mortgage-x.com Open in urlscan Pro
209.237.151.16 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mortgage-x.com/
Submission Tags: analytics-framework
Submission: On April 24 via api (April 24th 2023, 2:30:56 am UTC) from US — Scanned from DE

Summary HTTP 29 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 15 domains to perform 29 HTTP transactions. The main IP is 209.237.151.16, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is mortgage-x.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 21st 2022. Valid for: a year.

This is the only time mortgage-x.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	209.237.151.16 209.237.151.16	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1 2	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9c	15169 (GOOGLE) (GOOGLE)
2 2	2606:4700:20:... 2606:4700:20::ac43:4549	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9 14	2606:4700:20:... 2606:4700:20::ac43:4acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:20:... 2606:4700:20::681a:b13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	52.12.179.65 52.12.179.65	16509 (AMAZON-02) (AMAZON-02)
2 4	52.212.169.30 52.212.169.30	16509 (AMAZON-02) (AMAZON-02)
2 2	34.238.211.149 34.238.211.149	14618 (AMAZON-AES) (AMAZON-AES)
3 3	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 2	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	18.159.181.112 18.159.181.112	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.56 18.66.122.56	16509 (AMAZON-02) (AMAZON-02)
29	11

12 209.237.151.16 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: wdpfarm002.sites.myregisteredsite.com

mortgage-x.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4549 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.remarketstats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:20::ac43:4acf (United States) 9 redirects

ASN13335 (CLOUDFLARENET, US)

a.clickcertain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:b13 (United States)

ASN13335 (CLOUDFLARENET, US)

loader.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.12.179.65 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-179-65.us-west-2.compute.amazonaws.com

a.usbrowserspeed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.212.169.30 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-169-30.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.238.211.149 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-211-149.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.82 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.181.112 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-181-112.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-56.fra60.r.cloudfront.net

tag.trovo-tag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	clickcertain.com 9 redirects a.clickcertain.com — Cisco Umbrella Rank: 7314	9 KB
12	mortgage-x.com mortgage-x.com	60 KB
4	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 825	814 B
4	doubleclick.net 3 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 166 cm.g.doubleclick.net — Cisco Umbrella Rank: 313	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 189	91 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 427	882 B
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 604	2 KB
2	liadm.com 2 redirects i.liadm.com — Cisco Umbrella Rank: 891	2 KB
2	usbrowserspeed.com 1 redirects a.usbrowserspeed.com — Cisco Umbrella Rank: 39558	390 B
2	tapad.com 2 redirects pixel.tapad.com — Cisco Umbrella Rank: 695	1 KB
2	remarketstats.com 2 redirects a.remarketstats.com — Cisco Umbrella Rank: 44868	979 B
2	google-analytics.com 1 redirects ssl.google-analytics.com — Cisco Umbrella Rank: 453	17 KB
1	trovo-tag.com tag.trovo-tag.com — Cisco Umbrella Rank: 72265	759 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	185 B
1	wisepops.com loader.wisepops.com — Cisco Umbrella Rank: 15682
29	15

	Domain	Requested by
14	a.clickcertain.com	9 redirects mortgage-x.com a.remarketstats.com a.clickcertain.com tag.trovo-tag.com
12	mortgage-x.com	mortgage-x.com
4	match.prod.bidr.io	2 redirects a.clickcertain.com tag.trovo-tag.com
3	cm.g.doubleclick.net	3 redirects
3	connect.facebook.net	mortgage-x.com connect.facebook.net
2	x.bidswitch.net	1 redirects a.clickcertain.com
2	secure.adnxs.com	2 redirects
2	i.liadm.com	2 redirects
2	a.usbrowserspeed.com	1 redirects tag.trovo-tag.com
2	pixel.tapad.com	2 redirects
2	a.remarketstats.com	2 redirects
2	ssl.google-analytics.com	1 redirects mortgage-x.com
1	tag.trovo-tag.com	a.clickcertain.com
1	www.facebook.com	mortgage-x.com
1	loader.wisepops.com	mortgage-x.com
1	stats.g.doubleclick.net	mortgage-x.com
29	16

This site contains links to these domains. Also see Links.

Domain
www.totalmortgage.com

Subject Issuer	Validity	Valid
*.sites.myregisteredsite.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-21` - `2023-05-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-28` - `2024-03-27`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-31` - `2023-05-01`	3 months	crt.sh
trovo-tag.com Amazon RSA 2048 M02	`2023-04-08` - `2024-05-07`	a year	crt.sh
a.usbrowserspeed.com Amazon RSA 2048 M01	`2022-12-01` - `2023-12-30`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://mortgage-x.com/
Frame ID: DEE1EC59A922F62B130B7A9312DD12C2
Requests: 20 HTTP requests in this frame

Frame: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Frame ID: 280F8B15D58905F687B946ADF0F0BCDA
Requests: 5 HTTP requests in this frame

Frame: https://tag.trovo-tag.com/193f0456
Frame ID: 4EC12C87F220877D1A97B72C5D547DC5
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mortgage-X ~ Everything There Is To Know About Mortgage Loans

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

29
Requests

31 %
HTTPS

44 %
IPv6

15
Domains

16
Subdomains

11
IPs

4
Countries

175 kB
Transfer

454 kB
Size

23
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.totalmortgage.com/mortgage-rates
Title: Current Mortgage Rates

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1833110413&utmhn=mortgage-x.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Mortgage-X%20~%20Everything%20There%20Is%20To%20Know%20About%20Mortgage%20Loans&utmhid=680369386&utmr=-&utmp=%2F&utmht=1682303452220&utmac=UA-38414029-1&utmcc=__utma%3D60374193.13619839.1682303452.1682303452.1682303452.1%3B%2B__utmz%3D60374193.1682303452.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=58168147&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38414029-1&cid=13619839.1682303452&jid=58168147&_v=5.7.2&z=1833110413

Request Chain 13

https://a.remarketstats.com/px/smart/?c=21f6618eb5339a9 HTTP 302
https://a.clickcertain.com/px/smart/a/?c=21f6618eb5339a9 HTTP 302
https://a.clickcertain.com/px/?c=21f6618eb5339a9

Request Chain 20

https://a.clickcertain.com/px/ta/?ccid=80316dd1-3a26-42da-8db7-6e30bd1de338 HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=80316dd1-3a26-42da-8db7-6e30bd1de338&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=80316dd1-3a26-42da-8db7-6e30bd1de338&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%3d%24%7bTA_DEVICE_ID%7d HTTP 302
https://a.clickcertain.com/px/ta/?done=true&ta_id=d5857ca0-9cc5-47c1-a8d8-153f68d3d72e

Request Chain 21

https://a.usbrowserspeed.com/cs?puid=6ea7ccbd-f9e7-57e7-bb18-45d329e817ad&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256_LOWERCASE%7d HTTP 302
https://a.clickcertain.com/px/t/?done=true&uid=2a9a0333-7578-4a74-aada-06ef8b23cad9&hem=

Request Chain 22

https://match.prod.bidr.io/cookie-sync/fivebyfive HTTP 303
https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

Request Chain 23

https://a.clickcertain.com/px/r/?ccid=80316dd1-3a26-42da-8db7-6e30bd1de338 HTTP 302
https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=80316dd1-3a26-42da-8db7-6e30bd1de338&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253d80316dd1%25252d3a26%25252d42da%25252d8db7%25252d6e30bd1de338%252526anx_uId%25253d%252524UID HTTP 303
https://i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253d80316dd1%25252d3a26%25252d42da%25252d8db7%25252d6e30bd1de338%252526anx_uId%25253d%252524UID&bidder_id=200441&bidder_uuid=80316dd1-3a26-42da-8db7-6e30bd1de338&_li_chk=true&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&previous_uuid=303f0a9e374c491782dfdd0ff8b533b2 HTTP 303
https://a.clickcertain.com/px/li/?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%25252f%25252fsecure%25252eadnxs%25252ecom%25252fgetuidu%25253fhttps%25253a%25252f%25252fa%25252eclickcertain%25252ecom%25252fpx%25252fimg%25252fbidswitch%25252f%25253fdone%25253dtrue%252526ccid%25253d80316dd1%25252d3a26%25252d42da%25252d8db7%25252d6e30bd1de338%252526anx_uId%25253d%252524UID&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2f%3fdone%3dtrue%26ccid%3d80316dd1%2d3a26%2d42da%2d8db7%2d6e30bd1de338%26anx_uId%3d%24UID HTTP 302
https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3D80316dd1%2D3a26%2D42da%2D8db7%2D6e30bd1de338%26anx_uId%3D%24UID&google_gid=CAESENqw5UdgZ2lu05PKQZ_Nd1I&google_cver=1 HTTP 302
https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&anx_uId=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3D80316dd1-3a26-42da-8db7-6e30bd1de338%26anx_uId%3D%24UID HTTP 302
https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&anx_uId=7032891392905261347 HTTP 302
https://x.bidswitch.net/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0

Request Chain 25

https://a.remarketstats.com/px/smart/?c=24d1add2443e239&type=img&partner_id=193f0456&partner_rid=08c2f0d2-e248-11ed-8384-1fc4a34e4c16 HTTP 302
https://a.clickcertain.com/px/smart/a/?c=24d1add2443e239&type=img&partner_id=193f0456&partner_rid=08c2f0d2-e248-11ed-8384-1fc4a34e4c16 HTTP 302
https://a.clickcertain.com/px/img/?c=24d1add2443e239 HTTP 302
https://a.clickcertain.com/px/img/g/?start_cm=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&google_tc= HTTP 302
https://a.clickcertain.com/px/img/g/?google_gid=CAESENqw5UdgZ2lu05PKQZ_Nd1I&google_cver=1

Request Chain 27

https://match.prod.bidr.io/cookie-sync/fivebyfive HTTP 303
https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mortgage-x.com/ 23 KB
8 KB 636ms
217ms Document
text/html 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET ARR/3.0
Resource Hash: ead8524c7dbe9d8fcc0dd72476682e7b57d3dc1522a5b7f3ff180cc256911536

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 7663
Content-Type: text/html
Date: Mon, 24 Apr 2023 02:30:51 GMT
ETag: "2c299a47fe12d41:0"
Last-Modified: Tue, 03 Jul 2018 18:47:23 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Powered-By: ASP.NET ARR/3.0

GET
H/1.1 200
OK griffon_mortgage.GIF
mortgage-x.com/images/gif/ 8 KB
8 KB 341ms
118ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/griffon_mortgage.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 402bb3c4d8c12d954755f2063bcaf6697b643e5bff2defca57c34a7cb00b66d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:01 GMT
Server: Microsoft-IIS/10.0
ETag: "f2e355868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 7901

GET
H/1.1 200
OK mortgage_x.GIF
mortgage-x.com/images/gif/ 19 KB
19 KB 593ms
361ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/mortgage_x.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 379cc27a244c2994f15d94bb35317f0a2f2cc8c9e8ac6a64c0042712100dc86a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:02 GMT
Server: Microsoft-IIS/10.0
ETag: "1a4a9f868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 18972

GET
H/1.1 200
OK mortgage_griffon.GIF
mortgage-x.com/images/gif/ 8 KB
8 KB 356ms
144ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/mortgage_griffon.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: e3cee760f44d5340a7fb511aafc48c47427bc95529f01749a49257fe608e0d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:02 GMT
Server: Microsoft-IIS/10.0
ETag: "7e8483868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 7816

GET
H/1.1 200
OK b.gif
mortgage-x.com/images/icons/ 852 B
1 KB 355ms
142ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/icons/b.gif
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 67531177d23c319168e47578a5cea3e43c8f9e0a9b561ed6490823a68f08b20d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:05 GMT
Server: Microsoft-IIS/10.0
ETag: "f22ea9888cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 852

GET
H/1.1 200
OK u.GIF
mortgage-x.com/images/icons/ 841 B
1 KB 429ms
119ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/icons/u.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: c7189ad19b7edac49c33338465ded4fdf319067cebfd65f0287eab2c5d1c4d94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:05 GMT
Server: Microsoft-IIS/10.0
ETag: "a4d7a3888cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 841

GET
H/1.1 200
OK d.GIF
mortgage-x.com/images/icons/ 831 B
1 KB 431ms
118ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/icons/d.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 908fe1b2f0ed7b76a05341ba6a6018015517acce2a6a35b2830b16bae346782c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:04 GMT
Server: Microsoft-IIS/10.0
ETag: "a8d42a888cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 831

GET
H/1.1 200
OK rrr.gif
mortgage-x.com/service/3/i/ 3 KB
3 KB 297ms
121ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/service/3/i/rrr.gif
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 616ea88470d4a8c0f3323492158beb22793fd22c4e11ef1a54b07102c0961729

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:30:08 GMT
Server: Microsoft-IIS/10.0
ETag: "8c2417ae8cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 3277

GET
H/1.1 200
OK g.GIF
mortgage-x.com/images/gif/ 1 KB
1 KB 294ms
118ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/g.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 54febd07d8924b8042a036f2a4c30b31f871cd17220bc59579cb9d1db4d78826

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:01 GMT
Server: Microsoft-IIS/10.0
ETag: "e8a444868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1261

GET
H/1.1 200
OK h.GIF
mortgage-x.com/images/gif/ 1 KB
1 KB 186ms
120ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/h.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: 4e2706ca519e68fc5ec6331ebf92af54f9c1223d34247e9f73e3f67f8a163fbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:51 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:01 GMT
Server: Microsoft-IIS/10.0
ETag: "209157868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1035

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: mortgage-x.com
URL: https://mortgage-x.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 24 Apr 2023 02:12:35 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1097
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Mon, 24 Apr 2023 04:12:35 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1833110413&utmhn=mortgage-x.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmd...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38414029-1&cid=13619839.1682303452&jid=58168147&_v=5.7.2&z=1833110413

35 B
337 B

58ms
19ms

Image
image/gif

2a00:1450:400c:c04::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38414029-1&cid=13619839.1682303452&jid=58168147&_v=5.7.2&z=1833110413

Requested by

Host: mortgage-x.com
URL: https://mortgage-x.com/

Protocol

Server

2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 24 Apr 2023 02:30:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 24 Apr 2023 02:30:52 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38414029-1&cid=13619839.1682303452&jid=58168147&_v=5.7.2&z=1833110413
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 367
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sphinx_mortgage.GIF
mortgage-x.com/images/gif/ 4 KB
4 KB 119ms
119ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/sphinx_mortgage.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: d14f311cb4d01eed71d2e6dcfda9a5026dd87726e676206d4c5bd6dd7a66f395

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:02 GMT
Server: Microsoft-IIS/10.0
ETag: "3c1fd0868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 4028

GET
H/1.1 200
OK mortgage_sphinx.GIF
mortgage-x.com/images/gif/ 4 KB
4 KB 117ms
117ms Image
image/gif 209.237.151.16
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mortgage-x.com/images/gif/mortgage_sphinx.GIF
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.237.151.16 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: wdpfarm002.sites.myregisteredsite.com
Software: Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash: c3b880cc95cdf14358f26a884f87ad59f22bc7f3a362a9b546bfe32e94fe8ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:52 GMT
Last-Modified: Thu, 27 Apr 2017 19:29:02 GMT
Server: Microsoft-IIS/10.0
ETag: "44968d868cbfd21:0"
X-Powered-By: ASP.NET, ARR/3.0
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 3938

GET
H2

200

/ Show response
a.clickcertain.com/px/
Redirect Chain

https://a.remarketstats.com/px/smart/?c=21f6618eb5339a9
https://a.clickcertain.com/px/smart/a/?c=21f6618eb5339a9
https://a.clickcertain.com/px/?c=21f6618eb5339a9

4 KB
2 KB

135ms
135ms

Script
text/javascript

2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clickcertain.com/px/?c=21f6618eb5339a9
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: H2
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49c61c82bc22e4075cb28dda237a8f921b2fd038e3f69732b2760fa6440e797c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:52 GMT
content-encoding: br
x-frontend: cc-nginx-7cb8d6d795-br8cv:cc-nginx-7cb8d6d795-br8cv
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: 2cdb1f16-c5c8-48a1-ae4c-8bd8229a6b7c
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Q78gpol9u0lo6yDkpFWczBFWPIpcfHPVeNMGfo5dMsDnqEMqVbZnBiq2UGhPDt7qMk8olE6O4kNRFJFLG4R1FrStz%2B6KPMfoMcKjmHW3oCD42n%2Bz%2BgwDaCmcfBS76vDHvNZasM34XumZvwVhUn6yg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cf-ray: 7bcaed428f0703e0-FRA

Redirect headers

date: Mon, 24 Apr 2023 02:30:52 GMT
x-frontend: cc-nginx-7cb8d6d795-xzg78:cc-nginx-7cb8d6d795-xzg78
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: c3bf613b-ce7a-4ff1-a5ef-b6a008e0e85b
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUgwmBMNsU6JAbJ7PvPsM9gGpBuSxSfd0n4Izkatab859nXmH8DzeUx1xdHjUJyllesMO%2BOCGsfoofScubieTS3Qy3vxDGx8MDef60fMr%2B4bqDzP0T1ekl3zX0uQTkusYhVVHc42W6vTslHgaPHElQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
location: https://a.clickcertain.com/px/?c=21f6618eb5339a9
cf-ray: 7bcaed41be7903e0-FRA

GET
H2 404 get-loader.js
loader.wisepops.com/ 0
0 180ms
152ms Script
text/javascript 2606:4700:20::681a:b13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://loader.wisepops.com/get-loader.js?v=1&site=4ZJYResTcc
Requested by: Host: mortgage-x.com
URL: https://mortgage-x.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:52 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zcq%2Btn0zBvaHJswmMkZA3Y3fIG2FaEBnunJw2Of6kMiQBG3AIBI1HKK7m4pmce5xTUngObAmWi2ymOK1c0Ynme9V%2BRbgadO12NxkbHctEUNR6pllXyvBiFaCo0L1hQ2BENF6y0EatV8YIrOUllJJlNc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
x-cloud-trace-context: 4cf077ded778b53ef72d2c93cb054a8a
cache-control: private, max-age=1800
cf-ray: 7bcaed43a94a3a54-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 35ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: mortgage-x.com
URL: https://mortgage-x.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Apr 2023 02:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27967
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 3LzYFPHTUAG1VE5WTowRoBxvIfZfOJS54KDnvg+h2scr2qEW4ZW5QEdVnnByJ1yvGkh8wexQT5zI1S4cNjs88w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 460772071018455 Show response
connect.facebook.net/signals/config/ 150 KB
41 KB 74ms
73ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/460772071018455?v=2.9.102&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e1874fc7d4980c8d0b2ff8f56f84070c72014579686b1def5cb51444b033a8f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Apr 2023 02:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: FPnFlouW3F6+N2HXfcKx6tAoSHinQQWGqYhBCBeOlbltV6/97X3kLnTp8z/rPU8aWdSiF6IETkFXQ4lPHbAJbA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 inferredevents.js Show response
connect.facebook.net/signals/plugins/ 72 KB
22 KB 11ms
11ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredevents.js?v=2.9.102

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 24 Apr 2023 02:30:52 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 21972
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: kFAmxrxD2qH99qb9F5A2jEMyhQ+yfZUsKI8qgyjdrKSC7qozEEiWx9IhqC26fpQmF0AOI94soHfvawtJdcL0dQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 36ms
11ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=460772071018455&ev=PageView&dl=https%3A%2F%2Fmortgage-x.com%2F&rl=&if=false&ts=1682303452879&sw=1600&sh=1200&v=2.9.102&r=stable&ec=0&o=28&cs_est=true&fbp=fb.1.1682303452878.2094345659&it=1682303452766&coo=false&rqm=GET

Requested by

Host: mortgage-x.com
URL: https://mortgage-x.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mortgage-x.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 24 Apr 2023 02:30:52 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 / Show response
a.clickcertain.com/px/cont/ Frame 280F 1 KB
1010 B 112ms
111ms Document
text/html 2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Requested by: Host: a.remarketstats.com
URL: https://a.remarketstats.com/px/smart/?c=21f6618eb5339a9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb9929351fab851883220be5903848b66fdc83fe80b3ed32aad6d5b7416b49d1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7bcaed44c8e703e0-FRA
content-encoding: br
content-type: text/html
date: Mon, 24 Apr 2023 02:30:53 GMT
etag: W/"ODAzMTZkZDFnM2EyNmc0MmRhZzhkYjdnNmUzMGJkMWRlMzM4LXow"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GSMihGFzPApF%2F5WAluOkiIu1S8Ld4YFob4%2FanhitGdnH55DpzL90nDYyUJ4hy5E20hsfIuh8oETffHngSchfPqlhnPT%2Frt8lka%2Fl5Y2692rydE3a66LDbdoGB5zMRUdXgppFCYf2QbI%2BCAWNwU2LCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-frontend: cc-nginx-7cb8d6d795-wsf48:cc-nginx-7cb8d6d795-wsf48
x-requestid: 08d40f1d-60aa-4126-bb01-c85188049467

GET
H2

204

/
a.clickcertain.com/px/ta/ Frame 280F
Redirect Chain

https://a.clickcertain.com/px/ta/?ccid=80316dd1-3a26-42da-8db7-6e30bd1de338
https://pixel.tapad.com/idsync/ex/receive?partner_id=3318&partner_device_id=80316dd1-3a26-42da-8db7-6e30bd1de338&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26ta_id%...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3318&partner_device_id=80316dd1-3a26-42da-8db7-6e30bd1de338&partner_url=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fta%2f%3fdone%3dtrue%26...
https://a.clickcertain.com/px/ta/?done=true&ta_id=d5857ca0-9cc5-47c1-a8d8-153f68d3d72e

0
341 B

125ms
125ms

Image
text/plain

2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.clickcertain.com/px/ta/?done=true&ta_id=d5857ca0-9cc5-47c1-a8d8-153f68d3d72e
Requested by: Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Protocol: H2
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.clickcertain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:53 GMT
x-frontend: cc-nginx-7cb8d6d795-795bc:cc-nginx-7cb8d6d795-795bc
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: 5a424032-c480-4955-af69-08516fd02ee0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YwVIwCMsLnCAAf0VMC%2Fme%2BP2HFD2PS7klIAICf89uqc8VIkDNVybG1P%2B%2Ft7zhmU87O3HwLTRk3h4fwEx6ErDPfA6oxf6GcJiMSGqOo6dBY6%2BrsZUWjPER4lAG%2BYrVr%2BLpGZY9X6yAP7g%2BEEgHIbBw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bcaed469b1603e0-FRA

Redirect headers

date: Mon, 24 Apr 2023 02:30:53 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://a.clickcertain.com/px/ta/?done=true&ta_id=d5857ca0-9cc5-47c1-a8d8-153f68d3d72e
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

204

/
a.clickcertain.com/px/t/ Frame 280F
Redirect Chain

https://a.usbrowserspeed.com/cs?puid=6ea7ccbd-f9e7-57e7-bb18-45d329e817ad&pid=lc&r=https%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2ft%2f%3fdone%3dtrue%26uid%3d%24%7bDEVICE_ID%7d%26hem%3d%24%7bHEM_SHA256...
https://a.clickcertain.com/px/t/?done=true&uid=2a9a0333-7578-4a74-aada-06ef8b23cad9&hem=

0
297 B

125ms
125ms

Image
text/plain

2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.clickcertain.com/px/t/?done=true&uid=2a9a0333-7578-4a74-aada-06ef8b23cad9&hem=
Requested by: Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Protocol: H2
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.clickcertain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:53 GMT
x-frontend: cc-nginx-7cb8d6d795-xzg78:cc-nginx-7cb8d6d795-xzg78
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: 6cdf5e5b-19da-4e48-af1d-236fe5e37353
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xl1Xt6roOfRZ6I2%2BXcwzJzNrlppbTWbsUuNTgXLRtbvL30U%2FDndyQY7Bl4cp5Cs0suaoU8uaZLWf9HXQZEnt5Ew0qiHCwAsFlTWjdpjYj%2FZCovE%2BoEjWEMVmIZ7%2BzMwTR5O3VROuhAHBq0Y%2B59gTFA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bcaed493d0303e0-FRA

Redirect headers

location: https://a.clickcertain.com/px/t/?done=true&uid=2a9a0333-7578-4a74-aada-06ef8b23cad9&hem=
date: Mon, 24 Apr 2023 02:30:53 GMT
server: awselb/2.0
content-length: 119
content-type: text/html; charset=utf-8

GET
H/1.1

400
Bad Request

fivebyfive
match.prod.bidr.io/cookie-sync/ Frame 280F
Redirect Chain

https://match.prod.bidr.io/cookie-sync/fivebyfive
https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

27 B
27 B

58ms
32ms

Image
text/plain

52.212.169.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

Requested by

Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE

Protocol

HTTP/1.1

Server

52.212.169.30 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-169-30.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.clickcertain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:53 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 27
content-type: text/plain

Redirect headers

location: https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1
Date: Mon, 24 Apr 2023 02:30:53 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H2

200

sync
x.bidswitch.net/ul_cb/ Frame 280F
Redirect Chain

https://a.clickcertain.com/px/r/?ccid=80316dd1-3a26-42da-8db7-6e30bd1de338
https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=80316dd1-3a26-42da-8db7-6e30bd1de338&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%25...
https://i.liadm.com/s/56408?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25253a%2...
https://a.clickcertain.com/px/li/?redir=https%253a%252f%252fcm%252eg%252edoubleclick%252enet%252fpixel%253fgoogle_nid%253dclickcertain%2526google_cm%253d1%2526google_sc%253d1%2526redir%253dhttps%25...
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fbidswitch%2...
https://a.clickcertain.com/px/img/g/?redir=https%3A%2F%2Fsecure%2Eadnxs%2Ecom%2Fgetuidu%3Fhttps%3A%2F%2Fa%2Eclickcertain%2Ecom%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3D80316dd1%2D3a26%2D42d...
https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&anx_uId=$UID
https://secure.adnxs.com/bounce?%2Fgetuidu%3Fhttps%3A%2F%2Fa.clickcertain.com%2Fpx%2Fimg%2Fbidswitch%2F%3Fdone%3Dtrue%26ccid%3D80316dd1-3a26-42da-8db7-6e30bd1de338%26anx_uId%3D%24UID
https://a.clickcertain.com/px/img/bidswitch/?done=true&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&anx_uId=7032891392905261347
https://x.bidswitch.net/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0
https://x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0

43 B
345 B

10ms
9ms

Image
image/gif

18.159.181.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0
Requested by: Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Protocol: H2
Server: 18.159.181.112 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-181-112.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a.clickcertain.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=179&user_id=80316dd1-3a26-42da-8db7-6e30bd1de338&expires=5&user_group=0
date: Mon, 24 Apr 2023 02:30:54 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 193f0456 Show response
tag.trovo-tag.com/ Frame 4EC1 490 B
759 B 51ms
23ms Document
text/html 18.66.122.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.trovo-tag.com/193f0456
Requested by: Host: a.clickcertain.com
URL: https://a.clickcertain.com/px/cont/?c=21f6618eb5339a9&ccid=80316dd1-3a26-42da-8db7-6e30bd1de338&cn=DE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-56.fra60.r.cloudfront.net
Software: CloudFront /
Resource Hash: af569a23273c19264d01d607df034da17739b52a949823c1fe42edf8cceb4856

Request headers

Referer: https://a.clickcertain.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-length: 490
content-type: text/html
date: Mon, 24 Apr 2023 02:30:53 GMT
server: CloudFront
via: 1.1 4b07e670df891a80bcae1d5be052af3c.cloudfront.net (CloudFront)
x-amz-cf-id: FWvsxUGLPk4sTJpYGe427gDcUT78awj_YxJ70L1KbuhycHC2KfHFig==
x-amz-cf-pop: FRA60-P2
x-cache: LambdaGeneratedResponse from cloudfront

GET
H2

204

/
a.clickcertain.com/px/img/g/ Frame 4EC1
Redirect Chain

https://a.remarketstats.com/px/smart/?c=24d1add2443e239&type=img&partner_id=193f0456&partner_rid=08c2f0d2-e248-11ed-8384-1fc4a34e4c16
https://a.clickcertain.com/px/smart/a/?c=24d1add2443e239&type=img&partner_id=193f0456&partner_rid=08c2f0d2-e248-11ed-8384-1fc4a34e4c16
https://a.clickcertain.com/px/img/?c=24d1add2443e239
https://a.clickcertain.com/px/img/g/?start_cm=1
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_cm=1&google_sc=1&google_tc=
https://a.clickcertain.com/px/img/g/?google_gid=CAESENqw5UdgZ2lu05PKQZ_Nd1I&google_cver=1

0
458 B

418ms
417ms

Image
text/plain

2606:4700:20::ac43:4acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.clickcertain.com/px/img/g/?google_gid=CAESENqw5UdgZ2lu05PKQZ_Nd1I&google_cver=1
Requested by: Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456
Protocol: H2
Server: 2606:4700:20::ac43:4acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tag.trovo-tag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:54 GMT
x-frontend: cc-nginx-7cb8d6d795-kfg2s:cc-nginx-7cb8d6d795-kfg2s
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-requestid: 0f0eb9ea-3112-4b55-96a3-dd50ef4c9a2e
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fBZ0YedUQeg2mX95RlN%2FXiu%2F2juzkFtm1qCkBuSGRlV%2FiRxXcjLvk6r5R6sMxbwssnm5Y%2BWMfOFTDRMShV0E%2BR7o5Ig0%2Bq1ahfJGbqF1tOqI8K1NOw5EANOBhcOmrZX0TsLVmcPv7dnMyyljfHlnA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7bcaed494d1503e0-FRA

Redirect headers

pragma: no-cache
date: Mon, 24 Apr 2023 02:30:53 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://a.clickcertain.com/px/img/g/?google_gid=CAESENqw5UdgZ2lu05PKQZ_Nd1I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 lds
a.usbrowserspeed.com/ Frame 4EC1 0
148 B 510ms
200ms Image
text/plain 52.12.179.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.usbrowserspeed.com/lds?pid=193f0456&rurl=https%3A//a.clickcertain.com/
Requested by: Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.12.179.65 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-12-179-65.us-west-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tag.trovo-tag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 02:30:53 GMT
server: awselb/2.0

GET
H/1.1

400
Bad Request

fivebyfive
match.prod.bidr.io/cookie-sync/ Frame 4EC1
Redirect Chain

https://match.prod.bidr.io/cookie-sync/fivebyfive
https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

27 B
27 B

30ms
30ms

Image
text/plain

52.212.169.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1

Requested by

Host: tag.trovo-tag.com
URL: https://tag.trovo-tag.com/193f0456

Protocol

HTTP/1.1

Server

52.212.169.30 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-169-30.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tag.trovo-tag.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date: Mon, 24 Apr 2023 02:30:53 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 27
content-type: text/plain

Redirect headers

location: https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1
Date: Mon, 24 Apr 2023 02:30:53 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 12:01:35	Name: _li_ss Value: CgA
.mortgage-x.com/	1970-01-20 20:54:23	Name: __utma Value: 60374193.13619839.1682303452.1682303452.1682303452.1
.mortgage-x.com/	1969-12-31 23:59:59	Name: __utmc Value: 60374193
.mortgage-x.com/	1970-01-20 15:41:11	Name: __utmz Value: 60374193.1682303452.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.mortgage-x.com/	1970-01-20 11:18:24	Name: __utmt Value: 1
.mortgage-x.com/	1970-01-20 11:18:25	Name: __utmb Value: 60374193.1.10.1682303452
a.clickcertain.com/	1970-01-20 20:03:59	Name: _ccpx_u Value: 80316dd1%2d3a26%2d42da%2d8db7%2d6e30bd1de338
a.clickcertain.com/	1970-01-20 20:03:59	Name: _ccpx_21f6618eb5339a9 Value: 1
.mortgage-x.com/	1970-01-20 13:27:59	Name: _fbp Value: fb.1.1682303452878.2094345659
.tapad.com/	1970-01-20 12:44:47	Name: TapAd_TS Value: 1682303453185
.tapad.com/	1970-01-20 12:44:47	Name: TapAd_DID Value: d5857ca0-9cc5-47c1-a8d8-153f68d3d72e
.tapad.com/	1970-01-20 12:44:47	Name: TapAd_3WAY_SYNCS Value:
.bidr.io/	1970-01-20 20:46:57	Name: bitoIsSecure Value: ok
.bidr.io/	1970-01-20 20:46:57	Name: bito Value: AABBDE7Ii9QAACFK-sukNA
a.clickcertain.com/	1970-01-20 20:03:59	Name: _ccpx Value: 24d1add2443e239
a.clickcertain.com/	1970-01-20 20:03:59	Name: _ccpx_24d1add2443e239 Value: 1
.liadm.com/	1970-01-20 20:54:23	Name: lidid Value: 303f0a9e-374c-4917-82df-dd0ff8b533b2
.a.usbrowserspeed.com/	1970-01-20 20:03:59	Name: tuid Value: 2a9a0333-7578-4a74-aada-06ef8b23cad9
.doubleclick.net/	1970-01-20 20:39:59	Name: IDE Value: AHWqTUn8i-VzMH2G7XDfQ1N9fDiR9VlUqdmc558I7NcCIDVTOiFOnB2WEKxJ-Omo2Yg
.adnxs.com/	1970-01-20 13:27:59	Name: uuid2 Value: 7032891392905261347
.bidswitch.net/	1970-01-20 20:03:59	Name: tuuid Value: 007629e7-fbd3-4334-839c-e1947b28984b
.bidswitch.net/	1970-01-20 20:03:59	Name: c Value: 1682303454
.bidswitch.net/	1970-01-20 20:03:59	Name: tuuid_lu Value: 1682303454

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://loader.wisepops.com/get-loader.js?v=1&site=4ZJYResTcc Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1 Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://match.prod.bidr.io/cookie-sync/fivebyfive?_bee_ppp=1 Message: Failed to load resource: the server responded with a status of 400 (Bad Request)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.clickcertain.com
a.remarketstats.com
a.usbrowserspeed.com
cm.g.doubleclick.net
connect.facebook.net
i.liadm.com
loader.wisepops.com
match.prod.bidr.io
mortgage-x.com
pixel.tapad.com
secure.adnxs.com
ssl.google-analytics.com
stats.g.doubleclick.net
tag.trovo-tag.com
www.facebook.com
x.bidswitch.net
142.250.185.162
18.159.181.112
18.66.122.56
185.89.210.82
209.237.151.16
2606:4700:20::681a:b13
2606:4700:20::ac43:4549
2606:4700:20::ac43:4acf
2a00:1450:4001:812::2008
2a00:1450:400c:c04::9c
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.111.113.62
34.238.211.149
52.12.179.65
52.212.169.30
091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
379cc27a244c2994f15d94bb35317f0a2f2cc8c9e8ac6a64c0042712100dc86a
3e1874fc7d4980c8d0b2ff8f56f84070c72014579686b1def5cb51444b033a8f
402bb3c4d8c12d954755f2063bcaf6697b643e5bff2defca57c34a7cb00b66d0
49c61c82bc22e4075cb28dda237a8f921b2fd038e3f69732b2760fa6440e797c
4e2706ca519e68fc5ec6331ebf92af54f9c1223d34247e9f73e3f67f8a163fbd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54febd07d8924b8042a036f2a4c30b31f871cd17220bc59579cb9d1db4d78826
5849e07d0d6cbb144829b98da75fda4a8eb3fc2b5749d48cc94bb170db54859a
616ea88470d4a8c0f3323492158beb22793fd22c4e11ef1a54b07102c0961729
67531177d23c319168e47578a5cea3e43c8f9e0a9b561ed6490823a68f08b20d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
908fe1b2f0ed7b76a05341ba6a6018015517acce2a6a35b2830b16bae346782c
af569a23273c19264d01d607df034da17739b52a949823c1fe42edf8cceb4856
b3b8631cb468badc4012a399bf6d49bc2f4fc4f2ccef578a830234eb6b168da1
c3b880cc95cdf14358f26a884f87ad59f22bc7f3a362a9b546bfe32e94fe8ad1
c7189ad19b7edac49c33338465ded4fdf319067cebfd65f0287eab2c5d1c4d94
d14f311cb4d01eed71d2e6dcfda9a5026dd87726e676206d4c5bd6dd7a66f395
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cee760f44d5340a7fb511aafc48c47427bc95529f01749a49257fe608e0d64
ead8524c7dbe9d8fcc0dd72476682e7b57d3dc1522a5b7f3ff180cc256911536
eb9929351fab851883220be5903848b66fdc83fe80b3ed32aad6d5b7416b49d1

mortgage-x.com Open in urlscan Pro 209.237.151.16 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

29 Requests

31 %HTTPS

44 %IPv6

15 Domains

16 Subdomains

11 IPs

4 Countries

175 kBTransfer

454 kBSize

23 Cookies

1 Outgoing links

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

mortgage-x.com Open in urlscan Pro
209.237.151.16 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

31 %
HTTPS

44 %
IPv6

15
Domains

16
Subdomains

11
IPs

4
Countries

175 kB
Transfer

454 kB
Size

23
Cookies

29 HTTP transactions
0 data transactions