www.mrcooper.com Open in urlscan Pro
2606:4700::6810:e855 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.email.nationstarmail.com/?qs=0ad8bcc77cb08b8877640dcd6947c5b767435c4da81f492bb4666c0515697faed50fe593c8e256bbb93f7e3b7053...
Effective URL:
https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&ut...
Submission: On March 04 via manual (March 4th 2024, 3:11:00 pm UTC) from US — Scanned from DE

Summary HTTP 65 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 26 IPs in 4 countries across 21 domains to perform 65 HTTP transactions. The main IP is 2606:4700::6810:e855, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.mrcooper.com. The Cisco Umbrella rank of the primary domain is 109612.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 3rd 2023. Valid for: a year.

This is the only time www.mrcooper.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	128.17.96.3 128.17.96.3	14340 (SALESFORCE) (SALESFORCE)
1 20	2606:4700::68... 2606:4700::6810:e855	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.97.49 18.66.97.49	16509 (AMAZON-02) (AMAZON-02)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
7	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
2	54.231.135.0 54.231.135.0	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.21 13.32.27.21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	18.66.112.19 18.66.112.19	16509 (AMAZON-02) (AMAZON-02)
1	146.75.118.109 146.75.118.109	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.204.19.77 34.204.19.77	14618 (AMAZON-AES) (AMAZON-AES)
1	2400:52e0:1e0... 2400:52e0:1e00::1082:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
1	20.122.63.128 20.122.63.128	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
65	26

1 128.17.96.3 (United States) 1 redirects

ASN14340 (SALESFORCE, US)
PTR: click.email.nationstarmail.com

click.email.nationstarmail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6810:e855 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mrcooper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-49.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.231.135.0 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-21.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-19.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.118.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.204.19.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-204-19-77.compute-1.amazonaws.com

geo.qualaroo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1082:1 (Germany)

ASN200325 (BUNNYCDN, SI)

dntcl.qualaroo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

p.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	mrcooper.com 1 redirects www.mrcooper.com — Cisco Umbrella Rank: 109612	2 MB
10	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29 region1.google-analytics.com — Cisco Umbrella Rank: 2089	22 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 756 c.clarity.ms — Cisco Umbrella Rank: 1360 p.clarity.ms — Cisco Umbrella Rank: 7696	27 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 375 c.bing.com — Cisco Umbrella Rank: 244	16 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6744	669 B
3	google.com www.google.com — Cisco Umbrella Rank: 2	669 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	287 KB
2	qualaroo.com geo.qualaroo.com — Cisco Umbrella Rank: 33475 dntcl.qualaroo.com — Cisco Umbrella Rank: 10925	1 KB
2	amazonaws.com s3.amazonaws.com	51 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	70 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 703 script.hotjar.com — Cisco Umbrella Rank: 882	59 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 228	27 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 242	404 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 622	16 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	185 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 9921	6 KB
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2643	233 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 788	7 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	1 KB
1	nationstarmail.com 1 redirects click.email.nationstarmail.com — Cisco Umbrella Rank: 345375	335 B
65	21

	Domain	Requested by
20	www.mrcooper.com	1 redirects www.mrcooper.com static.cloudflareinsights.com
7	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.google.de	www.mrcooper.com
3	www.google.com	www.mrcooper.com
3	region1.google-analytics.com	www.googletagmanager.com
3	bat.bing.com	www.mrcooper.com bat.bing.com
3	www.googletagmanager.com	www.mrcooper.com www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	stats.g.doubleclick.net	www.google-analytics.com
2	s3.amazonaws.com	www.mrcooper.com
2	connect.facebook.net	www.mrcooper.com connect.facebook.net
2	cdnjs.cloudflare.com	www.mrcooper.com
1	p.clarity.ms	www.clarity.ms
1	bam.nr-data.net	js-agent.newrelic.com
1	c.bing.com	1 redirects
1	js-agent.newrelic.com	www.mrcooper.com
1	dntcl.qualaroo.com	s3.amazonaws.com
1	geo.qualaroo.com	s3.amazonaws.com
1	www.facebook.com	www.mrcooper.com
1	extend.vimeocdn.com	www.googletagmanager.com
1	vc.hotjar.io	script.hotjar.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.mrcooper.com
1	static.cloudflareinsights.com	www.mrcooper.com
1	cdn.jsdelivr.net	www.mrcooper.com
1	click.email.nationstarmail.com	1 redirects
65	28

This site contains links to these domains. Also see Links.

Domain
careers.mrcooper.com
investors.mrcoopergroup.com
www.mrcoopergroup.com
masterservicing.nationstarmtg.com
mrcooper.com
www.facebook.com
twitter.com
www.linkedin.com
www.instagram.com
www.youtube.com
www.nmlsconsumeraccess.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-03` - `2024-05-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M03	`2024-02-07` - `2025-03-08`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-12` - `2024-03-11`	3 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2024-02-08` - `2025-01-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-02-07` - `2025-03-08`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-11-22` - `2024-12-23`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.de GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.qualaroo.com Amazon RSA 2048 M02	`2023-04-02` - `2024-04-29`	a year	crt.sh
dntcl.qualaroo.com R3	`2024-02-22` - `2024-05-22`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-01-15` - `2025-02-15`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Frame ID: 0BF31E3F7D0D77EEFB232C143AB70F3F
Requests: 64 HTTP requests in this frame

Frame: https://dntcl.qualaroo.com/frame.html
Frame ID: E2D28709A985B85FC0F887D8F3AA9004
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Refinancing, Home Loans, & Mortgage Company | Mr. Cooper Home Loans, New Brand Name For Nationstar Mortgagetwitterlinkedininstagramtwitterlinkedininstagram

Page URL History Show full URLs

https://click.email.nationstarmail.com/?qs=0ad8bcc77cb08b8877640dcd6947c5b767435c4da81f492bb4666c0515697faed50fe593... HTTP 302
https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget... Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

65
Requests

97 %
HTTPS

63 %
IPv6

21
Domains

28
Subdomains

26
IPs

4
Countries

2493 kB
Transfer

8680 kB
Size

32
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.mrcooper.com/
Title: Careers

Search URL Search Domain Scan URL

URL: http://investors.mrcoopergroup.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://www.mrcoopergroup.com/press
Title: Press

Search URL Search Domain Scan URL

URL: https://masterservicing.nationstarmtg.com/
Title: Master Servicing

Search URL Search Domain Scan URL

URL: https://mrcooper.com/blog/testimonial/
Title: Customer Testimonials

Search URL Search Domain Scan URL

URL: https://www.facebook.com/mrcooperhomeloans

Search URL Search Domain Scan URL

URL: https://twitter.com/mrcooper
Title: twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/mrcooper
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mrcooperhomeloans
Title: instagram

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC18GKLLpfra7p8eK8EN9RzA

Search URL Search Domain Scan URL

URL: http://www.nmlsconsumeraccess.org/
Title: www.nmlsconsumeraccess.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.email.nationstarmail.com/?qs=0ad8bcc77cb08b8877640dcd6947c5b767435c4da81f492bb4666c0515697faed50fe593c8e256bbb93f7e3b70534d359b402dca2c7038d879027c7430320a67 HTTP 302
https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://www.mrcooper.com/help/fetch_quick_links HTTP 301
https://www.mrcooper.com/help-center/api/fetch_quick_links

Request Chain 51

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&RedC=c.clarity.ms&MXFR=3789E0A5648863652F3EF49D60886D43 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&MUID=3F658AE9642362C612749ED165F163E2

65 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request edfa7f87-322a-4cc0-b101-d0257de633bf Show response
www.mrcooper.com/paperless/enroll/
Redirect Chain

https://click.email.nationstarmail.com/?qs=0ad8bcc77cb08b8877640dcd6947c5b767435c4da81f492bb4666c0515697faed50fe593c8e256bbb93f7e3b70534d359b402dca2c7038d879027c7430320a67
https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

49 KB
16 KB

750ms
719ms

Document
text/html

2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ccc288c47be70317699c5521433e50ecc3888fefc3a00d8345ddc43bf4a8409

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store
cf-cache-status: DYNAMIC
cf-ray: 85f2cbb3a81c9b4b-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 04 Mar 2024 15:10:54 GMT
expires: Sat, 31 Aug 2024 15:10:54 +0000
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 510ad0e7-0d99-4fa0-90f5-d6fb1b6040e8
x-runtime: 0.574036
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: private
Connection: close
Content-Length: 285
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Mar 2024 15:10:53 GMT
Location: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

GET
H2 200 application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
www.mrcooper.com/assets/ 1 MB
206 KB 143ms
142ms Stylesheet
text/css 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9f527d8e4542e83a0dfde40fd223fc4762acaf38e7042a2acb3d7ea4eb95c7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb82a979b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 210402
expires: Mon, 26 Aug 2024 22:25:42 +0000

GET
H2 200 shadydom.min.js Show response
cdnjs.cloudflare.com/ajax/libs/shadydom/1.7.0/ 44 KB
12 KB 34ms
18ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/shadydom/1.7.0/shadydom.min.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfbbd46b7e6278f631dabd89da3b811bda57956ee640f27dfb36bd0aca792179

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 9804279
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 11834
last-modified: Sat, 11 Jul 2020 21:04:39 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f0a2967-aefe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCQVfzcvtUy5hntvqg2sXz3NB%2B907nQyyH%2FFFDOEzcAZkcjYnFnS3b5CNFCM4YMWUy%2F22TYuINhwwNFctk29Cy5z4RMSsnMqm1fz7012Zd2H1EmKgOUXRbqPh29UCIMceG2QCfohRWr0HP%2FuWTdUtZWY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85f2cbb83b4c1cb5-FRA
expires: Sat, 22 Feb 2025 15:10:54 GMT

GET
H2 200 index.js Show response
cdn.jsdelivr.net/npm/object-assign-polyfill@0.1.0/ 1 KB
1 KB 31ms
16ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/object-assign-polyfill@0.1.0/index.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47309252c09e4ca1d797dc8ad1bea7e7d881a47b2b8f40adf63c19cf9cb93559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 17741
x-jsd-version: 0.1.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230125-FRA, cache-lga21966-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"439-llwwTEAQmiYa7WIaB4nrlYjvuug"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbLbeSr5icGDQwwgblY2Kssm5gZthaSViUX1yl%2F47ylSP0gpbcsb5Iwp7R7WOQTOFCWPjlm5LgbjzUyDMD4lMMcXQ1KHRRLA4Uoz3F%2FkpXRlY6Nbv3Q5v3WXNNK7hJDybDB3jSTVmrl1aWTFUJs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 85f2cbb83efb37d4-FRA

GET
H2 200 interact_banner-73224296e9449fd2230b3f90550484591643d7974ae4032ef114e788f3e81056.js Show response
www.mrcooper.com/assets/ 86 KB
25 KB 144ms
144ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/interact_banner-73224296e9449fd2230b3f90550484591643d7974ae4032ef114e788f3e81056.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73224296e9449fd2230b3f90550484591643d7974ae4032ef114e788f3e81056

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb82a989b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 25064
expires: Mon, 26 Aug 2024 20:53:26 +0000

GET
H2 200 jquery.min-a6ed45d15e46615f8c15931ca254e398a912e770b10122a4435529a1a523180d.js Show response
www.mrcooper.com/assets/ 87 KB
30 KB 214ms
213ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/jquery.min-a6ed45d15e46615f8c15931ca254e398a912e770b10122a4435529a1a523180d.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6ed45d15e46615f8c15931ca254e398a912e770b10122a4435529a1a523180d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:29:19 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83a9e9b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 30881
expires: Mon, 26 Aug 2024 20:55:06 +0000

GET
H2 200 DeviceDetector.min-c92d5c98448974e2ba50160478b9247c3900e42ef26d0f663666bf89c09f868c.js Show response
www.mrcooper.com/assets/ 4 KB
2 KB 171ms
170ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/DeviceDetector.min-c92d5c98448974e2ba50160478b9247c3900e42ef26d0f663666bf89c09f868c.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c92d5c98448974e2ba50160478b9247c3900e42ef26d0f663666bf89c09f868c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:29:19 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83a9f9b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1766
expires: Mon, 26 Aug 2024 23:25:40 +0000

GET
H2 200 application-3b886d997eab169dc200840b9707d5ea6fe709e4bf0129e7c2eb61a56b24fd40.js Show response
www.mrcooper.com/assets/ 1 MB
365 KB 143ms
142ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/application-3b886d997eab169dc200840b9707d5ea6fe709e4bf0129e7c2eb61a56b24fd40.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b886d997eab169dc200840b9707d5ea6fe709e4bf0129e7c2eb61a56b24fd40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83aa19b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 373505
expires: Mon, 26 Aug 2024 20:56:20 +0000

GET
H2 200 velocity.min.js Show response
cdnjs.cloudflare.com/ajax/libs/velocity/1.5.2/ 44 KB
15 KB 22ms
17ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/velocity/1.5.2/velocity.min.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d47aa823be8918a035ecad02d2cf4af0bfe2cbc3c00b8dca54bb758510ff3a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 23920
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14390
last-modified: Mon, 04 May 2020 16:17:30 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb0401a-af08"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hMpyOqR1Xih8KvfzbS%2F4rD%2FUm77rEhtHN%2Bl2fmZ98tCgjBtQc1o35lxCkymMbagbY70ZKjJEy8S6MZwRWH4fzA99e9FNUpTTiCpSrvjh%2FuLfIVwhITEUYyD%2FE3PcUQFdF8FT23ehD7A%2BIAmgLRlBKYV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85f2cbb83b4d1cb5-FRA
expires: Sat, 22 Feb 2025 15:10:54 GMT

GET
H2 200 animations-8d571b0b4cb3e6a6fadee84a1a319c35c8197d69abe7f15fef273cd66f2013af.js Show response
www.mrcooper.com/assets/ 5 KB
2 KB 141ms
141ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/animations-8d571b0b4cb3e6a6fadee84a1a319c35c8197d69abe7f15fef273cd66f2013af.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d571b0b4cb3e6a6fadee84a1a319c35c8197d69abe7f15fef273cd66f2013af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83aa29b4b-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1622
expires: Mon, 26 Aug 2024 22:53:38 +0000

GET
H2 200 ic-close-blue-f317a98031701d673d1fb9a012740836ef2795dd9c4161f73fccd74effec6188.svg
www.mrcooper.com/assets/ 662 B
416 B 169ms
168ms Image
image/svg+xml 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mrcooper.com/assets/ic-close-blue-f317a98031701d673d1fb9a012740836ef2795dd9c4161f73fccd74effec6188.svg
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f317a98031701d673d1fb9a012740836ef2795dd9c4161f73fccd74effec6188

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:29:20 GMT
server: cloudflare
vary: Origin
content-type: image/svg+xml
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83aa39b4b-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 20:55:10 +0000

GET
H2 200 icon-failure-round-1b29161ae415fd3f9a93bdaf2d740b758bd2f34f09edd54b6d1eeb3793fc81be.svg
www.mrcooper.com/assets/ 532 B
440 B 137ms
137ms Image
image/svg+xml 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mrcooper.com/assets/icon-failure-round-1b29161ae415fd3f9a93bdaf2d740b758bd2f34f09edd54b6d1eeb3793fc81be.svg
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b29161ae415fd3f9a93bdaf2d740b758bd2f34f09edd54b6d1eeb3793fc81be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:29:20 GMT
server: cloudflare
vary: Origin
content-type: image/svg+xml
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb83aa59b4b-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 20:56:19 +0000

GET
H3 200 vendor-79f2d8b32a58b790869aae0945fde5af979fcd08b7c4a9e8b622cb0bd5455291.js Show response
www.mrcooper.com/assets/ 1 MB
214 KB 145ms
145ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/vendor-79f2d8b32a58b790869aae0945fde5af979fcd08b7c4a9e8b622cb0bd5455291.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79f2d8b32a58b790869aae0945fde5af979fcd08b7c4a9e8b622cb0bd5455291

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:33:20 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb91ecc8ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 219025
expires: Mon, 26 Aug 2024 23:25:41 +0000

GET
H3 200 paperless-enroll-initializer-66f823a4985c692ee1e4e01b190286d4dc0822a2a7b5045dee54b8e10e500a6f.js Show response
www.mrcooper.com/assets/ 309 KB
94 KB 144ms
143ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/paperless-enroll-initializer-66f823a4985c692ee1e4e01b190286d4dc0822a2a7b5045dee54b8e10e500a6f.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66f823a4985c692ee1e4e01b190286d4dc0822a2a7b5045dee54b8e10e500a6f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbb94f0a8ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 96069
expires: Mon, 26 Aug 2024 23:25:41 +0000

GET
H3 200 common-components-initializer-967c53251b716a4ae53f04c79514c69304742ea9fe7fe8ee530192df48b38afc.js Show response
www.mrcooper.com/assets/ 1 MB
386 KB 143ms
142ms Script
application/javascript 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/assets/common-components-initializer-967c53251b716a4ae53f04c79514c69304742ea9fe7fe8ee530192df48b38afc.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967c53251b716a4ae53f04c79514c69304742ea9fe7fe8ee530192df48b38afc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:34:12 GMT
server: cloudflare
vary: Accept-Encoding, Origin
content-type: application/javascript
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbba2fcc8ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 394835
expires: Mon, 26 Aug 2024 22:53:38 +0000

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 81ms
54ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://www.mrcooper.com/
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 85f2cbba49634dc7-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 458 KB
119 KB 86ms
60ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PT5RFM

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

50c341656d49c47fae14035ca1d6215c4b2cc845c04ee1580ff6fd5ccd44e5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 121000
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Mar 2024 15:10:55 GMT

GET
H3 200 paperless_plane_orange_icon-d71eb9bee65bc66901e3726c49ccb8493ae7217a27dc7eeb6aced85011b4c2ed.svg
www.mrcooper.com/assets/ 2 KB
1 KB 139ms
138ms Image
image/svg+xml 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mrcooper.com/assets/paperless_plane_orange_icon-d71eb9bee65bc66901e3726c49ccb8493ae7217a27dc7eeb6aced85011b4c2ed.svg
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d71eb9bee65bc66901e3726c49ccb8493ae7217a27dc7eeb6aced85011b4c2ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
last-modified: Mon, 26 Feb 2024 07:29:20 GMT
server: cloudflare
vary: Origin
content-type: image/svg+xml
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbbaa85b8ecd-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 26 Aug 2024 20:55:06 +0000

GET
H3 200 Lato-Black.woff2
www.mrcooper.com/fonts/ 173 KB
173 KB 141ms
140ms Font
application/font-woff2 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/fonts/Lato-Black.woff2
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34bb46634d07ac579411823eb39fac1376b012257460066a98b95075d086ccdd

Request headers

Referer: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:56:25 GMT
server: cloudflare
vary: Origin
content-type: application/font-woff2
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbbaa8608ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 176748
expires: Mon, 26 Aug 2024 20:56:23 +0000

GET
H3 200 Lato-Regular.woff2
www.mrcooper.com/fonts/ 178 KB
179 KB 141ms
141ms Font
application/font-woff2 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/fonts/Lato-Regular.woff2
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f

Request headers

Referer: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:55:09 GMT
server: cloudflare
vary: Origin
content-type: application/font-woff2
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbbaa8618ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 182708
expires: Mon, 26 Aug 2024 20:55:06 +0000

GET
H3 200 Lato-Bold.woff2
www.mrcooper.com/fonts/ 181 KB
181 KB 152ms
152ms Font
application/font-woff2 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/fonts/Lato-Bold.woff2
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6

Request headers

Referer: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 22:06:11 GMT
server: cloudflare
vary: Origin
content-type: application/font-woff2
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbbaa8628ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 184912
expires: Mon, 26 Aug 2024 22:06:09 +0000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
91 KB 53ms
42ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2HY4QRV7HT&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5RFM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f006bd04007faaa5ebd52eb4c035382594f4ab6191a27da81a1e2f254f2a2612

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92810
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Mar 2024 15:10:55 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 217 KB
78 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-958038470&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5RFM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18667ea12a37a05f58b06410ca81c0fdd36be2383b4eaf567d8f1dd8fe70489b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79277
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Mar 2024 15:10:55 GMT

GET
H2 200 hotjar-1444525.js Show response
static.hotjar.com/c/ 10 KB
4 KB 27ms
7ms Script
application/javascript 18.66.97.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1444525.js?sv=6

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.49 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-49.fra56.r.cloudfront.net

Software

Resource Hash

1e66de82a598eb6fc50db48ab05202cc9e4d4d4c98128bed5fd653a36ec9e198

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 04 Mar 2024 15:10:51 GMT
via: 1.1 11e35514d631a9a9566fd489de935c06.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 4
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/eaf77a82ff5ded6860d40d22f1db145e
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: b1nyzUvDR0de4FlaYCV_FM4GHKSf11LfgOlr4wa4XU-f86jukn69-w==

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 64ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 04 Mar 2024 15:10:55 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6433D4AF12ED43CD90329A3AFB89EB88 Ref B: FRAEDGE2010 Ref C: 2024-03-04T15:10:55Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 215 KB
58 KB 23ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Mar 2024 15:10:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57348
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: kQcWfXuQeWkB4mbfPDlf6wivd+wdebJYR6kXOhup/FEMSNdeKiGSuwYie/j96P1G9nVjD1otzT2HYrV5raVc3A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 29ms
7ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5RFM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 04 Mar 2024 13:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 4966
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 04 Mar 2024 15:48:09 GMT

GET
H/1.1 200
OK f86.js Show response
s3.amazonaws.com/ki.js/65142/ 303 B
699 B 311ms
114ms Script
application/ecmascript 54.231.135.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/ki.js/65142/f86.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.135.0 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fde9c3324b6b0e08b7c3f1be8bee2a081380fb2100a56051a27ce3a134c585cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Mon, 04 Mar 2024 15:10:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Feb 2024 18:05:20 GMT
Server: AmazonS3
x-amz-request-id: Q4T4TR28J44PKXM9
ETag: "ed7472beb00d4d2888bac49a128923ec"
x-amz-server-side-encryption: AES256
Content-Type: application/ecmascript
Cache-Control: s-maxage=3600, max-age=0
Accept-Ranges: bytes
Content-Length: 227
x-amz-id-2: yKJk5NV1vLPB5Ey2Kddn4ig9nvKoV6LEWW5S2yhslns2Ie1BO5HBXaY3tjD88isYnJJDFIg5zFk=

GET
H2 200 modules.84f80a92c39bbd76564a.js Show response
script.hotjar.com/ 221 KB
55 KB 27ms
6ms Script
application/javascript 13.32.27.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.84f80a92c39bbd76564a.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1444525.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-21.fra56.r.cloudfront.net

Software

Resource Hash

8cfc58c903082aab59592305e949e7b3c9215f3a62d70d13b9baee604d6132ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 12:10:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 270049
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55719
last-modified: Fri, 01 Mar 2024 12:09:47 GMT
etag: "fd429e33536e4a29658cbbc9d61c6168"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Xei1Ie5vLrAlBEi0_DjviM3aWLp8-UqbXly03OnnsrYqmYu3J6wkDA==

GET
H3 200 Lato-Black-Italic.woff2
www.mrcooper.com/fonts/ 25 KB
25 KB 352ms
352ms Font
application/font-woff2 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/fonts/Lato-Black-Italic.woff2
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34455358cf170b5f063d6b219a563a0fface0b1ba1b469d9991f40d86b349be7

Request headers

Referer: https://www.mrcooper.com/assets/application-4c0ee99efd3ff4f72c467ac259bb615d08280c700fcc82aa5bb8b7d81d713cd1.css
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
cf-cache-status: DYNAMIC
last-modified: Wed, 28 Feb 2024 20:55:08 GMT
server: cloudflare
vary: Origin
content-type: application/font-woff2
cache-control: public, s-maxage=15552000, max-age=15552000
cf-ray: 85f2cbbbc9a78ecd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 25636
expires: Mon, 26 Aug 2024 20:55:06 +0000

GET
H3

200

fetch_quick_links Show response
www.mrcooper.com/help-center/api/
Redirect Chain

https://www.mrcooper.com/help/fetch_quick_links
https://www.mrcooper.com/help-center/api/fetch_quick_links

856 B
493 B

139ms
139ms

Fetch
application/json

2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mrcooper.com/help-center/api/fetch_quick_links
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: H3
Server: 2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdbf471f86be9b082c08a3e8726492b9be9decf1a2ed71a6bf2b1bf1eddd10fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
etag: W/"b0u12ywnmons"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cf-ray: 85f2cbbcdaaf8ecd-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

x-runtime: 0.003955
date: Mon, 04 Mar 2024 15:10:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: text/html
location: https://www.mrcooper.com/help-center/api/fetch_quick_links
cache-control: no-cache
cf-ray: 85f2cbbbc9a98ecd-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: 62b240f9-0415-4643-9187-d8414933e003

GET
H2 200 1498188900425660 Show response
connect.facebook.net/signals/config/ 53 KB
12 KB 135ms
133ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1498188900425660?v=2.9.148&r=stable&domain=www.mrcooper.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bef52756ed8b26e35a7ae403f6ada48a4da9ff5bc82535d385cecfb29afb838d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Mar 2024 15:10:55 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: tZPG77OpDbKLk12qF/oI+EJg0fNZ1bwxIZUTlgVMsw/M2GgbezoHlp8Cuyw7AQyoTG1GoBx4UuVsBsTbcR7w6A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
209 B 14ms
14ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1777059684&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&exp=.&_u=YGBAgEABAAAAACgAI~&jid=436667945&gjid=2070657804&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&_slc=1&gtm=45He42t1n71PT5RFMv71404933za200&cd5=2af135e0-cc16-4ae2-9e4c-5e7b5e7b0a76&cd6=1709565055232&cd7=exacttarget%2Cemail%2Cdaa_51_4shippingnotification%2Cundefined%2Cundefined&cd12=N&cd14=N&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=575217147

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
350 B 60ms
21ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=436667945&gjid=2070657804&_gid=225760829.1709565055&_u=YGBAgEABAAAAAGgAIAC~&z=1426252392

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK f89.js Show response
s3.amazonaws.com/ki.js/65142/ 157 KB
50 KB 237ms
103ms Script
application/ecmascript 54.231.135.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/ki.js/65142/f89.js
Requested by: Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.135.0 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b2aed086bc63f07e39f88aef024f268d27e06ff21dc86e729d005a6110230753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Mon, 04 Mar 2024 15:10:56 GMT
Content-Encoding: gzip
Last-Modified: Wed, 14 Feb 2024 18:04:40 GMT
Server: AmazonS3
x-amz-request-id: Q4TFK20BYXB489PV
ETag: "76a8f5899e39185eb648ab6e41144677"
x-amz-server-side-encryption: AES256
Content-Type: application/ecmascript
Cache-Control: s-maxage=3600, max-age=0
Accept-Ranges: bytes
Content-Length: 50907
x-amz-id-2: 9LOZesrC8TBOK6kJpCdyPLOcpynfF+mU3OpBtbFAK2Izpp2qb7+neGySHGnOV+9EK3bJUulgXfI=

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/958038470/ 3 KB
2 KB 64ms
45ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/958038470/?random=1709565055424&cv=11&fst=1709565055424&bg=ffffff&guid=ON&async=1&gtm=45be42t1v878561133z871404933za201&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&hn=www.googleadservices.com&frm=0&tiba=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&npa=0&pscdl=noapi&auid=963128509.1709565055&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-958038470&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3feb5a6f86ba414ebb3866cad99c35686cd485d01bd9771048e8d41bacaa2f5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 35ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2HY4QRV7HT&gtm=45je42t1v872595761z871404933za200&_p=1709565055006&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1454209416.1709565055&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1709565055&sct=1&seg=0&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&en=page_view&_fv=1&_ss=2&ep.logged_in=N&up.loggedIn=N&tfd=2062
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HY4QRV7HT&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 1444525 Show response
vc.hotjar.io/sessions/ 0
233 B 50ms
31ms XHR
text/plain 18.66.112.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1444525?s=0.25&r=0.12258594622921937
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.84f80a92c39bbd76564a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-19.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 04 Mar 2024 15:10:55 GMT
cache-control: no-store
via: 1.1 604f8ac78ed3ba5235c1a14794f2ac64.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: GGBdNWnKlEYnngLA8EkEfuP1eOApYcJrC1WcQZS-LiUK3GaNXrLFDw==
x-cache: Miss from cloudfront

GET
H2 200 5065759.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 36ms
35ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5065759.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f0b2f9661df75bb09901523b6a36ef1d55046d49f3ee513f41507dfe1ea88add

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 04 Mar 2024 15:10:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9986B62F80F9424990004C67402F49B3 Ref B: FRAEDGE2010 Ref C: 2024-03-04T15:10:55Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 204 0
bat.bing.com/action/ 0
285 B 33ms
32ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5065759&Ver=2&mid=2d960ea7-d921-4c36-8802-7224c7e22212&sid=66078210da3911eebba731116c3c9a48&vid=66077640da3911eea86f49ce91ae398f&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Refinancing,%20Home%20Loans,%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans,%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&p=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&r=&lt=2032&evt=pageLoad&sv=1&rn=61265

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 04 Mar 2024 15:10:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0A527E63ED2F48F597B952D50D6D5D80 Ref B: FRAEDGE2010 Ref C: 2024-03-04T15:10:55Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 72899161.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 135ms
7ms Script
text/javascript 146.75.118.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/72899161.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PT5RFM
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.118.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-cache-hits: 61394
date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: gzip
via: 1.1 varnish
age: 3498842
x-cache: HIT
content-length: 5579
x-served-by: cache-fra-eddf8230118-FRA
last-modified: Wed, 24 Jan 2024 01:39:14 GMT
server: Apache
x-timer: S1709565056.613829,VS0,VE0
etag: "421e-60fa7215d9480-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
x-vimeo-dc: ge
x-bapp-server: assets-77db85df4d-dg6pg
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Jan 2034 03:16:53 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 14ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2HY4QRV7HT&gtm=45je42t1v872595761z871404933za200&_p=1709565055006&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1454209416.1709565055&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&sid=1709565055&sct=1&seg=0&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&_s=2&tfd=2107
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HY4QRV7HT&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 155ms
43ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=436667945&_u=YGBAgEABAAAAAGgAIAC~&z=1397369594

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 156ms
42ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=436667945&_u=YGBAgEABAAAAAGgAIAC~&z=1397369594

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/958038470/ 42 B
455 B 113ms
18ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/958038470/?random=1709565055424&cv=11&fst=1709564400000&bg=ffffff&guid=ON&async=1&gtm=45be42t1v878561133z871404933za201&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&frm=0&tiba=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&npa=0&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqw4ZOuEcXkYVENdWJ5EAcoIvzGgeVow&random=3142261372&rmt_tld=0&ipr=y

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/958038470/ 42 B
455 B 117ms
19ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/958038470/?random=1709565055424&cv=11&fst=1709564400000&bg=ffffff&guid=ON&async=1&gtm=45be42t1v878561133z871404933za201&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&frm=0&tiba=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&npa=0&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqw4ZOuEcXkYVENdWJ5EAcoIvzGgeVow&random=3142261372&rmt_tld=1&ipr=y

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5065759 Show response
www.clarity.ms/tag/uet/ 838 B
1 KB 227ms
133ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/5065759?insights=1
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5065759.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 9819377b8113e64d6859e7821e478c94d8674332e8c3f24263dccc3ed763ba34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

expires: -1
date: Mon, 04 Mar 2024 15:10:55 GMT
x-azure-ref: 20240304T151055Z-vb49brdb1d50b55a99cektq0c000000001d000000001k58y
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 838
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 81ms
9ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1498188900425660&ev=PageView&dl=https%3A%2F%2Fwww.mrcooper.com&rl=&if=false&ts=1709565055538&sw=1600&sh=1200&v=2.9.148&r=stable&ec=0&o=4124&fbp=fb.1.1709565055537.1269238088&pm=1&hrl=9b3b19&ler=empty&cdl=API_unavailable&it=1709565055390&coo=false&cs_cc=1&cas=2494144723951786%2C1488487121276423%2C1965498860210986%2C1681898001865908&rqm=GET

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 04 Mar 2024 15:10:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.22/ 60 KB
25 KB 17ms
16ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.22/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5065759?insights=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3a582829e2c11dde7e02e0952effb8a8b97770c95705e03ecc82f848cb8684fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
content-encoding: br
last-modified: Thu, 29 Feb 2024 15:07:22 GMT
etag: W/"0x8DC39382173A2DD"
vary: Accept-Encoding
x-azure-ref: 20240304T151055Z-vb49brdb1d50b55a99cektq0c000000001d000000001k598
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: d3f9cb86-201e-001c-6e15-6e7cbb000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 / Show response
geo.qualaroo.com/json/ 174 B
361 B 299ms
95ms XHR
application/json 34.204.19.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.qualaroo.com/json/
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/ki.js/65142/f89.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.204.19.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-204-19-77.compute-1.amazonaws.com
Software: /
Resource Hash: 114cb0cb4a666ae37ff1afa2a492328cde0c10a34fe739043d776f31fe7aa31e

Request headers

Accept: application/javascript
Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: https://www.mrcooper.com
date: Mon, 04 Mar 2024 15:10:56 GMT
access-control-allow-credentials: true
x-database-date: Fri, 05 Jan 2018 18:56:42 GMT
content-length: 174
vary: Origin
content-type: application/json

GET
H2 200 frame.html Show response
dntcl.qualaroo.com/ Frame E2D2 323 B
711 B 28ms
13ms Document
text/html 2400:52e0:1e00::1082:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://dntcl.qualaroo.com/frame.html
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/ki.js/65142/f89.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1082:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1082 /
Resource Hash: 2e8900ba4a5768754de4fc21bcdde72bdcafa25c6c766a7f3bc44bf6c21fc412

Request headers

Referer: https://www.mrcooper.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=604800
cdn-cache: HIT
cdn-cachedat: 03/04/2024 07:12:15
cdn-edgestorageid: 1080
cdn-fileserver: 639
cdn-proxyver: 1.04
cdn-pullzone: 99568
cdn-requestcountrycode: DE
cdn-requestid: c0e67963846fef2b70fc32cc2ff0e450
cdn-requestpullcode: 206
cdn-requestpullsuccess: True
cdn-status: 200
cdn-storageserver: DE-679
cdn-uid: 50c043fb-dcd1-4574-9faf-b60384f66f78
content-encoding: gzip
content-type: text/html
date: Mon, 04 Mar 2024 15:10:55 GMT
last-modified: Sun, 09 Jul 2023 20:56:17 GMT
server: BunnyCDN-DE1-1082
vary: Accept-Encoding

GET
H2 200 nr-rum-1.252.0.min.js Show response
js-agent.newrelic.com/ 45 KB
16 KB 36ms
7ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.252.0.min.js

Requested by

Host: www.mrcooper.com
URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.mrcooper.com/
Origin: https://www.mrcooper.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-amz-version-id: MnZvesGWBG.EVnzUmRfpgushluAYDfro
content-encoding: br
via: 1.1 varnish
date: Mon, 04 Mar 2024 15:10:55 GMT
strict-transport-security: max-age=300
x-amz-request-id: 3AZFGQ65YT7G8WVS
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15806
x-amz-id-2: A6Mfgavx6/jBn6/p5RqADam52Skp+cv0q72fzqwsbGIfcM/uJRKZ23E6bG9Gx8TO10Lh/t7V67A=
x-served-by: cache-fra-eddf8230127-FRA
last-modified: Tue, 13 Feb 2024 00:41:07 GMT
server: AmazonS3
etag: "2c25d4506676f166485b739ec4e56a2e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 307430

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&RedC=c.clarity.ms&MXFR=3789E0A5648863652F3EF49D60886D43
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&MUID=3F658AE9642362C612749ED165F163E2

42 B
441 B

29ms
29ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&MUID=3F658AE9642362C612749ED165F163E2
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
last-modified: Fri, 01 Mar 2024 22:54:48 GMT
server: Microsoft-IIS/10.0
etag: "3e26b762b6cda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 562B8E22F740488DB362D01197702F72 Ref B: FRAEDGE2010 Ref C: 2024-03-04T15:10:55Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8D0693A8EA76438EB28449BD6373D382&MUID=3F658AE9642362C612749ED165F163E2
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 20ms
20ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1777059684&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=virtual%20pageview&ea=window%20loaded&el=prefill%20%3A%20%20logged%20in%20%3A%20N&_u=aHDAAEABAAAAAGgAIAC~&jid=13659428&gjid=1485811716&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&_r=1&gtm=45He42t1n71PT5RFMv71404933za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=844181132

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 rum Show response
www.mrcooper.com/cdn-cgi/ 0
142 B 18ms
18ms XHR
text/plain 2606:4700::6810:e855
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mrcooper.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e855 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type: application/json

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.mrcooper.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 85f2cbbeccbb8ecd-FRA

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1777059684&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=25%25&el=%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf&_u=aHDAAEABAAAAAGgAIAC~&jid=&gjid=&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&gtm=45He42t1n71PT5RFMv71404933za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1931123669

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Mar 2024 20:04:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68798
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1777059684&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=50%25&el=%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf&_u=aHDAAEABAAAAAGgAIAC~&jid=&gjid=&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&gtm=45He42t1n71PT5RFMv71404933za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=907641571

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Mar 2024 20:04:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68798
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
8ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1777059684&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=75%25&el=%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf&_u=aHDAAEABAAAAAGgAIAC~&jid=&gjid=&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&gtm=45He42t1n71PT5RFMv71404933za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=801628773

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Mar 2024 20:04:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68798
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
9ms Image
image/gif 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1777059684&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&ul=en-us&de=UTF-8&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=100%25&el=%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf&_u=aHDAAEABAAAAAGgAIAC~&jid=&gjid=&cid=1454209416.1709565055&tid=UA-12910956-1&_gid=225760829.1709565055&gtm=45He42t1n71PT5RFMv71404933za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1062008314

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Mar 2024 20:04:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68798
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 20ms
20ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=13659428&gjid=1485811716&_gid=225760829.1709565055&_u=aHDAAEABAAAAAGgAIAC~&z=1689292153

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 6b2288c4ec Show response
bam.nr-data.net/1/ 40 B
404 B 151ms
123ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/6b2288c4ec?a=959119565&v=1.252.0&to=dVhdQ0pfXVhVFklABEZSQVtdQ0IbVQoUXwla&rst=2455&ck=0&s=c4cd3ce4102dfb5a&ref=https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf&hr=0&ap=572&be=1356&fe=1053&dc=677&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1709565053382,%22n%22:0,%22f%22:606,%22dn%22:615,%22dne%22:615,%22c%22:615,%22s%22:622,%22ce%22:637,%22rq%22:637,%22rp%22:1356,%22rpe%22:1377,%22di%22:2025,%22ds%22:2026,%22de%22:2033,%22dc%22:2402,%22l%22:2408,%22le%22:2409%7D,%22navigation%22:%7B%7D%7D&fp=1677&fcp=1766
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 04 Mar 2024 15:10:55 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230109-FRA

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 43ms
42ms Image
image/gif 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=13659428&_u=aHDAAEABAAAAAGgAIAC~&z=1915186587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 44ms
44ms Image
image/gif 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-12910956-1&cid=1454209416.1709565055&jid=13659428&_u=aHDAAEABAAAAAGgAIAC~&z=1915186587

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:10:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
296 B 317ms
98ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.22/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.mrcooper.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.mrcooper.com
Date: Mon, 04 Mar 2024 15:10:56 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-2HY4QRV7HT&gtm=45je42t1v872595761za200&_p=1709565055006&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1454209416.1709565055&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=3&sid=1709565055&sct=1&seg=0&dl=https%3A%2F%2Fwww.mrcooper.com%2Fpaperless%2Fenroll%2Fedfa7f87-322a-4cc0-b101-d0257de633bf%3Futm_source%3Dexacttarget%26utm_medium%3Demail%26utm_campaign%3Ddaa_51_4shippingnotification&dt=Refinancing%2C%20Home%20Loans%2C%20%26%20Mortgage%20Company%20%7C%20Mr.%20Cooper%20Home%20Loans%2C%20New%20Brand%20Name%20For%20Nationstar%20Mortgage&en=scroll&ep.logged_in=N&epn.percent_scrolled=90&_et=35&tfd=7108
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2HY4QRV7HT&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mrcooper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Mar 2024 15:11:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.mrcooper.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mrcooper.com/	1969-12-31 23:59:59	Name: utm_source Value: exacttarget
www.mrcooper.com/	1969-12-31 23:59:59	Name: utm_campaign Value: daa_51_4shippingnotification
www.mrcooper.com/	1969-12-31 23:59:59	Name: utm_medium Value: email
www.mrcooper.com/	1970-01-21 04:28:45	Name: guid Value: ea283a90-5634-4081-bf07-4ca345e21bdb
www.mrcooper.com/	1970-01-20 18:52:45	Name: _apollo-web_session Value: c5fad025404e80ff29b725dab83a0a3d
.mrcooper.com/	1970-01-20 21:02:21	Name: _gcl_au Value: 1.1.963128509.1709565055
www.mrcooper.com/	1969-12-31 23:59:59	Name: utm_source_cookie Value: exacttarget
www.mrcooper.com/	1969-12-31 23:59:59	Name: utms Value: exacttarget,email,daa_51_4shippingnotification,undefined,undefined
.mrcooper.com/	1970-01-20 18:54:11	Name: _gid Value: GA1.2.225760829.1709565055
.mrcooper.com/	1970-01-20 18:52:45	Name: _dc_gtm_UA-12910956-1 Value: 1
.mrcooper.com/	1970-01-21 03:38:21	Name: _hjSessionUser_1444525 Value: eyJpZCI6IjZhYTE3NDhiLWYxMjEtNWU0OS1iYjM3LWUyOTBjMWRlYjRmNCIsImNyZWF0ZWQiOjE3MDk1NjUwNTU0NzcsImV4aXN0aW5nIjpmYWxzZX0=
.mrcooper.com/	1970-01-20 18:52:46	Name: _hjSession_1444525 Value: eyJpZCI6IjkxZWYwNjFlLTI3YWEtNDMxMC1hYTJiLWMwZmUxYzdjY2E2YyIsImMiOjE3MDk1NjUwNTU0NzcsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.mrcooper.com/	1970-01-20 18:54:11	Name: _uetsid Value: 66078210da3911eebba731116c3c9a48
.mrcooper.com/	1970-01-21 04:14:21	Name: _uetvid Value: 66077640da3911eea86f49ce91ae398f
.mrcooper.com/	1970-01-21 04:28:45	Name: _ga_2HY4QRV7HT Value: GS1.1.1709565055.1.0.1709565055.0.0.0
.doubleclick.net/	1970-01-20 18:52:45	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-21 04:14:21	Name: MUID Value: 3F658AE9642362C612749ED165F163E2
.mrcooper.com/	1970-01-20 21:02:21	Name: _fbp Value: fb.1.1709565055537.1269238088
www.clarity.ms/	1970-01-21 03:38:21	Name: CLID Value: e301286127d5415f8dd83fcc96dc17b2.20240304.20250304
.mrcooper.com/	1970-01-21 03:38:21	Name: _clck Value: xgvxc7%7C2%7Cfjs%7C0%7C1524
www.mrcooper.com/	1970-01-21 04:28:45	Name: ki_t Value: 1709565055784%3B1709565055784%3B1709565055784%3B1%3B1
www.mrcooper.com/	1970-01-21 04:28:45	Name: ki_r Value:
.mrcooper.com/	1970-01-21 04:28:45	Name: _ga Value: GA1.2.1454209416.1709565055
.mrcooper.com/	1970-01-20 18:52:45	Name: _gat_UA-12910956-1 Value: 1
www.mrcooper.com/	1969-12-31 23:59:59	Name: ga_client_id Value: 1454209416.1709565055
.c.bing.com/	1970-01-20 19:02:49	Name: MR Value: 0
.c.bing.com/	1970-01-21 04:14:21	Name: SRM_B Value: 3F658AE9642362C612749ED165F163E2
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 04:14:21	Name: MUID Value: 3F658AE9642362C612749ED165F163E2
.c.clarity.ms/	1970-01-20 19:02:49	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 18:52:45	Name: ANONCHK Value: 0
.mrcooper.com/	1970-01-20 18:54:11	Name: _clsk Value: 1aey0vj%7C1709565056187%7C1%7C0%7Cp.clarity.ms%2Fcollect

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/1498188900425660?v=2.9.148&r=stable&domain=www.mrcooper.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 80) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.mrcooper.com/paperless/enroll/edfa7f87-322a-4cc0-b101-d0257de633bf?utm_source=exacttarget&utm_medium=email&utm_campaign=daa_51_4shippingnotification Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
bat.bing.com
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdnjs.cloudflare.com
click.email.nationstarmail.com
connect.facebook.net
dntcl.qualaroo.com
extend.vimeocdn.com
geo.qualaroo.com
googleads.g.doubleclick.net
js-agent.newrelic.com
p.clarity.ms
region1.google-analytics.com
s3.amazonaws.com
script.hotjar.com
static.cloudflareinsights.com
static.hotjar.com
stats.g.doubleclick.net
vc.hotjar.io
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.mrcooper.com
128.17.96.3
13.32.27.21
146.75.118.109
162.247.243.29
18.66.112.19
18.66.97.49
20.122.63.128
2001:4860:4802:32::36
2001:4860:4802:36::178
2400:52e0:1e00::1082:1
2606:4700::6810:3865
2606:4700::6810:5714
2606:4700::6810:e855
2606:4700::6811:190e
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:80e::2004
2a00:1450:4001:812::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c0c::9a
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42:200::649
34.204.19.77
54.231.135.0
68.219.88.97
114cb0cb4a666ae37ff1afa2a492328cde0c10a34fe739043d776f31fe7aa31e
18667ea12a37a05f58b06410ca81c0fdd36be2383b4eaf567d8f1dd8fe70489b
1b29161ae415fd3f9a93bdaf2d740b758bd2f34f09edd54b6d1eeb3793fc81be
1ccc288c47be70317699c5521433e50ecc3888fefc3a00d8345ddc43bf4a8409
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e66de82a598eb6fc50db48ab05202cc9e4d4d4c98128bed5fd653a36ec9e198
2e8900ba4a5768754de4fc21bcdde72bdcafa25c6c766a7f3bc44bf6c21fc412
34455358cf170b5f063d6b219a563a0fface0b1ba1b469d9991f40d86b349be7
34bb46634d07ac579411823eb39fac1376b012257460066a98b95075d086ccdd
3a582829e2c11dde7e02e0952effb8a8b97770c95705e03ecc82f848cb8684fd
3b886d997eab169dc200840b9707d5ea6fe709e4bf0129e7c2eb61a56b24fd40
3feb5a6f86ba414ebb3866cad99c35686cd485d01bd9771048e8d41bacaa2f5f
47309252c09e4ca1d797dc8ad1bea7e7d881a47b2b8f40adf63c19cf9cb93559
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5
50c341656d49c47fae14035ca1d6215c4b2cc845c04ee1580ff6fd5ccd44e5ad
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
66f823a4985c692ee1e4e01b190286d4dc0822a2a7b5045dee54b8e10e500a6f
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
73224296e9449fd2230b3f90550484591643d7974ae4032ef114e788f3e81056
79f2d8b32a58b790869aae0945fde5af979fcd08b7c4a9e8b622cb0bd5455291
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8cfc58c903082aab59592305e949e7b3c9215f3a62d70d13b9baee604d6132ab
8d571b0b4cb3e6a6fadee84a1a319c35c8197d69abe7f15fef273cd66f2013af
967c53251b716a4ae53f04c79514c69304742ea9fe7fe8ee530192df48b38afc
9819377b8113e64d6859e7821e478c94d8674332e8c3f24263dccc3ed763ba34
983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a6ed45d15e46615f8c15931ca254e398a912e770b10122a4435529a1a523180d
ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6
b2aed086bc63f07e39f88aef024f268d27e06ff21dc86e729d005a6110230753
bdbf471f86be9b082c08a3e8726492b9be9decf1a2ed71a6bf2b1bf1eddd10fd
bef52756ed8b26e35a7ae403f6ada48a4da9ff5bc82535d385cecfb29afb838d
bfbbd46b7e6278f631dabd89da3b811bda57956ee640f27dfb36bd0aca792179
c92d5c98448974e2ba50160478b9247c3900e42ef26d0f663666bf89c09f868c
d47aa823be8918a035ecad02d2cf4af0bfe2cbc3c00b8dca54bb758510ff3a37
d71eb9bee65bc66901e3726c49ccb8493ae7217a27dc7eeb6aced85011b4c2ed
d9f527d8e4542e83a0dfde40fd223fc4762acaf38e7042a2acb3d7ea4eb95c7d
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f006bd04007faaa5ebd52eb4c035382594f4ab6191a27da81a1e2f254f2a2612
f0b2f9661df75bb09901523b6a36ef1d55046d49f3ee513f41507dfe1ea88add
f317a98031701d673d1fb9a012740836ef2795dd9c4161f73fccd74effec6188
fde9c3324b6b0e08b7c3f1be8bee2a081380fb2100a56051a27ce3a134c585cf

www.mrcooper.com Open in urlscan Pro 2606:4700::6810:e855 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

65 Requests

97 %HTTPS

63 %IPv6

21 Domains

28 Subdomains

26 IPs

4 Countries

2493 kBTransfer

8680 kBSize

32 Cookies

11 Outgoing links

Page URL History

Redirected requests

65 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.mrcooper.com Open in urlscan Pro
2606:4700::6810:e855 Public Scan

Screenshot
Live screenshot

Full Image

65
Requests

97 %
HTTPS

63 %
IPv6

21
Domains

28
Subdomains

26
IPs

4
Countries

2493 kB
Transfer

8680 kB
Size

32
Cookies

65 HTTP transactions
0 data transactions