Report - luigimarch.com/regions/questions

Report Overview

Submitted URL
luigimarch.com/regions/questions_auth.php
IP
105.174.43.226
ASN
#37119 UNITEL
Submitted
2022-10-11 15:37:13
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	3.9 kB	104.18.32.68
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	943 B	108.138.212.95
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	372 B	43 kB	142.250.74.168
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	591 B	709 B	173.194.73.154
ocsp.securetrust.com	18792	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	332 B	793 B	23.36.79.25
3uc6h1j97eawmuxn2qaqfo5vucdpbxmeqd5rshpb7e29b1d3479d63e6am1.e.aa.online-metrix.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	520 B	436 B	91.235.134.131
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.165.201.17
luigimarch.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	48 kB	105.174.43.226
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.1 kB	93.184.220.29
regions.demdex.net	130110	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	481 B	3.4 kB	52.212.92.153
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com	162816	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	505 B	18 kB	104.17.209.240
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	23.36.76.226
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	475 B	34.251.26.3
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	5.6 kB	142.250.74.3
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	21 kB	142.250.74.174
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	502 B	694 B	142.250.74.3
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.usertrust.com	899	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	330 B	2.8 kB	104.18.32.68
nexus.ensighten.com	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	11 kB	18.164.68.12
onlinebanking.regions.com	123382	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.8 kB	304 kB	205.255.100.241
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	503 B	694 B	142.250.74.164
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.167.231.108
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	5.1 kB	52.31.4.32
smetrics.regions.com	71639	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	5.3 kB	13.36.218.177
tm.regions.com	73107	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.3 kB	110 kB	91.235.132.72
siteintercept.qualtrics.com	1163	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	2.4 kB	104.17.209.240
www.cloudflare.com	6775	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	325 B	104.16.124.96

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-10-11	medium	luigimarch.com/regions/questions_auth.php	Regions Financial Corporation
2022-10-11	medium	luigimarch.com/regions/questions_auth.php	Regions Financial Corporation

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-11	medium	luigimarch.com/regions/questions_auth.php	Phishing
2022-10-11	medium	luigimarch.com/regions/questions_auth.php	Phishing
2022-10-11	medium	luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/equal-housing-lender.svg	Phishing
2022-10-11	medium	luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/member-fdic.svg	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js	220 kB	2023-03-08	2023-03-08
Pretty URL onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js IP 205.255.100.241 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 6009dd6b1baf3d35c22f46eab037e81a 062784c322ae81313f26decf16087a3cb2b33ad7 3bc6c33036e86676ec38ff7d486541c02c44372e34be83feb49d2cd7be4caa21 Loading...

	onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js	71 B	2023-03-08	2023-03-08
Pretty URL onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js IP 205.255.100.241 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 2c8bc617ac522355abfc60a2458b1148 5ae779a5f66b7a0818aa44a7278995eccf451011 f09f5374367e34f0b7ef5c39837fc1cf528af2e84fc5413dfaabda7d31c17b59 Loading...

	regions.demdex.net/dest5.html?d_nsid=undefined#https%3A%2F%2Fluigimarch.com	6.7 kB	2023-03-07	2024-03-23
Pretty URL regions.demdex.net/dest5.html?d_nsid=undefined#https%3A%2F%2Fluigimarch.com IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	tm.regions.com/fp/check.js;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=373b2c2460736d7d3f4e6b6e77702e62796f3d4c696e7d7a246079607f3d44617067646f7a2e627b683d466972656e6d7a2f38323336	453 kB	2023-03-08	2023-03-08
Pretty URL tm.regions.com/fp/check.js;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=373b2c2460736d7d3f4e6b6e77702e62796f3d4c696e7d7a246079607f3d44617067646f7a2e627b683d466972656e6d7a2f38323336 IP 91.235.132.72 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash 6274a03f7c2e83e747cc826236ccd30f 29f9eb5fca14e6a3e8d0ca5860c54f91522c74db 5f7dd63c62ca44e7633ab32c3e6e1b91bc217702af053520b9d4cebf1a267f73 Loading...

	tm.regions.com/fp/ls_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6	92 kB	2023-03-08	2023-03-08
Pretty URL tm.regions.com/fp/ls_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash 57d09a4a9c50b2772a317107fd1953a8 3042b2c679567632297c1765b23abc78113111bf 24a17fadb3ec558cda2d3101720f9c4aea69dd8cfa99fe4941bb8c88988dfcd9 Loading...

	tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb	95 kB	2023-03-08	2023-03-08
Pretty URL tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb IP 91.235.132.72 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash 5d7d0761814760c2c92d9f8704961b16 3141f89ab77008bbe5766a38cfc75b9615279e7f 033707724137b60a1a232a9fb95edaf052d6587834091d84dace4c30af9d7ee3 Loading...

	nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026	154 kB	2023-03-08	2023-03-08
Pretty URL nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026 IP 18.164.68.12 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 934bb7072f2b65e11bff0873da8ac369 802cbdbfa7550d8698c84d13b929fc6fd5c8bfe6 07572d93843235aaea2bc63e8e65272315f4012a6a810e6567fa07b7816ba414 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-18 18:02:16 Times Seen1511 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	nexus.ensighten.com/regions/regions-olb/Bootstrap.js	29 kB	2023-03-08	2023-03-08
Pretty URL nexus.ensighten.com/regions/regions-olb/Bootstrap.js IP 18.164.68.12 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 59a088de2c67f52f805adfdbe07f0178 945bb329ff63c837f845fbda7e82a5b2cda30b1d a8bb5c67018c1992e72b1ba33443d9bb404dfb21720066313d008953e7ac429b Loading...

	onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js	207 kB	2023-03-08	2023-03-08
Pretty URL onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js IP 205.255.100.241 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 1343366aab3a3c0e4c2b7981cbbb77d4 e41f8f7e95ed1cdd5ab599a8e061141d8b07a5b2 4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413 Loading...

	nexus.ensighten.com/regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php	285 B	2023-03-08	2023-03-08
Pretty URL nexus.ensighten.com/regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php IP 18.164.68.12 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash e061551dbe68f20fa5053a53ba6f50e0 6b0f9a70790adb0e7090c15223fdcb29c25d7c37 08aa4f1419e4e56167d38fe8aa019e8c8f1aa8db98051c5182f6396518e86b4e Loading...

	smetrics.regions.com/b/ss/regionsbankdev/10/JS-2.22.3/s38916337775437?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=11%2F9%2F2022%2015%3A37%3A5%202%200&d.&nsid=0&jsonv=1&.d&mid=08318830689087197513434773285022625470&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Cregions%7Cquestions_auth&g=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=regions&server=luigimarch.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=questions_auth&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=questions_auth&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.0.1%7C2.22.3%7C4.4.0%7C20211116&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1	3.7 kB	2023-03-08	2023-03-08
Pretty URL smetrics.regions.com/b/ss/regionsbankdev/10/JS-2.22.3/s38916337775437?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=11%2F9%2F2022%2015%3A37%3A5%202%200&d.&nsid=0&jsonv=1&.d&mid=08318830689087197513434773285022625470&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Cregions%7Cquestions_auth&g=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=regions&server=luigimarch.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=questions_auth&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=questions_auth&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.0.1%7C2.22.3%7C4.4.0%7C20211116&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1 IP 13.36.218.177 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash 9f2eb85be64ec48d62cb8f323e1c7d88 b20c6c0a005e3109b2b795cb73fa1faf6526990e 39054519fe64a83db222b0c82939f96d027019115cb1c8946cb86d4a5a6c3179 Loading...

	luigimarch.com/regions/questions_auth.php	15 B	2023-03-08	2023-11-12
Pretty URL luigimarch.com/regions/questions_auth.php IP 105.174.43.226 ASN #37119 UNITEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-11-12 03:09:06 Times Seen8 Hash 381cf145029d05e6410e582dc64bf61d 88efd40c97b0aa6049213380d8625e57d36f4967 a197db36a1a637c82b49657085cbb959a3ca6c6678870bdcd0e5394b50415f81 Loading...

	luigimarch.com/regions/questions_auth.php	32 B	2023-03-07	2024-04-18
Pretty URL luigimarch.com/regions/questions_auth.php IP 105.174.43.226 ASN #37119 UNITEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:58 Last Seen2024-04-18 13:55:03 Times Seen1596 Hash 16eff409565ed1d22c17d73ce417bd15 ae526f9ce16489f0ca53977b7722f56806555342 d7d8adcd29f47bcccb73dcfc9c2135200465d57df689f842a49311a5b000d7a3 Loading...

	siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=luigimarch.com	63 kB	2023-03-08	2023-07-01
Pretty URL siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=luigimarch.com IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-07-01 15:40:51 Times Seen5 Hash 33751c126f22840421d42539615382de 8d0c0f461cc141b670f032c245b084f9079a43de fcc99bc542379c45755d2d0dda5263aecbac09227b828b070b891af45c61bf7a Loading...

	tm.regions.com/fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6	92 kB	2023-03-08	2023-03-08
Pretty URL tm.regions.com/fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6 IP 91.235.132.72 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash e4d0475c2b2512fc80264962e0634cc9 ebc724865221ee4a8e0c3e278f3b65e824a238ff 5537f485229d3807e9ffbe685c20749c1cf1b301964c531b9088ed4f3d510ef8 Loading...

	luigimarch.com/regions/questions_auth.php	762 B	2023-03-08	2023-03-08
Pretty URL luigimarch.com/regions/questions_auth.php IP 105.174.43.226 ASN #37119 UNITEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 13:23:59 Times Seen1 Hash f1856aa9860608522af362379b09baeb 122e0c585beb4757b5d52bbf6f2c776686544609 355e60c1ca4a7ac08d4403ecb32be94129039d792f49a53912eb92d036dbad62 Loading...

	onlinebanking.regions.com/scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js	392 kB	2023-03-08	2023-03-08
Pretty URL onlinebanking.regions.com/scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js IP 205.255.100.241 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash cd137ec467417a747f7f4f188be00c79 7faf525570e356251b301cc93f9fc28901ff97f9 d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4 Loading...

	luigimarch.com/regions/questions_auth.php	61 B	2023-03-08	2023-03-08
Pretty URL luigimarch.com/regions/questions_auth.php IP 105.174.43.226 ASN #37119 UNITEL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 861c3b5389fea2b3b836c9e0f3051d17 97c10146e8101bd348361d624d7c87de32199b88 5fb77d1bfd46d6f038673171978de02329283d3a6b7a4c7cb91f4c1166664ff0 Loading...

	onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js	282 B	2023-03-08	2023-03-08
Pretty URL onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js IP 205.255.100.241 ASN #19905 NEUSTAR-AS6 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 9d898fb1001aa4ff92f1ea17bec6b0eb 2fefbc4780583822108730128cfc95ad22cb1081 29db6b777bc43ce1de3fb92c31a98d263b8c5b2ac510bf64a336fb0b667be352 Loading...

	znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&t=1665502626006	7.3 kB	2023-03-08	2023-03-08
Pretty URL znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&t=1665502626006 IP 104.17.209.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:50:21 Last Seen2023-03-08 13:23:59 Times Seen1 Hash 95233a51b3d9477049a7f7ff14c2947d ef969c508b882a8d93a46618aa07369079fda28c 4302a2f8910941767fa0de765cec9212ea5e392dc848271cdd8d71d6cb961985 Loading...

	www.googletagmanager.com/gtag/js?id=UA-108294743-4	109 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-108294743-4 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 12:58:55 Last Seen2023-03-08 12:58:55 Times Seen1 Hash 160cf60b6cbdf5a080d05a0750b434e7 59def8cfbb78ac52a3bd4fe879734159d5e9cb90 cec86e5049c31fa05a332223392a2be69b1932d1d60330d5675af4971a138ff3 Loading...

	tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=313c2c6e79613f393b646630336a3c396836663433366d6361393c3769623b6964636136663d3b	0 B	2023-03-07	2024-04-18
Pretty URL tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=313c2c6e79613f393b646630336a3c396836663433366d6361393c3769623b6964636136663d3b IP 91.235.132.72 ASN #30286 THM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 20:46:07 Times Seen36946872 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

		Size	First Seen	Last Seen
	#1 Eval - ce3ddefdfa993eff10cce12bad0f161d	74 B	2023-03-07	2024-04-16
Pretty Observations First Seen2023-03-07 01:19:58 Last Seen2024-04-16 22:03:46 Times Seen1363 Hash ce3ddefdfa993eff10cce12bad0f161d f1455008ca9dcb80747f474d900994ec2cba7254 5825930e400f3c0b303a930b890dd589e3fefeb58b7a2819919a0bfbd43a958f Loading...

	#2 Eval - 90eb5565a909cfb23910404b9543ac4f	61 B	2023-03-07	2024-04-16
Pretty Observations First Seen2023-03-07 01:19:58 Last Seen2024-04-16 22:03:46 Times Seen1359 Hash 90eb5565a909cfb23910404b9543ac4f 43956ffd9c2b0dbec81e659e6692a0cfb279d743 4c7434541d1c4e35e47fa7017129597be4de29d8520f8d28324360e68ee147bb Loading...

	#3 Eval - 55daaa2a73fd1b971676f324be974497	50 B	2023-03-07	2024-04-16
Pretty Observations First Seen2023-03-07 01:19:58 Last Seen2024-04-16 22:03:46 Times Seen1362 Hash 55daaa2a73fd1b971676f324be974497 f2e39789d9b5daa42d0e044577957b799e620b32 107abd1d4c412c9df04a22eea7a81d0ace815adf4ca7b8c2e3d6ea6c459423b5 Loading...

HTTP Transactions (89)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

18.165.201.17

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.165.201.17:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 11 Oct 2022 15:08:31 GMT
Expires: Tue, 11 Oct 2022 15:30:03 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f5db034a9eef3b097715a6b5d2c824a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: BP5aOFOw4x0U7z_xPx-mnYUYGlCB5tqvy_gKhcd8k1a3H1ujrnlcVQ==
Age: 1710

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0602913f3d432ffbfaa654440972ee1
e5aaf31749e65875fd840091f9a3bba641de413d
5495ad212166703dcd1d17d7aa6ff4d1c40e73dfad703d24f00f60f35bc7d56c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5495AD212166703DCD1D17D7AA6FF4D1C40E73DFAD703D24F00F60F35BC7D56C"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15007
Expires: Tue, 11 Oct 2022 19:47:09 GMT
Date: Tue, 11 Oct 2022 15:37:02 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7611
Expires: Tue, 11 Oct 2022 17:43:53 GMT
Date: Tue, 11 Oct 2022 15:37:02 GMT
Connection: keep-alive

luigimarch.com/regions/questions_auth.php

105.174.43.226

301 Moved Permanently

257 B

URL HTTP/1.1
luigimarch.com/regions/questions_auth.php
IP
105.174.43.226:0
ASN
#37119 UNITEL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
257 B (257 bytes)
Hash
d16e3e7bd4827ddd9223cb7047857db9
7a91257ca0fd1640f1f5514d3954d2dcc9c8e798
0e468bc9180991a90a67c088ecedc80e9e873a10ab0a5562b3ee145c169ed923

Detections

Analyzer	Verdict	Alert
openphish	Regions Financial Corporation
fortinet	Phishing

HTTP Headers

GET /regions/questions_auth.php HTTP/1.1
Host: luigimarch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 11 Oct 2022 16:31:01 GMT
Server: Apache
Location: https://luigimarch.com/regions/questions_auth.php
Content-Length: 257
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Rl0kczF+5s841RbkiFReWCgc9QO2rlu739EV094FXtE7MMwU3G5S3PCjTwzISRTPPPHPDs1jpeo=
x-amz-request-id: ETZV14ZMXTZ3EZ2A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 11 Oct 2022 15:00:54 GMT
age: 2168
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 11 Oct 2022 15:37:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.165.201.17

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.165.201.17:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 11 Oct 2022 14:41:38 GMT
Expires: Tue, 11 Oct 2022 15:39:47 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 4ae6e5888b43b4133973ba1aadad8194.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: pWqdchaukY6IOKBAnkFh3pFMEYvWHtON3WVDb33MnzWclkCVq7XjlQ==
Age: 3324

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
34c15fee665f03aab24038618bb2d9a7
6b90ea5a496581b83daf1764938d1db1a5a32bb4
93e99055eb4a94f808eed2fac338d6c480047c30a56498b2a65036a7d5bdea04

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2648
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:02 GMT
Last-Modified: Tue, 11 Oct 2022 14:52:54 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

ocsp.usertrust.com/

104.18.32.68

200 OK

2.2 kB

URL HTTP/1.1
ocsp.usertrust.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
2.2 kB (2236 bytes)
Hash
d628a6b33693ba4c2c69e57e4888245c
6122c00277c0f8d6e2e00ab64ad189438721dec1
70c1f1bfbdfdfae89f2c98a0ebb9c321163548b93a05cc2706047eaa6563512a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 22:12:16 GMT
Expires: Sat, 15 Oct 2022 22:12:15 GMT
Etag: "6122c00277c0f8d6e2e00ab64ad189438721dec1"
Cache-Control: max-age=603677,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 635
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7588acc0fa30b505-OSL

luigimarch.com/regions/questions_auth.php

105.174.43.226

200 OK

38 kB

URL HTTP/1.1
luigimarch.com/regions/questions_auth.php
IP
105.174.43.226:0
ASN
#37119 UNITEL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
38 kB (38275 bytes)
Hash
9ad4b7584d02c07e1fcab888b4afb048
9856348202b283e489a095444e05516ea809c078
f4945dc02814e4e1bd07301e7340f155fe987715d9d5775b21432a82ac68e864

Detections

Analyzer	Verdict	Alert
openphish	Regions Financial Corporation
fortinet	Phishing

HTTP Headers

GET /regions/questions_auth.php HTTP/1.1
Host: luigimarch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 16:31:02 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
8d1d6c84bcf5cac610f9318f3d4c054a
7e1c4725d4b77de7289bec9e82b415c7d84c5c5e
e5cd1c83c60ec835fbedf82f62497552f3447f0b21ae0b72314c04b3c8501a1b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2022 20:29:23 GMT
Expires: Sun, 16 Oct 2022 20:29:22 GMT
Etag: "7e1c4725d4b77de7289bec9e82b415c7d84c5c5e"
Cache-Control: max-age=448939,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7588acc11985b500-OSL

tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb

91.235.132.72

200 OK

12 kB

URL HTTP/1.1
tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb
IP
91.235.132.72:0
ASN
#30286 THM

File type
ASCII text, with very long lines (15506)
Size
12 kB (12116 bytes)
Hash
549280772e86e43c9d3248d0298263a7
6c8142ffa54553316eb558fd0d75580b816ded7e
322609e0b23e9500516f3c0439fa267b3c85407ba6c7636dfb74d50cdc277c11

HTTP Headers

GET /fp/tags.js?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
P3P: CP=IVAa PSAa
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

push.services.mozilla.com/

35.167.231.108

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.167.231.108:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: A7g58Ds3+BkxYM+h5/a8qw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Z3viCA1Hq1LmIjAztCaWQUt3BMo=

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1164cce8caba7fb70a71a8407cb2e43b
4e72011bc9cafb2cb7e52e19adda53b41f7be045
61747d885b5a0b5291e1084450ce9ba455a35b4581bf8e1489d3f5bc9cb5d4fa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 11 Oct 2022 04:32:49 GMT
Expires: Tue, 18 Oct 2022 04:32:48 GMT
Etag: "4e72011bc9cafb2cb7e52e19adda53b41f7be045"
Cache-Control: max-age=564344,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7588acc23d52b4ff-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1164cce8caba7fb70a71a8407cb2e43b
4e72011bc9cafb2cb7e52e19adda53b41f7be045
61747d885b5a0b5291e1084450ce9ba455a35b4581bf8e1489d3f5bc9cb5d4fa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 11 Oct 2022 04:32:49 GMT
Expires: Tue, 18 Oct 2022 04:32:48 GMT
Etag: "4e72011bc9cafb2cb7e52e19adda53b41f7be045"
Cache-Control: max-age=564344,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7588acc1da6fb500-OSL

onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.70a36cb073e780ad0284606c65b305d2af230cd8674a1e6b12dbc3b84d819427.css

205.255.100.241

200 OK

1.0 kB

URL HTTP/1.1
onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.70a36cb073e780ad0284606c65b305d2af230cd8674a1e6b12dbc3b84d819427.css
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.0 kB (1030 bytes)
Hash
3ab4483139b384cc089be688dc808276
f5404b8eff7e54627667a7a1d5930f40d83fda98
91f8319092712519bc71293bfb5ef432ed00322aede0c805ce4b782c837c587c

HTTP Headers

GET /Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.70a36cb073e780ad0284606c65b305d2af230cd8674a1e6b12dbc3b84d819427.css HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: DeviceName=desktop; path=/; secure; HttpOnly
AnonToken=ANONYMOUS-4f870cad-bb42-4813-81bd-1b0e025104b0; path=/; secure; HttpOnly
NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae16b545525d5f4f58455e445a4a423660;path=/;httponly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Length: 1030
Strict-Transport-Security: max-age=157680000

nexus.ensighten.com/regions/regions-olb/Bootstrap.js

18.164.68.12

200 OK

9.0 kB

URL HTTP/2
nexus.ensighten.com/regions/regions-olb/Bootstrap.js
IP
18.164.68.12:0
ASN
#0

File type
ASCII text, with very long lines (579)
Size
9.0 kB (9028 bytes)
Hash
4746dd2d6d77f52d330c5dd1eaee480c
26e9761fb53c49b2ff49097b7bcddd6c25025b7a
225817a817baf762c33ed32f086208d2c73acced826ec2a228e75a33f8653fe0

HTTP Headers

GET /regions/regions-olb/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 05:29:32 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 30 Nov 2021 21:26:14 GMT
etag: W/"59a088de2c67f52f805adfdbe07f0178"
x-amz-server-side-encryption: AES256
cache-control: max-age=300
x-amz-version-id: .hB9pyhqAsalSnJsG5DH8ZwNIHi6DC.O
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fd0213744bc3f0c3b6436f635fb80a6c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: AdtIdB9vfb3e5rGH1t4Lzfay0_dtHKYXzfZu52IGn2fJlLQK0advlQ==
age: 7034852
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1164cce8caba7fb70a71a8407cb2e43b
4e72011bc9cafb2cb7e52e19adda53b41f7be045
61747d885b5a0b5291e1084450ce9ba455a35b4581bf8e1489d3f5bc9cb5d4fa

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 11 Oct 2022 04:32:49 GMT
Expires: Tue, 18 Oct 2022 04:32:48 GMT
Etag: "4e72011bc9cafb2cb7e52e19adda53b41f7be045"
Cache-Control: max-age=564344,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7588acc23ce81c0e-OSL

onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css

205.255.100.241

200 OK

1.0 kB

URL HTTP/1.1
onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (1611), with CRLF line terminators
Size
1.0 kB (1001 bytes)
Hash
d5af296940925e03e546730cd94c0b81
a26d2523a867d5ef9ee0d07f7e60af71d5455f52
b5c58b66684135fa3bdad9191f1bd9568666949210342276b1a21a82e1aa7a91

HTTP Headers

GET /Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:22:08 GMT
Accept-Ranges: bytes
ETag: "1ed510b5cfbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Length: 1001
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168a45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js

205.255.100.241

200 OK

1.0 kB

URL HTTP/1.1
onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.0 kB (1030 bytes)
Hash
3ab4483139b384cc089be688dc808276
f5404b8eff7e54627667a7a1d5930f40d83fda98
91f8319092712519bc71293bfb5ef432ed00322aede0c805ce4b782c837c587c

HTTP Headers

GET /scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: DeviceName=desktop; path=/; secure; HttpOnly
AnonToken=ANONYMOUS-d3560ca5-9433-4d60-9bfd-ac9041d6b2a7; path=/; secure; HttpOnly
NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168a45525d5f4f58455e445a4a423660;path=/;httponly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Length: 1030
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js

205.255.100.241

200 OK

267 B

URL HTTP/1.1
onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
ASCII text, with CRLF line terminators
Size
267 B (267 bytes)
Hash
abeddd021d59805f1eb49011f4ab4bcd
02c914223bf4a78eb3c687a8f777f93e095b4860
df392de8056548119618fd87fb91127521740e3534c6f87fc344d8e37aabd3f3

HTTP Headers

GET /scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:20 GMT
Accept-Ranges: bytes
ETag: "b4d9fa7fcdbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 267
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168e45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js

205.255.100.241

200 OK

188 B

URL HTTP/1.1
onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
188 B (188 bytes)
Hash
a2914fac91ca5a5b14879a07ad4d4061
980d8ceaff68f49f72677b99b9713c01c3275a63
30aef393646d6e52c05f8971d82da650b6b84a9b6b1dc1e0b7a36616439c6747

HTTP Headers

GET /scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:20 GMT
Accept-Ranges: bytes
ETag: "7477f87fcdbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 188
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168e45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/com-regions.min.css

205.255.100.241

200 OK

34 kB

URL HTTP/1.1
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/com-regions.min.css
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33901 bytes)
Hash
c0388e9a1e6c1393f272b44cc318f763
14ea07e9a59b6edc18306acb52c1f1bab4072a18
c3ac19b6df4e9818aaf9855fb088ed9b58a69f818b68773dfbf476f8368d5704

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/com-regions.min.css HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
ETag: "080d581cdbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 33901
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168e45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/regions-logo-no-r.svg

205.255.100.241

200 OK

2.2 kB

URL HTTP/1.1
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/regions-logo-no-r.svg
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1024), with CRLF line terminators
Size
2.2 kB (2240 bytes)
Hash
7a307093f3ffb0f9b59eefd74f20eef8
3d3aff97b9a1fe08158d13a5565cd95494120195
4d60d0bac24130a383d2db2485ee05f1d1e36c699247f44d8ff99df25b3c21ea

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Images/regions-logo-no-r.svg HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/svg+xml
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
ETag: "080d581cdbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 2240
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168e45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js

205.255.100.241

200 OK

62 kB

URL HTTP/1.1
onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
62 kB (61931 bytes)
Hash
4fee043f86629d9820b6d3d30b7fcba4
a9d37433c811a696a90c59e93203c0cfbef7bd6f
b7a01b4ebb2879a78077b55e98d6c78ee9001e325eb399701e42f65b79487f17

HTTP Headers

GET /Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:20 GMT
Accept-Ranges: bytes
ETag: "026737fcdbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Length: 61931
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168a45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js

205.255.100.241

200 OK

108 kB

URL HTTP/1.1
onlinebanking.regions.com/scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (64560)
Size
108 kB (108549 bytes)
Hash
7a111cf58c9736bbd9d12c2cca1bfac9
e1b1ba7b230e5f4a02a1d08915c0cccc73505942
37b67caf8fda72bdec6fc4d82cb403e23aea04573f11ed07a371b8f6f8f84962

HTTP Headers

GET /scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/javascript
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:21:52 GMT
Accept-Ranges: bytes
ETag: "010f7aacfbcd81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:02 GMT
Content-Length: 108549
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168f45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/icon-select-chevron.svg

205.255.100.241

200 OK

350 B

URL HTTP/1.1
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/icon-select-chevron.svg
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
350 B (350 bytes)
Hash
6adf14dc5fd0ac1b96b1eb3d971e9e8a
75fdf74b6136a8752b77b1234fb6e83d32263480
9d10230b6e420091d35f01cf4fd05c7ca8ca23e4fbac0cb02ca457ad295eef16

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Images/icon-select-chevron.svg HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/com-regions.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/svg+xml
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
ETag: "080d581cdbcd81:0"
Server: Microsoft-IIS/10.0
Date: Tue, 11 Oct 2022 15:37:03 GMT
ntCoent-Length: 575
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168e45525d5f4f58455e445a4a423660;path=/;httponly
Content-Encoding: gzip
Content-Length: 350
Strict-Transport-Security: max-age=157680000

onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js

205.255.100.241

200 OK

82 kB

URL HTTP/1.1
onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
ASCII text, with very long lines (32038), with CRLF line terminators
Size
82 kB (81994 bytes)
Hash
db8a845a223578d403d37e6f397310eb
8085a9414f901b58461d6ad9c08bd88380ba0cfa
1d81d6a7abfa72e21d4888321135ddef63db0e27bbbb58d147864938ca846bf9

HTTP Headers

GET /custom/Assets/Scripts/global-overlays.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Age: 1
Date: Tue, 11 Oct 2022 15:37:03 GMT
Cache-Control: public
Content-Length: 81994
Connection: Keep-Alive
Via: NS-CACHE-12-A
ETag: "080d581cdbcd81:0"
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=157680000

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
372301cc3e0ad3b9318a13a6ec327d30
9d34de85f08bf496e76a3577e0b23af5a2e06548
b5b57c12618c4d45d9b712be3fccaba0debbbf018f82b028bff74e39a077cf03

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5B57C12618C4D45D9B712BE3FCCABA0DEBBBF018F82B028BFF74E39A077CF03"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Tue, 11 Oct 2022 19:11:38 GMT
Date: Tue, 11 Oct 2022 15:37:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
372301cc3e0ad3b9318a13a6ec327d30
9d34de85f08bf496e76a3577e0b23af5a2e06548
b5b57c12618c4d45d9b712be3fccaba0debbbf018f82b028bff74e39a077cf03

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5B57C12618C4D45D9B712BE3FCCABA0DEBBBF018F82B028BFF74E39A077CF03"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Tue, 11 Oct 2022 19:11:38 GMT
Date: Tue, 11 Oct 2022 15:37:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
372301cc3e0ad3b9318a13a6ec327d30
9d34de85f08bf496e76a3577e0b23af5a2e06548
b5b57c12618c4d45d9b712be3fccaba0debbbf018f82b028bff74e39a077cf03

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5B57C12618C4D45D9B712BE3FCCABA0DEBBBF018F82B028BFF74E39A077CF03"
Last-Modified: Tue, 11 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12874
Expires: Tue, 11 Oct 2022 19:11:38 GMT
Date: Tue, 11 Oct 2022 15:37:04 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11800 bytes)
Hash
6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 94e8e091-1136-41a7-843c-44c4ffe9e688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZqylGGYwoAMFQIg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6340fe20-60b47aeb3b55af4f755577f4;Sampled=0
x-amzn-remapped-date: Sat, 08 Oct 2022 04:35:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: fzfUAL2jahiFgsqMExf1dB_7PFJt9wwO2BDKo3XJHSvk5AeeNP8FQg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 22:22:13 GMT
age: 62091
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc6dbf06-fc04-4aa0-be3e-1b1f5a988e0f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10795 bytes)
Hash
3a7910c19b8c04b1c7a9a03949dc54b8
40b0931f4705cc826564bd29418d17edbed84d7d
1f14b664a3587ad9b73b3d5bc37a670900622c467287f9a0dfad1f8bdf69606f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbc6dbf06-fc04-4aa0-be3e-1b1f5a988e0f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10795
x-amzn-requestid: 8efcb814-aa05-476a-b66a-161185920ed8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj_dQHvHoAMFy_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e45ee-7eb4a30a5d0b102845ba50d6;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3gYj2RrQnvATq2N75NXCUmL8QB3cZKEtrRq2g-LphjXO6Es15eGW_A==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 15:53:06 GMT
age: 85438
etag: "40b0931f4705cc826564bd29418d17edbed84d7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428afbd7-2ec8-4bd9-aa56-aef5bf556934.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5390 bytes)
Hash
dcce3576bdd0381adc0b1088eb1648d6
cbe1719f2ad809ccf8d81093842dc43512d53148
087d13ece248b55b5884af970d3d3cc9d347d712d9eee5f9e8211b24dce269c1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F428afbd7-2ec8-4bd9-aa56-aef5bf556934.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5390
x-amzn-requestid: 032b26d9-1e90-4c6c-861d-212b7da0e589
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zzt7lGd9oAMFoaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449049-0f85ddc34fd723d311911b31;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:36:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8-3wup3iaaU-XF6aVnvEs_xew8WB-j1kX2bm3s0puIP5SM8xB6_Kng==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:56:00 GMT
etag: "cbe1719f2ad809ccf8d81093842dc43512d53148"
content-type: image/jpeg
age: 63664
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a938ec-0f85-4cc4-b114-6a3bb049c111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11336 bytes)
Hash
9e6761274cf8c2ed62e317e310f74ac3
32b3631be51d3385f061fee29e41ed28fad4b914
45d68ffebd269cae06ae471a11a128c32070367db85f525b81df4164f510adea

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98a938ec-0f85-4cc4-b114-6a3bb049c111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11336
x-amzn-requestid: 2f64751f-13d2-49c3-85c4-fb0f28186a37
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zzt8mFh7IAMF_lA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63449050-100b2d49411d4bed369655c1;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:36:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lss2UdzBjP4PysNdrrEsK0WX20WfoKkbHuhcPzL6WWyyTXSynpXJDA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 21:55:51 GMT
etag: "32b3631be51d3385f061fee29e41ed28fad4b914"
content-type: image/jpeg
age: 63673
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F647e8146-dad8-449f-a0ea-efe8d7b14e99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5957 bytes)
Hash
6943f4735bdb3eaf396cd0edbd101dae
3be209d8b74abe0d12033cf6149da04eb9e1a116
7578a8981216adc59909baf4e41ef4044d5a592e6dc7f80f4fa8f5f1cc1b282f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F647e8146-dad8-449f-a0ea-efe8d7b14e99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5957
x-amzn-requestid: e7388c82-006d-4114-84e1-f6c5af236edb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zt4h5EMzoAMF5GQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63423ad8-135cd65273a99b4c1719796b;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 03:07:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: H6aoPUjEEPgK6GhTjcpiUg0lVa0e78LQa7cbpYT-QR8NKUzn7UL1Sw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 11 Oct 2022 04:12:36 GMT
age: 41068
etag: "3be209d8b74abe0d12033cf6149da04eb9e1a116"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ea1c33c-766b-4b55-98a5-0a22380c61ce.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6645 bytes)
Hash
1a8720e1bfd92ce7ccfeb8ab6ca2477a
1277a8a73b2fbf48562a7f767c3219d836b1faa9
61cfaa0a0338ae710735fab66822d8227adeb6a8bc4035686fae4a4de6247f1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ea1c33c-766b-4b55-98a5-0a22380c61ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6645
x-amzn-requestid: 6e75c182-93bc-4339-a679-b069f78a397c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZzuQ0H3qoAMFi5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634490d1-4e134a93174cbf3559bea75c;Sampled=0
x-amzn-remapped-date: Mon, 10 Oct 2022 21:38:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 2T5ArGyU86KvuyKtp_G0XC9MaZQWS2luBYlIKcQRWNeeUjqcmQgMSA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 10 Oct 2022 22:10:38 GMT
age: 62786
etag: "1277a8a73b2fbf48562a7f767c3219d836b1faa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js

205.255.100.241

200 OK

1.0 kB

URL HTTP/1.1
onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.0 kB (1030 bytes)
Hash
3ab4483139b384cc089be688dc808276
f5404b8eff7e54627667a7a1d5930f40d83fda98
91f8319092712519bc71293bfb5ef432ed00322aede0c805ce4b782c837c587c

HTTP Headers

GET /scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Set-Cookie: DeviceName=desktop; path=/; secure; HttpOnly
AnonToken=ANONYMOUS-db96264c-045c-43e6-bac9-c6dfd99a0603; path=/; secure; HttpOnly
NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae164d45525d5f4f58455e445a4a423660;path=/;httponly
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 1030
Strict-Transport-Security: max-age=157680000

nexus.ensighten.com/regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php

18.164.68.12

200 OK

285 B

URL HTTP/2
nexus.ensighten.com/regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php
IP
18.164.68.12:0
ASN
#0

File type
ASCII text
Size
285 B (285 bytes)
Hash
e061551dbe68f20fa5053a53ba6f50e0
6b0f9a70790adb0e7090c15223fdcb29c25d7c37
08aa4f1419e4e56167d38fe8aa019e8c8f1aa8db98051c5182f6396518e86b4e

HTTP Headers

GET /regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/javascript
content-length: 285
server: nginx
date: Tue, 11 Oct 2022 15:37:04 GMT
expires: Tue, 11 Oct 2022 15:37:03 GMT
cache-control: no-cache, no-store
x-cache: Miss from cloudfront
via: 1.1 fd0213744bc3f0c3b6436f635fb80a6c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 8mY_yxd93Otv0BZTOTY2VJG9oT8chzL9F7YIj0ebMLFXfk_YdADKaw==
X-Firefox-Spdy: h2

onlinebanking.regions.com/favicon.ico

205.255.100.241

200 OK

3.3 kB

URL HTTP/1.1
onlinebanking.regions.com/favicon.ico
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type
MS Windows icon resource - 1 icon, 32x32, 24 bits/pixel\012- data
Size
3.3 kB (3262 bytes)
Hash
061c115987e92592f3dc2c867de9adf9
3d2d5762c3d47e90fd76470a1c93d0161ea9a2cd
f51d5e6454326b4c4af313f023c469e69e86078b027538b3413326aa77e7a1af

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/x-icon
Last-Modified: Wed, 31 Aug 2022 00:06:26 GMT
Accept-Ranges: bytes
ETag: "0ad683cdbcd81:0"
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Tue, 11 Oct 2022 15:37:04 GMT
Content-Length: 3262
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168c45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/equal-housing-lender.svg

105.174.43.226

404 Not Found

7.8 kB

URL HTTP/1.1
luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/equal-housing-lender.svg
IP
105.174.43.226:0
ASN
#37119 UNITEL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3866), with CRLF, LF line terminators
Size
7.8 kB (7824 bytes)
Hash
a1a20b5203ae5ff3318f9d3ed3d7ec0b
9138a63e14f7650fcb3e7c56945e9502bf21a2b0
42cbde87ca724f033748e50e5d4a49516ad506a70b7e42b7ee75e1d27f3edee4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Images/equal-housing-lender.svg HTTP/1.1
Host: luigimarch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/regions/questions_auth.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 11 Oct 2022 16:31:03 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://luigimarch.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

nexus.ensighten.com/error/e.gif?msg=can%27t%20access%20property%20%22RCIF%22%2C%20window.rcif%20is%20undefined&lnn=304&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-olb%2Fcode%2F38ff9a60d8efb6e2f9e7175b10aa8d1f.js%3FconditionId0%3D423026&cid=1202&client=regions&publishPath=regions-olb&rid=3100402&did=595352&errorName=TypeError

18.164.68.12

204 No Content

0 B

URL HTTP/2
nexus.ensighten.com/error/e.gif?msg=can%27t%20access%20property%20%22RCIF%22%2C%20window.rcif%20is%20undefined&lnn=304&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-olb%2Fcode%2F38ff9a60d8efb6e2f9e7175b10aa8d1f.js%3FconditionId0%3D423026&cid=1202&client=regions&publishPath=regions-olb&rid=3100402&did=595352&errorName=TypeError
IP
18.164.68.12:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /error/e.gif?msg=can%27t%20access%20property%20%22RCIF%22%2C%20window.rcif%20is%20undefined&lnn=304&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-olb%2Fcode%2F38ff9a60d8efb6e2f9e7175b10aa8d1f.js%3FconditionId0%3D423026&cid=1202&client=regions&publishPath=regions-olb&rid=3100402&did=595352&errorName=TypeError HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: CloudFront
date: Tue, 11 Oct 2022 00:14:53 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 fd0213744bc3f0c3b6436f635fb80a6c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: cqANj7nH2WnLpvv7Pyhf5iuty6pJvnKCeqUw1Fth2GMWY1bt_fec9w==
age: 55331
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1ff77836bfa1305c46f0a625741a9912
3fa59dc68ce5f60cbe2429997798ba0f06110a23
43703bd6f12ffff78565fdb7f88aec37a4c5ac2361e0cfba8bfe31dae4ac1835

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 820
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:05 GMT
Last-Modified: Tue, 11 Oct 2022 15:23:25 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892

52.31.4.32

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892
IP
52.31.4.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://luigimarch.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v044-0f3ae87bd.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=40865065423273492564496590560014238897; Max-Age=15552000; Expires=Sun, 09 Apr 2023 15:37:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: MOg2/OR0R/4=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892

52.31.4.32

200 OK

124 B

URL HTTP/1.1
dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892
IP
52.31.4.32:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
124 B (124 bytes)
Hash
1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca

HTTP Headers

GET /id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1665502624892 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://luigimarch.com
Content-Type: application/x-www-form-urlencoded
Referer: https://luigimarch.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://luigimarch.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v044-08f9cc93e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: X2L7w2KYSL4=
Content-Length: 124
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9b5a2c1b2fb258c89ff4f4d2fe5c0084
0e5641c319ecf70906136f67fd4e4e7c0add19a3
f32db3cdab3a5deab819a37fd8192a7fd811c404ed7818a2ec35ce6fd0379178

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:05 GMT
Server: ECS (amb/6BC4)
Content-Length: 471

smetrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1665502625177

13.36.218.177

200 OK

48 B

URL HTTP/2
smetrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1665502625177
IP
13.36.218.177:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
50a18b3ff978478882cd481b7915418b
58188935d03babb0f7656a01d0659667967327b3
14f1f69618be2272faa557ae0db86eae84a990fd263a3a070a2ca6fa1cad94f0

HTTP Headers

GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1665502625177 HTTP/1.1
Host: smetrics.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://luigimarch.com
access-control-allow-credentials: true
date: Tue, 11 Oct 2022 15:37:05 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg=0%7CMCMID%7C08318830689087197513434773285022625470; Path=/; Domain=regions.com; Max-Age=63072000; Expires=Thu, 10 Oct 2024 15:37:37 GMT;
s_ecid=MCMID%7C08318830689087197513434773285022625470; Path=/; Domain=regions.com; Max-Age=63072000; Expires=Thu, 10 Oct 2024 15:37:37 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=08318830689087197513434773285022625470&ts=1665502625512

52.31.4.32

200 OK

1.3 kB

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=08318830689087197513434773285022625470&ts=1665502625512
IP
52.31.4.32:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (3731), with no line terminators
Size
1.3 kB (1278 bytes)
Hash
2823dd8c3f0d4e8c00da09064fa2b48d
dec46b1e8e9ad879da9e4a07953b7b2492842506
75e8ff15a7e73ac1e3f4113e807fdd217d4273c85705e9c95c4fdec8728399dc

HTTP Headers

GET /id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=08318830689087197513434773285022625470&ts=1665502625512 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://luigimarch.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v044-08580ef78.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=02541027936636474662857380038950563539; Max-Age=15552000; Expires=Sun, 09 Apr 2023 15:37:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 2wXjxnw2QEY=
Content-Length: 1278
Connection: keep-alive

smetrics.regions.com/b/ss/regionsbankdev/10/JS-2.22.3/s38916337775437?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=11%2F9%2F2022%2015%3A37%3A5%202%200&d.&nsid=0&jsonv=1&.d&mid=08318830689087197513434773285022625470&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Cregions%7Cquestions_auth&g=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=regions&server=luigimarch.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=questions_auth&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=questions_auth&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.0.1%7C2.22.3%7C4.4.0%7C20211116&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1

13.36.218.177

200 OK

3.7 kB

URL HTTP/2
smetrics.regions.com/b/ss/regionsbankdev/10/JS-2.22.3/s38916337775437?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=11%2F9%2F2022%2015%3A37%3A5%202%200&d.&nsid=0&jsonv=1&.d&mid=08318830689087197513434773285022625470&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Cregions%7Cquestions_auth&g=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=regions&server=luigimarch.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=questions_auth&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=questions_auth&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.0.1%7C2.22.3%7C4.4.0%7C20211116&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1
IP
13.36.218.177:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (3687)
Size
3.7 kB (3688 bytes)
Hash
9f2eb85be64ec48d62cb8f323e1c7d88
b20c6c0a005e3109b2b795cb73fa1faf6526990e
39054519fe64a83db222b0c82939f96d027019115cb1c8946cb86d4a5a6c3179

HTTP Headers

GET /b/ss/regionsbankdev/10/JS-2.22.3/s38916337775437?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=11%2F9%2F2022%2015%3A37%3A5%202%200&d.&nsid=0&jsonv=1&.d&mid=08318830689087197513434773285022625470&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Cregions%7Cquestions_auth&g=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=regions&server=luigimarch.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=questions_auth&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=questions_auth&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.0.1%7C2.22.3%7C4.4.0%7C20211116&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1 HTTP/1.1
Host: smetrics.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
date: Tue, 11 Oct 2022 15:37:05 GMT
expires: Mon, 10 Oct 2022 15:37:05 GMT
last-modified: Wed, 12 Oct 2022 15:37:05 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3576639653261377536-4619391099334934880
vary: *
dcs: dcs-prod-irl1-1-v044-08580ef78.edge-irl1.demdex.com 8 ms
x-aam-tid: 2+44ucyVQU0=
content-type: application/x-javascript;charset=utf-8
content-length: 3688
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

regions.demdex.net/dest5.html?d_nsid=undefined

52.212.92.153

200 OK

2.8 kB

URL HTTP/1.1
regions.demdex.net/dest5.html?d_nsid=undefined
IP
52.212.92.153:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=undefined HTTP/1.1
Host: regions.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Tue, 11 Oct 2022 15:37:05 GMT
DCS: dcs-prod-irl1-2-v044-0d06d6d5c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:47:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: P/AtDF/gQ5c=
Content-Length: 2791
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

108.138.212.95

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
108.138.212.95:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ae9dc28b04eada5ea1b72ea3696159f7
effd8c83f2bfd49340db0bb5a3da4c5af404a9ac
ad3cf0a1c08300458638867fb798c97a2d061107dead565d5db6696b1e224538

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 11 Oct 2022 15:37:05 GMT
Last-Modified: Tue, 11 Oct 2022 15:31:08 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 6fa047d03f6ff664c45c23f0975fa9a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: -1p8irrSPOk7wqUKFpALZRqtN4v4jTrEnTtP0xgp4Clm7Oo-Ws6DkA==
Age: 357

cm.everesttech.net/cm/dd?d_uuid=02541027936636474662857380038950563539

34.251.26.3

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=02541027936636474662857380038950563539
IP
34.251.26.3:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=02541027936636474662857380038950563539 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Tue, 11 Oct 2022 15:37:05 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y0WNoQAAABjIzQNn; Domain=.everesttech.net; Expires=Wed, 11-Oct-2023 15:37:05 GMT; Path=/
everest_session_v2=Y0WNoQAAABjIzwNn; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y0WNoQAAABjIzQNn
Server: AMO-cookiemap/1.1

dpm.demdex.net/ibs:dpid=411&dpuuid=Y0WNoQAAABjIzQNn

52.31.4.32

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y0WNoQAAABjIzQNn
IP
52.31.4.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y0WNoQAAABjIzQNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luigimarch.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v044-022c8a2e6.edge-irl1.demdex.com 10 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0WNoQAAABjIzQNn
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=09550395070486457904097715924737101785; Max-Age=15552000; Expires=Sun, 09 Apr 2023 15:37:05 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 3/iDPD9ZRik=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0WNoQAAABjIzQNn

52.31.4.32

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0WNoQAAABjIzQNn
IP
52.31.4.32:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y0WNoQAAABjIzQNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://luigimarch.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v044-08f9cc93e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: WwkcqIhASwQ=
Content-Length: 59
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
befa75dbbe9d5dfa501f9c1f03b7cdfa
73814c47bdcd6bebffc963b71d0a20fb361fad50
76b8f843416709a64e030343fbea3e04b9ee9faf2872ddba29f7c8ea28041e28

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-108294743-4

142.250.74.168

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-108294743-4
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1962)
Size
42 kB (42420 bytes)
Hash
97b82eb60027d3ad40afa981f5d9cae9
4f0812cf34d810810b451b03e0d172d243927835
8cf8181e74173df7419d1afdaa0ed4b086db8a94c9d71ba434b7a114b4804c30

HTTP Headers

GET /gtag/js?id=UA-108294743-4 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 11 Oct 2022 15:37:06 GMT
expires: Tue, 11 Oct 2022 15:37:06 GMT
cache-control: private, max-age=900
last-modified: Tue, 11 Oct 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42420
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=2

91.235.132.72

200 OK

81 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=2
IP
91.235.132.72:0
ASN
#30286 THM

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=2 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=1

91.235.132.72

200 OK

81 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=1
IP
91.235.132.72:0
ASN
#30286 THM

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&ck=0&m=1 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
2c08f85bd74f5c0456761cd4180e3d1b
1fb1ed9973e481092ae4e51e7277e7e58144f994
e5e5d24ca076fb29f70c900432ad20cc1c838d61924c257d2fe01e898a76ecad

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tm.regions.com/fp/check.js;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=373b2c2460736d7d3f4e6b6e77702e62796f3d4c696e7d7a246079607f3d44617067646f7a2e627b683d466972656e6d7a2f38323336

91.235.132.72

200 OK

79 kB

URL HTTP/1.1
tm.regions.com/fp/check.js;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=373b2c2460736d7d3f4e6b6e77702e62796f3d4c696e7d7a246079607f3d44617067646f7a2e627b683d466972656e6d7a2f38323336
IP
91.235.132.72:0
ASN
#30286 THM

File type
ASCII text, with very long lines (15260)
Size
79 kB (78626 bytes)
Hash
5f3a1273c986a0cb163b90c01bf0a167
4b640321ffb5ba89815ccab6530970075f7d7c83
20566d91eea21365ec528e23693b143e39e9b79bf5cdb779402805d8aae87157

HTTP Headers

GET /fp/check.js;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=373b2c2460736d7d3f4e6b6e77702e62796f3d4c696e7d7a246079607f3d44617067646f7a2e627b683d466972656e6d7a2f38323336 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: 7e29b1d3479d63e6
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&t=1665502626006

104.17.209.240

200 OK

17 kB

URL HTTP/2
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&t=1665502626006
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6801)
Size
17 kB (16856 bytes)
Hash
ec6be87231d385bb5baf30c99c32d4cc
f32ff4577cdc02b860f62cd2913e90606e3be803
074857a375d964bc280699d9c2fdbd3e3fba1265981596d8c24a5dbff7de747f

HTTP Headers

GET /WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fluigimarch.com%2Fregions%2Fquestions_auth.php&t=1665502626006 HTTP/1.1
Host: znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 11 Oct 2022 15:37:06 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7588acd55e0cb4f1-OSL
access-control-allow-origin: *
age: 34365
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-klVRNOsWDmMj5H3RnqpbSdS3b+A"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=313c2c6e79613f393b646630336a3c396836663433366d6361393c3769623b6964636136663d3b

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=313c2c6e79613f393b646630336a3c396836663433366d6361393c3769623b6964636136663d3b
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jb=313c2c6e79613f393b646630336a3c396836663433366d6361393c3769623b6964636136663d3b HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/javascript

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 11 Oct 2022 14:41:09 GMT
expires: Tue, 11 Oct 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 3357
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jd=373f2c2460666c35352468666a35306c3b62343761386d34323c6f373b62643f6735306163396e3f6838383365652e68647e643f3a3a3a3c3835

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jd=373f2c2460666c35352468666a35306c3b62343761386d34323c6f373b62643f6735306163396e3f6838383365652e68647e643f3a3a3a3c3835
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jd=373f2c2460666c35352468666a35306c3b62343761386d34323c6f373b62643f6735306163396e3f6838383365652e68647e643f3a3a3a3c3835 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=98
Connection: Keep-Alive
Content-Type: text/javascript

tm.regions.com/fp/clear.png

91.235.132.72

200 OK

81 B

URL HTTP/1.1
tm.regions.com/fp/clear.png
IP
91.235.132.72:0
ASN
#30286 THM

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /fp/clear.png HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*, 3uc6h1j9/7e29b1d3479d63e6bkzgztbygv3prmyyzpe0upyb
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Tue, 11 Oct 2022 15:37:06 GMT
Expires: Sun, 10 Oct 2027 15:37:06 GMT
Etag: 6d064441620b4fdb87964e617e811a83
Cache-Control: private, must-revalidate, max-age=0
Access-Control-Allow-Origin: https://luigimarch.com
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png

tm.regions.com/fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6

91.235.132.72

200 OK

14 kB

URL HTTP/1.1
tm.regions.com/fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6
IP
91.235.132.72:0
ASN
#30286 THM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Size
14 kB (13623 bytes)
Hash
b4214e39a08acacaf2dad0fafd171f0a
c3bc7c8d5d81cab1b6ebb9e9498f921fb972d8ba
262d68de756a9a6ca48bd7bb4a27e92ad53690641f9f709aac96c33fe02fc17b

HTTP Headers

GET /fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web

104.17.209.240

200 OK

984 B

URL HTTP/2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (3233), with no line terminators
Size
984 B (984 bytes)
Hash
a86b459da347e8ab1fcff63210fb1fc0
a79e58ffe43e9468da388575483d9a35a91b53f9
f137754928f00659db7b4ac1756a7875af6b76ab85e145b7deb3581e42524e67

HTTP Headers

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 104
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 11 Oct 2022 15:37:06 GMT
content-type: application/json
cf-ray: 7588acd5de98b4f1-OSL
access-control-allow-origin: https://luigimarch.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: a8a7ddd96cfd0c28
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ocsp.securetrust.com/

23.36.79.25

200 OK

638 B

URL HTTP/1.1
ocsp.securetrust.com/
IP
23.36.79.25:0
ASN
#20940 Akamai International B.V.

File type
data
Size
638 B (638 bytes)
Hash
78ba0180841d0a332ec7d249c1c55875
ddb80421a0e29a237e793cff68681150f0226548
4fe5fd1ee478813c1030ad534c2b9790c71802138ccf90a50eaf33272276c8a2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Tue, 11 Oct 2022 15:37:06 GMT
Connection: keep-alive

3uc6h1j97eawmuxn2qaqfo5vucdpbxmeqd5rshpb7e29b1d3479d63e6am1.e.aa.online-metrix.net/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&di=yes

91.235.134.131

200 OK

81 B

URL HTTP/1.1
3uc6h1j97eawmuxn2qaqfo5vucdpbxmeqd5rshpb7e29b1d3479d63e6am1.e.aa.online-metrix.net/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&di=yes
IP
91.235.134.131:0
ASN
#30286 THM

File type
PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Size
81 B (81 bytes)
Hash
1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&di=yes HTTP/1.1
Host: 3uc6h1j97eawmuxn2qaqfo5vucdpbxmeqd5rshpb7e29b1d3479d63e6am1.e.aa.online-metrix.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Length: 81
Content-Type: image/png

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=313c2c6e79623f3d67373563333d693d6e61353433356960373e3b316e30646c60356461303d3d

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=313c2c6e79623f3d67373563333d693d6e61353433356960373e3b316e30646c60356461303d3d
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=313c2c6e79623f3d67373563333d693d6e61353433356960373e3b316e30646c60356461303d3d HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tm.regions.com/fp/ls_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
Content-Type: text/javascript

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
55429dd512d3e72adc0792b5e941d914
affb6ecf685702a7e652d81bef23fdb03515709f
46efa31a4d653d84c6b1c9156c248b92032a5a4305fad19857d9ed6183b16251

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&gjid=239079893&_gid=436265014.1665502626&_u=YEBAAUAAAAAAACAAI~&z=1104495265

173.194.73.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&gjid=239079893&_gid=436265014.1665502626&_u=YEBAAUAAAAAAACAAI~&z=1104495265
IP
173.194.73.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&gjid=239079893&_gid=436265014.1665502626&_u=YEBAAUAAAAAAACAAI~&z=1104495265 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://luigimarch.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 11 Oct 2022 15:37:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
55429dd512d3e72adc0792b5e941d914
affb6ecf685702a7e652d81bef23fdb03515709f
46efa31a4d653d84c6b1c9156c248b92032a5a4305fad19857d9ed6183b16251

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
78a3ee88876e1d435a7336de2648d41f
96ec618e5f3e76bdbc03e4e60a793ec396b40dd3
4eab0c4746253e517a0523b2e47d6d392c5e17e663ac59307182a566f31d86e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tm.regions.com/fp/clear1.png;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=363b3c2479696657706c663d766c7a577a4f445a79597f78563244655c74525224716b645d6c697c6f3d313636353d32303c38342c736b6c5d767b7067357f6d683a65636473692471636e5d61657b35313237393138393b3a36303732613034363269673964323a3233323632303a693236343863653b6632393a333a37323b36303230323c696e3f34623862623161613832666861646c3761343037306d3d6c39356361636c67646f33603a32313e666763643b3f3d6d6b31393266376a3a323c323a6b3566693a666164336d6c6d3d33663564656d313a3a3d613c61676c3136676363693d6c6e6331363737313263333837333534313b343237616b6a316e38663063302e716b6e557163673f3b32363730303a38383937366332303867343e38666b31603e353334353b3a316b6934343239616c3634336f373d62666c343b64313b6e3a3d3930666161306c61353368353f62613830303330326b396b3d31383633333067363f3c643230323064313a3332696c303c3534666633693731323d376963366e3a603539343f3c6c3265393861666c32316838643326716164703f30

91.235.132.72

204 204

0 B

URL HTTP/1.1
tm.regions.com/fp/clear1.png;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=363b3c2479696657706c663d766c7a577a4f445a79597f78563244655c74525224716b645d6c697c6f3d313636353d32303c38342c736b6c5d767b7067357f6d683a65636473692471636e5d61657b35313237393138393b3a36303732613034363269673964323a3233323632303a693236343863653b6632393a333a37323b36303230323c696e3f34623862623161613832666861646c3761343037306d3d6c39356361636c67646f33603a32313e666763643b3f3d6d6b31393266376a3a323c323a6b3566693a666164336d6c6d3d33663564656d313a3a3d613c61676c3136676363693d6c6e6331363737313263333837333534313b343237616b6a316e38663063302e716b6e557163673f3b32363730303a38383937366332303867343e38666b31603e353334353b3a316b6934343239616c3634336f373d62666c343b64313b6e3a3d3930666161306c61353368353f62613830303330326b396b3d31383633333067363f3c643230323064313a3332696c303c3534666633693731323d376963366e3a603539343f3c6c3265393861666c32316838643326716164703f30
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear1.png;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jf=363b3c2479696657706c663d766c7a577a4f445a79597f78563244655c74525224716b645d6c697c6f3d313636353d32303c38342c736b6c5d767b7067357f6d683a65636473692471636e5d61657b35313237393138393b3a36303732613034363269673964323a3233323632303a693236343863653b6632393a333a37323b36303230323c696e3f34623862623161613832666861646c3761343037306d3d6c39356361636c67646f33603a32313e666763643b3f3d6d6b31393266376a3a323c323a6b3566693a666164336d6c6d3d33663564656d313a3a3d613c61676c3136676363693d6c6e6331363737313263333837333534313b343237616b6a316e38663063302e716b6e557163673f3b32363730303a38383937366332303867343e38666b31603e353334353b3a316b6934343239616c3634336f373d62666c343b64313b6e3a3d3930666161306c61353368353f62613830303330326b396b3d31383633333067363f3c643230323064313a3332696c303c3534666633693731323d376963366e3a603539343f3c6c3265393861666c32316838643326716164703f30 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 204
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/png;charset=UTF-8
Keep-Alive: timeout=2, max=95

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5d0a0ed90364e0eea045f6e6cbc6521d
f76cac3b64a0310a0f5dc859cd2310802c024426
26caffaa8fc4b28a0fbe229d64d4f14c621178610521c58881b5cc5b39102382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 15:37:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-108294743-4&cid=790215865.1665502626&jid=2045803613&_u=YEBAAUAAAAAAACAAI~&z=496280552 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 11 Oct 2022 15:37:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0fa37076cf716e45f8c7d4c9d3763ec4
b5e15dbbf63afd38dafc5681994078585c2974a6
819e659d6a167e928acd75ce791dbe29c4ad44784b47a5beb0376cbfab59937f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
630d2d1f4572fc2d78b1318b8a5c05d9
e88d0c31bc701e6620366a83dd337a89420a4215
73442de4417e1f83c5e82b0e281bf0e4144a0a25f8c59552a788932d5c47bde5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 11 Oct 2022 15:37:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=33383b242c706f356c6d2461776c60356e66353462353c323a3a3f376964376d60343239616b6d6c6961353637323e67613f3b323c63343037343038616d316c3a39373936363b33363a38313b64663a24677a333f6c6e3e3265663762303f3a3a6b6c3668373b6e603a6462676a6d6d3966356161636b6631333c363a

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=33383b242c706f356c6d2461776c60356e66353462353c323a3a3f376964376d60343239616b6d6c6961353637323e67613f3b323c63343037343038616d316c3a39373936363b33363a38313b64663a24677a333f6c6e3e3265663762303f3a3a6b6c3668373b6e603a6462676a6d6d3966356161636b6631333c363a
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=33383b242c706f356c6d2461776c60356e66353462353c323a3a3f376964376d60343239616b6d6c6961353637323e67613f3b323c63343037343038616d316c3a39373936363b33363a38313b64663a24677a333f6c6e3e3265663762303f3a3a6b6c3668373b6e603a6462676a6d6d3966356161636b6631333c363a HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:06 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=94
Connection: Keep-Alive
Content-Type: text/javascript

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=303f2c247d696f3575676072766b5761647465726e61645d6f6e6471

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=303f2c247d696f3575676072766b5761647465726e61645d6f6e6471
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6&jac=1&je=303f2c247d696f3575676072766b5761647465726e61645d6f6e6471 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/javascript

tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6

91.235.132.72

204 No Content

0 B

URL HTTP/1.1
tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6
IP
91.235.132.72:0
ASN
#30286 THM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /fp/clear.png?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6 HTTP/1.1
Host: tm.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7
Origin: https://tm.regions.com
Connection: keep-alive
Referer: https://tm.regions.com/fp/top_fp.html;CIS3SID=D45DEB3E1CA8146ECB9EB18E32311D90?org_id=3uc6h1j9&session_id=bkzgztbygv3prmyyzpe0upyb&nonce=7e29b1d3479d63e6
Cookie: thx_guid=832b344eaa24984581a1a518d327e7ce
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Date: Tue, 11 Oct 2022 15:37:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: https://tm.regions.com
Content-Type: text/javascript

www.cloudflare.com/cdn-cgi/trace

104.16.124.96

200 OK

0 B

URL HTTP/2
www.cloudflare.com/cdn-cgi/trace
IP
104.16.124.96:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/trace HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 11 Oct 2022 15:37:05 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 7588acd26eafb517-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026

18.164.68.12

200 OK

0 B

URL HTTP/2
nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026
IP
18.164.68.12:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 22 Jul 2022 05:29:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 30 Nov 2021 21:26:14 GMT
etag: W/"934bb7072f2b65e11bff0873da8ac369"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: N5wQkdmbRBLZgAJt6lq_XX5OewYKnhke
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fd0213744bc3f0c3b6436f635fb80a6c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P4
x-amz-cf-id: 2210O59HhfdjygyUZocgQCWoq-7Vs1RA9_Ivu91xvxBUomIUsz1nkg==
age: 7034850
X-Firefox-Spdy: h2

siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=luigimarch.com

104.17.209.240

200 OK

0 B

URL HTTP/2
siteintercept.qualtrics.com/dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=luigimarch.com
IP
104.17.209.240:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dxjsmodule/11.1163f93a1b03283dcecd.chunk.js?Q_CLIENTVERSION=1.79.0&Q_CLIENTTYPE=web&Q_BRANDID=luigimarch.com HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 11 Oct 2022 15:37:06 GMT
content-type: application/javascript
cf-ray: 7588acd59e4fb4f1-OSL
access-control-allow-origin: *
age: 39422
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"f813-183c2d70130"
last-modified: Mon, 10 Oct 2022 17:00:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=63507
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff

205.255.100.241

200 OK

0 B

URL HTTP/1.1
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://onlinebanking.regions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/font-woff
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
ETag: "080d581cdbcd81:0"
Server: Microsoft-IIS/10.0
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 18720
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae16b245525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/member-fdic.svg

105.174.43.226

404 Not Found

0 B

URL HTTP/1.1
luigimarch.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/member-fdic.svg
IP
105.174.43.226:0
ASN
#37119 UNITEL

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Images/member-fdic.svg HTTP/1.1
Host: luigimarch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://luigimarch.com/regions/questions_auth.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Date: Tue, 11 Oct 2022 16:31:04 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://luigimarch.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff

205.255.100.241

200 OK

0 B

URL HTTP/1.1
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff
IP
205.255.100.241:0
ASN
#19905 NEUSTAR-AS6

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff HTTP/1.1
Host: onlinebanking.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://luigimarch.com
Connection: keep-alive
Referer: https://onlinebanking.regions.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/font-woff
Last-Modified: Wed, 31 Aug 2022 00:06:24 GMT
Accept-Ranges: bytes
ETag: "080d581cdbcd81:0"
Server: Microsoft-IIS/10.0
Date: Tue, 11 Oct 2022 15:37:03 GMT
Content-Length: 19156
Set-Cookie: NSC_JO04rpo5bksldygchfrbdvckw3jfjdc=ffffffff09ae168d45525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations