3a5ca57c77a764f8a72e8c1d39b06911f29576c3
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3e2939a707a74a9d84c87364660c4e1c107f4b14586cbc69f6eacea6bcc3b4ae
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
426c01c0231812a69abddf7146bf8bd12355ce703f1479a51399622b816e3099
4271182f88bdd24c04c139be25fa435a8ee7d84b36b69f6790a060db5ab1de71
42c7079d69e15888adb19504ae61710feb46656a18a640cac1b56c837f42a29a
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8271a7147141530b4450016f74d728419e6cea808360acdf2c25ce1ab6cf96
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5014a86aebea5ef6460ea0127b2f3dc0f6a24a55d27ab3fe63403710211e04dc
51a81ff5087d8ce810440d4ba5fc26db94dca3b0669746ef14f9e01385a6b995
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
570c606eb36d5cbcfa24c1dae70d5bcddbbc32ea0a79ddae79dcde24b740355c
5c703133abe334732267e157493ec71e1083228c5981607f5442827b0d627a29
5c93972bb9aad77c7a427229282ae7fb9b4b4cf448b6217be796a23cbcf0a8c8
5fcb41e46147fd8f21e5fcacb9b8d61b9aa882992bfd30e54237bf7f27be53f8
62e609c5d13eb9a718330f54a646941fd3c09cd0f9596b3debaee95de31d19a0
66ddf1d3123a0e9732319569469133cb85c54f78f48f21eaa189015e8d318901
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6aeaeb9bc21274b8d1ca5e7f664bebe59223918dcfc7ec146c75f6e19d632ded
70478869f2c090cdc2ec5d6a6f129ad7e234c5eb2778424965cedee78913839a
7125a66456daa35dd3e3e8cca4b9523e05caf0b4fa5bd5874676e7c6db40f3aa
76c79d3af714cd2570cdee0ff55daf2022f51477a4b5a89de470068280f8ddb1
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7e6de87492532ff8716c32d18f9e0cf0010817cb621809cfd30bc623c4119ca8
7f4a787fc9a4b2a5aba8fb8cacef8408bbea999b0352565fda8fac6dc96f36e5
83c43bd904966541549600341d72de1ad6e24f4ef8d99f386901242e9b25b5f9
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
8bda4c30752b1529c25cf00cc9049534a89ad2428ed35c5000038ea81a08be6a
92b22a732ce71dcd609af8c421491b01eb6f01ac417dde143e9b161162f5e745
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89
9881a70e1ba7b9c3409931942e5c9870d9295667ee29e9a84f7437543a94d0d6
98dcaa65b270f4d8230267f126c85302950c9379be4a4802f492b2ed7be1cfa2
99a34ba9afe7b21ac5a3103732d044ad6a6e2610e1a57d571b05aaadd7b05b8a
a01c6576423e22c1c99ebc2af8e57556c1eb7b70360145fd9f3428445e2e6379
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a53ea60fbea6cb1775430998564d5f295aba7d3bfe548a0ba79aa2a049aba839
a92b99b413aa8afe65e9a4943c148fdedab142e7b913dafc52a040d850a5b197
a9a5e400ff30d48c503c19d17c7925e71c3b5b3c51215bd236296abb9f0a6e0d
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5f9c75c030a591da3f9e1b0eb653d9a7fef4b784d8e8d190be5d6382de90a37
b7d9a28286c2e41978dd916c71ef160e15e95a4ffe50df36906c3243a5b674b5
baf437304d79006a4f050b871807483c921e783a2a91808ad4b8f77802cde740
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be30e6d615b0320761fe08aa8c68278aa17dbebec644d5af27089cbb9dc239e4
bf94db5c7d218f9a2a2edfff6c01bf65f5946a32000cd41835fee5b564efa62f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c6b8979ec652d4045389decce5b601bb17780e4f861221d2dd23ca3940e66f92
ccff8a3c0e83db7c16b8ae0d36c4b6ee89a8184d890c7ca4667f0895d2e8d941
cd225dd18a2e6ddee591ba7a6a908362985197096a94c2f3449b047dc1d33c4a
ce23bdc14eb22eecad91cef112ea740ebd6928a8cdef11362d1d5b25320bd5d4
ce94ce9803227a2a17e4c30b795d7f01f9895375c38a63a0d67bacc5cc9f9df9
ce9d768855d46e9f40d463718f85de28869451f6f757e8695887103681b509bb
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d111fba2a225a3d1bb08b7117db52690f0eca663b46113deeae7182ae4f64c85
d3c9d3b10779283f68949ace9c4ee322bdd4df8fffa8c0addffa625278ed6e46
d48338735df35a1809a90ce6b18aa24ec4aed6b06ed9632a42ce7fd662910334
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
d8e486b180a5ebb6ff35fdbfbeed846ab3dc5ae8fd35d2de5e4173c40f240e2d
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3683744a5048fed3aa088c19832d9cab2f4885e704c53bc6af8d1656728ad24
e3a9443d86f68168b21a8bd4ce119edb53d06957d2e7b08d2aa9f0177ebaddeb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5f0058d3d737d25b691728bce12a7d0b77183781c936ca8152e28cacf9e6e3f
e81963508bf6cf76d5cf158b3312b1800823fad464fbeab252b83b082126f355
e81ff0c3f4c8b27289d6ef48a4158d9e6e57fe1f1379835476529d92e5c5982e
eef2218be4aa1bc2224cc5dba8c88d747e3aff56b296f5a1a074a2ec95f42776
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efabba3678b85fcab831b778ea2ddaad1e2a1e952584d3566bc39b7ccb3429d9
f09a1f55680dfd61629bce9cb7c51a4a73b6e81f7af441573b65f2550c27c9b0
f9f6e1846126d537172d0ff02d88fe4bc6d2be2ac5d53e5f43b6479b9de48420
fa29c47126b8ab5710c68bcba604dd44e3e30f607a4df34ccaa2ff6e4d9cb99b

mortgage.quickenloans.com Open in urlscan Pro 54.68.171.95 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

177 Requests

98 %HTTPS

20 %IPv6

85 Domains

115 Subdomains

80 IPs

12 Countries

1041 kBTransfer

2374 kBSize

9 Cookies

12 Outgoing links

Page URL History

Redirected requests

177 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mortgage.quickenloans.com Open in urlscan Pro
54.68.171.95 Public Scan

Screenshot
Live screenshot

Full Image

177
Requests

98 %
HTTPS

20 %
IPv6

85
Domains

115
Subdomains

80
IPs

12
Countries

1041 kB
Transfer

2374 kB
Size

9
Cookies

177 HTTP transactions
0 data transactions