firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 19 Sep 2022 19:12:48 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tYXyL7r7JHq1rDlAgj-VEehxWTAIdepDWuMMenzxrxKSSyRGXP-n_g==
Age: 1479
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 861cfa99de956423d917ed0ddbea4b9c
ad65dbc394b48b04a45c205f56af296c8d008db4
5c706b2718b1698995f4feb91223779aef4bf6dc967c31f9ef9a93873197d5f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5C706B2718B1698995F4FEB91223779AEF4BF6DC967C31F9EF9A93873197D5F9"
Last-Modified: Sun, 18 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11630
Expires: Mon, 19 Sep 2022 22:51:17 GMT
Date: Mon, 19 Sep 2022 19:37:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K8532YRRGzaU3O4dXUSEAQQZu3ytNa1w6ptFeJzJau18mohQo7Lm8Q==
age: 54134
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Sep 2022 19:37:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.32.68200 OK 2.2 kB IP 104.18.32.68:0
Hash 9e72df0f5c1eaf5cbdeb5e7299b0152e
460f40ffa660c2e4e24ade3599fa8b7786dbd6c3
4122b57af16d023f96673d6fac82f48d7d53445b016e840ab5547a14ba9f81de
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:27 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 22:12:16 GMT
Expires: Sat, 24 Sep 2022 22:12:15 GMT
Etag: "460f40ffa660c2e4e24ade3599fa8b7786dbd6c3"
Cache-Control: max-age=603781,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1479
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d4c6ac3d7e0b06-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 0cd12d3f15073e70a136f76f821308a9
86b3145d24059c8a96896c7f26d9001bc0abe0be
d1820f641a93038ab648f62dc3ef60bf54b68732a572f122f66eb960e9222dcb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:27 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 09:57:56 GMT
Expires: Fri, 23 Sep 2022 09:57:55 GMT
Etag: "86b3145d24059c8a96896c7f26d9001bc0abe0be"
Cache-Control: max-age=310227,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ac5e170b02-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Mon, 19 Sep 2022 19:03:22 GMT
Cache-Control: max-age=3600
Expires: Mon, 19 Sep 2022 19:28:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Gv0OTRK0Ly2T-bfruFHXbtk2shU6Ji4Y7xmzZQEA6wglAMU1dNbKEg==
Age: 2046
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5c817aa82ca8ed4a4257fd1e1628b423
7905c62b6bbc582860c07b75eddae371a4b8d02b
dce1783ecfe50c83d30878b48d60e1cf3fe42a3fa4090fb5d318194de73e53d6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6492
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:28 GMT
Last-Modified: Mon, 19 Sep 2022 17:49:16 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.usertrust.com/
104.18.32.68200 OK 2.2 kB IP 104.18.32.68:0
Hash 9e72df0f5c1eaf5cbdeb5e7299b0152e
460f40ffa660c2e4e24ade3599fa8b7786dbd6c3
4122b57af16d023f96673d6fac82f48d7d53445b016e840ab5547a14ba9f81de
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:28 GMT
Content-Type: application/ocsp-response
Content-Length: 2236
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 22:12:16 GMT
Expires: Sat, 24 Sep 2022 22:12:15 GMT
Etag: "460f40ffa660c2e4e24ade3599fa8b7786dbd6c3"
Cache-Control: max-age=603781,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1480
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d4c6b03a490b06-OSL
push.services.mozilla.com/
54.187.160.31101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.160.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zBOri1g6ciLylMIRh/S7nA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: x2Vk/NWq0nXChuBdKnzqtvR3YBQ=
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash c627423f9a3916356bcc2aff65ebab8d
b5b220788ffbde717435ea659f573f282a342f3d
2ff5ed33a02154bda3dacf6d916f0a7a71612b484dbe7a46a979c7ed421999ab
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:28 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 05:23:26 GMT
Expires: Sat, 24 Sep 2022 05:23:25 GMT
Etag: "b5b220788ffbde717435ea659f573f282a342f3d"
Cache-Control: max-age=380156,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6b04ac00b02-OSL
www.regions.com/MLO/christilley
205.255.103.100301 Moved Permanently 0 B URL HTTP/1.1 www.regions.com/MLO/christilley
IP 205.255.103.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MLO/christilley HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Location: /locator/mlo/mortgage-loan-officer-Chris-Tilley-Atlanta
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Date: Mon, 19 Sep 2022 19:37:28 GMT
Content-Length: 0
Set-Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660;path=/;httponly
Strict-Transport-Security: max-age=157680000
www.regions.com/locator/mlo/mortgage-loan-officer-Chris-Tilley-Atlanta
205.255.103.100302 Found 194 B URL HTTP/1.1 www.regions.com/locator/mlo/mortgage-loan-officer-Chris-Tilley-Atlanta
IP 205.255.103.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 50e488fbe57c0eb3be5a2800f331d496
330d1e0e8d299fa5b835c0ec4d3648c3d31d339f
d725a2312a6f0a67aeb562b4a609f701259d1570d529f4d44b32c0367fdb3f55
GET /locator/mlo/mortgage-loan-officer-Chris-Tilley-Atlanta HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: http://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Date: Mon, 19 Sep 2022 19:37:28 GMT
Content-Length: 194
Strict-Transport-Security: max-age=157680000
www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
205.255.103.100200 OK 18 kB URL HTTP/1.1 www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
IP 205.255.103.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (415), with CRLF line terminators
Hash 3d588fedd823681f2e9da2b716c2e32d
b75df2a74df15024b71d26a9ceb488f86e006e9e
fb37b6c527fbdc73e574fe2e814d905ff015e92f4d0dfb6316844f70675a240c
GET /locator/mlo/mortgage-loan-officer-chris-tilley-atlanta HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: br
Vary: Accept-Encoding
Set-Cookie: ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; path=/; HttpOnly; SameSite=Lax
SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False; expires=Thu, 16-Sep-2032 19:37:28 GMT; path=/; HttpOnly
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Date: Mon, 19 Sep 2022 19:37:28 GMT
Content-Length: 18173
Strict-Transport-Security: max-age=157680000
www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
205.255.103.100200 OK 127 kB URL HTTP/1.1 www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
IP 205.255.103.100:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 127 kB (126702 bytes)
Hash da3cd2f86ca8b7d05327fafd460aced4
ec18661d3be7932a10391760a81b5fbab6e160a7
e371192f0e3e490d2154ae5ea94f4fd2d8223779d7356944933f1d49cd652482
GET /RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356730
Date: Thu, 15 Sep 2022 16:31:58 GMT
Cache-Control: max-age= 31536000,public
Content-Length: 126702
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "60c4675f9ab8d81:0"
Content-Type: text/css
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:17 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/source-sans-pro-300-webfont.woff2
205.255.103.100200 OK 13 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/source-sans-pro-300-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 12936, version 1.0\012- data
Hash 6d4b2348a4f8f255a2bfd1ab35e30618
72a7e20b49379ccab237d004a3506e22b3b7934b
0d14a3a656216743eb1e133b5af93d6eaa98c6260b411a01894323e62166f80f
GET /rdcresources/content/fonts/source-sans-pro-300-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 350904
Date: Thu, 15 Sep 2022 18:09:05 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "9015e5609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 12936
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/source-sans-pro-regular-webfont.woff2
205.255.103.100200 OK 13 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/source-sans-pro-regular-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 13080, version 1.0\012- data
Hash 834648c5f6f2f73c3df33def9348d879
7385e4868c41fb1e4ba48503a16235ddb8cd8a6c
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
GET /rdcresources/content/fonts/source-sans-pro-regular-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 350904
Date: Thu, 15 Sep 2022 18:09:05 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "30d1f2609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 13080
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/source-sans-pro-600-webfont.woff2
205.255.103.100200 OK 13 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/source-sans-pro-600-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 13072, version 1.0\012- data
Hash 595d5c1e2d877c3a50a77158e977ede4
0564953f05d57246c240796c5ba2bbec8c8ba93c
72dbd696f7961daf9049faacc868865d959f3d126f40d5271f48d5d9a0ccc652
GET /rdcresources/content/fonts/source-sans-pro-600-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 350904
Date: Thu, 15 Sep 2022 18:09:05 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "805fe7609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 13072
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/source-sans-pro-300italic-webfont.woff2
205.255.103.100200 OK 13 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/source-sans-pro-300italic-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 12592, version 1.0\012- data
Hash 48e38952d86d1b849b4e7e79c109a116
d8c9466e811876438d3e1d900943e3fa3d9625c1
0007bd27c6755494aa1b4fdebf9f019db02b59e5f02222148e136c75ccef026e
GET /rdcresources/content/fonts/source-sans-pro-300italic-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 325877
Date: Fri, 16 Sep 2022 01:06:13 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "307eeb609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 12592
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/source-sans-pro-italic-webfont.woff2
205.255.103.100200 OK 13 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/source-sans-pro-italic-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 12580, version 1.0\012- data
Hash 0408305af8e45ff50aa09d3d3732fc01
3ff33e34998c68f480305e1d91adcd1ed8a2a7ee
6b49f18370ab654be0367fb969d5015649fdf5406bcbec33e5b0644f4bb7fe0a
GET /rdcresources/content/fonts/source-sans-pro-italic-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 350904
Date: Thu, 15 Sep 2022 18:09:05 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "508e2609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 12580
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/droidserif-regular-webfont.woff2
205.255.103.100200 OK 25 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/droidserif-regular-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 25180, version 1.0\012- data
Hash ed97ad0179a7e320488aabe236a03029
4d605ccfe533eb243f6c3ca403785960d8b5cff9
3913c00225825b9de4b6f6f292d6222b4328c5e8ae85bbe7c8929660ab0f8dee
GET /rdcresources/content/fonts/droidserif-regular-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 325877
Date: Fri, 16 Sep 2022 01:06:13 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "309ce6609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 25180
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/droidserif-bold-webfont.woff2
205.255.103.100200 OK 28 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/droidserif-bold-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 28520, version 1.0\012- data
Hash 4a80ddcba4cef2129dec8753762ac8f1
44f352414c76a8f84c27d6240fa3634fd248f4fa
1fa9dc815c95ac07bd2badeacc086f16ea92051db9818ca26c2f7bf048ae8b40
GET /rdcresources/content/fonts/droidserif-bold-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 325877
Date: Fri, 16 Sep 2022 01:06:13 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "c0fbe7609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 28520
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/fonts/droidserif-italic-webfont.woff2
205.255.103.100200 OK 23 kB URL HTTP/1.1 www.regions.com/rdcresources/content/fonts/droidserif-italic-webfont.woff2
IP 205.255.103.100:0
File type Web Open Font Format (Version 2), TrueType, length 22988, version 1.0\012- data
Hash fe84712f81388dfad5f48e4de801ec44
1c3e195be8306df1edc70d4abfa9270876093640
98213150300a378382c71ad9eff1538120dd8f9f29780c475feead2add55d80d
GET /rdcresources/content/fonts/droidserif-italic-webfont.woff2 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 331668
Date: Thu, 15 Sep 2022 23:29:42 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "b098f1609ab8d81:0"
Content-Type: font/woff2
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 22988
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/img/regions-logo-no-r.svg
205.255.103.100200 OK 2.2 kB URL HTTP/1.1 www.regions.com/rdcresources/content/media/img/regions-logo-no-r.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1024)
Hash a1f74587948b0dd3ba17bc85e8e17cf8
73c00bb48f58bc146754ff1e38e82367e62b623c
54d76bbd9a1b94ddf025374da0c8f6072f47c4b83305fa54773b348d99f2b184
GET /rdcresources/content/media/img/regions-logo-no-r.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356754
Date: Thu, 15 Sep 2022 16:31:35 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "70af715f9ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:17 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 2183
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Logo/Desktop/header-logo-desktop-regions-standard.svg?revision=5073573a-233c-4471-a6dc-112e6b2cc767
205.255.103.100200 OK 2.8 kB URL HTTP/1.1 www.regions.com/-/media/Images/Logo/Desktop/header-logo-desktop-regions-standard.svg?revision=5073573a-233c-4471-a6dc-112e6b2cc767
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1307)
Hash d58bee0aa7945d823a1107e530c1b91c
9030ba67d5b1bfbee85569b75f72e6a6c8de52af
7f9fe1eefa9793fa369be97036bb01cc78d3fad97d30579ac51d5a98d60cd36f
GET /-/media/Images/Logo/Desktop/header-logo-desktop-regions-standard.svg?revision=5073573a-233c-4471-a6dc-112e6b2cc767 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356754
Date: Thu, 15 Sep 2022 16:31:35 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 2587ba95fc7a4fcfacd83d243f8c881d
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Fri, 03 Apr 2020 23:05:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Disposition: inline; filename="header-logo-desktop-regions-standard.svg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 2771
Strict-Transport-Security: max-age=157680000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 19:37:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb78000d2-f83e-44e6-b5dd-092b2c37f6b8.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb78000d2-f83e-44e6-b5dd-092b2c37f6b8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a533c29caf29ac5348a4443278d5c52c
915155faf27fad10373d5e282621af5c2eba0c17
eaa82b2d158d5f8c8a91a13cbce276aa8e2a9adabaa5a7d81e1155e3334ca27d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb78000d2-f83e-44e6-b5dd-092b2c37f6b8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4807
x-amzn-requestid: 1addccee-8237-429c-b525-942b616c6b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5yMGPSIAMF8ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cda-2e7f048c77745f12605a32e3;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:32:10 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: NlttU8JjmZpwqRaDOK799I4y5gSiLz4_iDAIuqNU0f8J_OiB6THFGQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:54:26 GMT
age: 78183
etag: "915155faf27fad10373d5e282621af5c2eba0c17"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e70b2859ca89b353682d03f6b46b93
ebd83f29edd95217dfa4f4c7a94eddf34dd58b14
43ad8f8b0a664bbec39e0410c1201498a2d2e36e5bd7d5ece8d65b15230ec50b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a91bc33-86f4-4bda-af70-da083ceb7c72.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10894
x-amzn-requestid: f7aad96e-af80-4db7-8bc1-d1e09a9b37e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YeJQGHhOIAMFYuw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322559a-538534e91448af217c59ab3d;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 22:28:42 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: P7aZQzmAvqn2rcHJUQjHo0Dcg8dsrqseey5mNOabfq1b857M4SUMDQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Sep 2022 10:33:00 GMT
age: 32669
etag: "ebd83f29edd95217dfa4f4c7a94eddf34dd58b14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
34.120.237.76200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1105b56cf779b6df1cbd081bbd0cda50
58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c
10c1f0433baf51e06565ff905688075aaba8fec0a8b3f9cef34168e297f94c2c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3e5b5676-18df-4d43-8bbd-b85ffe4f1a94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5866
x-amzn-requestid: 3a7db39d-cd4f-486f-954b-39fc7464706c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrNeAE67IAMFSoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63278f8c-66a419ac7fbd977f5f41061b;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:37:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: TdVz72qdwMdsuW1WsOq1qEZk2vmbXJlbppLTTsZ9PlrmN7GEph0dyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:53:39 GMT
etag: "58c5d6f8ba1d3236d788ac55ff7cb2ec7863fb5c"
content-type: image/jpeg
age: 78230
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e4098577adb98eae5ba4a8b5e143df71
b0ad467f2837d103f8a96fb732bd34176c4c7110
83aa54020ffc684690dfb58d78608411de38ab02fee50808a8243c6b388e77c0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd460ce9f-ea5c-436e-8b02-8ec8233b9681.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5064
x-amzn-requestid: 985dbd5b-3e8a-4e22-a974-1effa6c99112
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YrOS8FyBoAMFrCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632790df-201df5494f1513b91eefe9d5;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 21:42:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GIhj3a2-SwYu2w4mLx7JiIJzFfV82-Et89ORRsx5fsGOx9nttPlCxA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:57:13 GMT
etag: "b0ad467f2837d103f8a96fb732bd34176c4c7110"
content-type: image/jpeg
age: 78016
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.regions.com/-/media/Images/DotCom/Locator/MLOs/mortgage-loan-officer-Chris-Tilley-Atlanta.ashx?revision=069c8ec8-3eb5-4d74-8cfb-25ea5c79be69
205.255.103.100200 OK 48 kB URL HTTP/1.1 www.regions.com/-/media/Images/DotCom/Locator/MLOs/mortgage-loan-officer-Chris-Tilley-Atlanta.ashx?revision=069c8ec8-3eb5-4d74-8cfb-25ea5c79be69
IP 205.255.103.100:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 9999x9999, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=11, manufacturer=NIKON CORPORATION, model=NIKON D4S, orientation=upper-left, xresolution=174, yresolution=182, resolutionunit=2, software=Adobe Photoshop CS4 Windows, datetime=2016:08:31 09:05:17], baseline, precision 8, 175x175, components 3\012- data
Hash 2898e8bafa27a5e6064c37184ed8b5fa
fb9ff91f19269b59971176d8500521a7c6e216bc
2ee0d6ca8a90b246dc853d77c7b07e24d288372da8e0b80aec0d9f8fd2fd613f
GET /-/media/Images/DotCom/Locator/MLOs/mortgage-loan-officer-Chris-Tilley-Atlanta.ashx?revision=069c8ec8-3eb5-4d74-8cfb-25ea5c79be69 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 317994
Date: Fri, 16 Sep 2022 03:17:35 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 703e7ba2359443c4b802607864d097a8
Content-Length: 47749
Content-Type: application/octet-stream
Last-Modified: Tue, 04 May 2021 18:07:35 GMT
Accept-Ranges: bytes
Content-Disposition: attachment; filename="mortgage-loan-officer-Chris-Tilley-Atlanta"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/1px.gif
205.255.103.100200 OK 119 B URL HTTP/1.1 www.regions.com/-/media/Images/1px.gif
IP 205.255.103.100:0
File type PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data
Hash ce21cbdd9b894e6af794813eb3fdaf60
d324efa2b5648eaca4a376c87a01808eb63cc18f
603506996b902b8797cbc1dc4bf350440caad5c59feb97c39344fd7648403b5d
GET /-/media/Images/1px.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356693
Date: Thu, 15 Sep 2022 16:32:36 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: abb54fb4cab64b92b52e12f5fa9df56a
Content-Type: image/png
Last-Modified: Fri, 11 Feb 2022 18:54:06 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="1px.png"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 119
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/img/icon-header-chevron-down.svg
205.255.103.100200 OK 517 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/img/icon-header-chevron-down.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text
Hash 6fe592877f7dfdf762e54c6897eb7b82
e938188ad794631774fc4f3c9164c00007d50efd
879055122ad0f1083f2205e4e45871dfdbba85a5d1015fd62caef18ff002cd17
GET /rdcresources/content/media/img/icon-header-chevron-down.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356754
Date: Thu, 15 Sep 2022 16:31:35 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "90464b609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:18 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 517
Strict-Transport-Security: max-age=157680000
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 19:37:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 19:37:29 GMT
Connection: keep-alive
www.regions.com/-/media/Images/WebSiteImages/avatar-branch.png?revision=04722475-1946-4ca4-8a8b-d8ca60b1b2e4
205.255.103.100200 OK 32 kB URL HTTP/1.1 www.regions.com/-/media/Images/WebSiteImages/avatar-branch.png?revision=04722475-1946-4ca4-8a8b-d8ca60b1b2e4
IP 205.255.103.100:0
File type PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash 6fc369a602a8d0b803844cb324804c7d
415c94e7e9528cfcf2706ff599a72d148283384d
ae0ed41222aa8d4f4203f7734202032e84de9df5807b92ae3cc0fd26953e9b9e
GET /-/media/Images/WebSiteImages/avatar-branch.png?revision=04722475-1946-4ca4-8a8b-d8ca60b1b2e4 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356673
Date: Thu, 15 Sep 2022 16:32:56 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: f785d9fe41924d3d829e9becc9f49ec4
Content-Length: 32529
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2016 16:37:41 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="avatar-branch.png"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f003d8b6e12692fb16dddd6827deead8
786c333cf08456aea446a55c547520572e1c2df9
d79ea50cfc0f237b3de8f1826cbae1de0b1dbc632a5a06b08d9640abedded935
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c670b93-3941-4322-a938-e74eba949ad6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11919
x-amzn-requestid: 2f547c1f-2f5d-4707-8f6c-fe9dfff51383
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YbfS4FI9oAMFScw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632145ab-3c967f2653d06c1c079f88c1;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 03:08:27 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: xG9XQItrQEJXCW9JRcI6aDELQKCTOlnwq1Xg5_vQcqCPNtHGWkScFw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 22:00:17 GMT
age: 77832
etag: "786c333cf08456aea446a55c547520572e1c2df9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 19:37:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9281
Expires: Mon, 19 Sep 2022 22:12:10 GMT
Date: Mon, 19 Sep 2022 19:37:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd6067cf-6392-4f3a-8543-a3861c83d1cd.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd6067cf-6392-4f3a-8543-a3861c83d1cd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ae5a7fc19cf9601753b147621cb9f8c
04063797f76518668fdd9a5d5a86c7637eac43b8
b1c659363aa69139a03aab9a6d76800b3568ccf5201f02e1ea864e2bff70d3a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd6067cf-6392-4f3a-8543-a3861c83d1cd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 29c7788f-27e9-4823-8cba-ebf4ef9ea7ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yn5tjEvsoAMFrtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63263cbc-37b8d7930503d507592bf728;Sampled=0
x-amzn-remapped-date: Sat, 17 Sep 2022 21:31:40 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -hhkLqfURsIBwgNHxoMM002WynFjq5WJ62bNRbXhFxH6dbmZD7zm2g==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Sep 2022 21:52:35 GMT
age: 78294
etag: "04063797f76518668fdd9a5d5a86c7637eac43b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.regions.com/rdcresources/content/media/img/icon-help.svg
205.255.103.100200 OK 1.6 kB URL HTTP/1.1 www.regions.com/rdcresources/content/media/img/icon-help.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (2810)
Hash 1e87abefd0a276764c34a02b603b55db
726453b4422b74ff47e7219c823e809bc2dc0763
f00319af3c6c500e1707cb37995e13782710bc08ec0e2bc68a4e6ea28053c25b
GET /rdcresources/content/media/img/icon-help.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356754
Date: Thu, 15 Sep 2022 16:31:35 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "0e82609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 1604
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/images/websiteimages/icon-locator-mlo-badge.svg
205.255.103.100200 OK 288 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/images/websiteimages/icon-locator-mlo-badge.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (352)
Hash 644bd0cb57824821768ad81bc24a44af
2e2a8af1795c6b25db1565a3cdbda4d7cc91195a
116ed69e7888779413c0a65cb95b9c09e01d4340e802d2f7800918a3572bf39f
GET /rdcresources/content/media/images/websiteimages/icon-locator-mlo-badge.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356591
Date: Thu, 15 Sep 2022 16:34:18 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "f095cd609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 288
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/images/websiteimages/icon-diploma.svg
205.255.103.100200 OK 999 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/images/websiteimages/icon-diploma.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2436)
Hash 3f7ebf0a903242cf3f25bc1bc160577a
93687981f9912dbb442c5ff91757ef2794457f7b
1ffe8b84b0938826970ed87dd87578870553bf2e21b56d91cfba29a269bfd335
GET /rdcresources/content/media/images/websiteimages/icon-diploma.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356663
Date: Thu, 15 Sep 2022 16:33:07 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "20bce609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 999
Strict-Transport-Security: max-age=157680000
www.regions.com/RDCResources/Scripts/rdc-ui.min.js?v=1.0.0.30012
205.255.103.100200 OK 152 kB URL HTTP/1.1 www.regions.com/RDCResources/Scripts/rdc-ui.min.js?v=1.0.0.30012
IP 205.255.103.100:0
File type Unicode text, UTF-8 text, with very long lines (60936)
Size 152 kB (152472 bytes)
Hash 2a9f15958185b4f994c972abc957498f
2cb3a68eeadd9ccd669ca37bb19d2c71fe9fde21
6d293278c7819ea252248629add5e0b13684b5ca1750e8eca66aaf3ef0696d34
GET /RDCResources/Scripts/rdc-ui.min.js?v=1.0.0.30012 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356731
Date: Thu, 15 Sep 2022 16:31:58 GMT
Cache-Control: max-age= 31536000,public
Content-Length: 152472
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "0733619ab8d81:0"
Content-Type: application/javascript
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/WebSiteImages/loader.gif
205.255.103.100200 OK 8.4 kB URL HTTP/1.1 www.regions.com/-/media/Images/WebSiteImages/loader.gif
IP 205.255.103.100:0
File type GIF image data, version 89a, 80 x 80\012- data
Hash 0eb0c1bdfdc4a4bd352121f51fec9149
d19adfb29240f0e08accaa483fc00c83c795f369
94a9405de974c3a6ea53616c60777c091e1330fb1b07549d5bdba4168cd19e70
GET /-/media/Images/WebSiteImages/loader.gif HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356693
Date: Thu, 15 Sep 2022 16:32:36 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 7cfa43f033c942d7a4dbec8b73001e6b
Content-Type: image/gif
Last-Modified: Fri, 03 Apr 2020 23:05:54 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="loader.gif"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 8369
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/images/websiteimages/icon-search.svg
205.255.103.100200 OK 383 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/images/websiteimages/icon-search.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (885)
Hash 5a496f703b488debeff9e2a3ffb15431
45c6bcfbba5d287d4ab934f1be58936ce02b07f1
cccd3510527cc3dba2e9549bfafc7d5adcc841c85ac5adc3ece5e929e5110521
GET /rdcresources/content/media/images/websiteimages/icon-search.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356673
Date: Thu, 15 Sep 2022 16:32:56 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "f095cd609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 383
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/images/websiteimages/icon-arrow-left.svg
205.255.103.100200 OK 182 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/images/websiteimages/icon-arrow-left.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 3d6e93f26cbed5c0aa513bf999390324
2eba3877db3b6e7628432bac0ddaa87bb15e0964
16bf21ce7515f635f6001facdc834a464e4f33ee66f8107a6d9c591b652d8945
GET /rdcresources/content/media/images/websiteimages/icon-arrow-left.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356744
Date: Thu, 15 Sep 2022 16:31:45 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "c020cd609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 182
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/WebSiteImages/video-component-background.jpg
205.255.103.100200 OK 86 kB URL HTTP/1.1 www.regions.com/-/media/Images/WebSiteImages/video-component-background.jpg
IP 205.255.103.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2800x900, components 3\012- data
Hash 714ec83101dd539af3adda51008a05d1
e2532bb228b37f019f4c7e50a850cc10d3dc5d3a
7caee0314b38dbf2499e877aaf6fc68cc34521d63d55a08d8b8ea4cecb7f7990
GET /-/media/Images/WebSiteImages/video-component-background.jpg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356711
Date: Thu, 15 Sep 2022 16:32:19 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 9d7b5cdd37ac4196bc046f22d89a7d60
Content-Type: image/jpeg
Last-Modified: Fri, 03 Apr 2020 23:05:56 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="video-component-background.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 85802
Strict-Transport-Security: max-age=157680000
www.regions.com/rdcresources/content/media/images/websiteimages/icon-arrow-right.svg
205.255.103.100200 OK 178 B URL HTTP/1.1 www.regions.com/rdcresources/content/media/images/websiteimages/icon-arrow-right.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 3fdfa195b0c473d29f63646ffc634e37
1269b3601af214b36e1215d781c1042b192333ad
14bd0be8cfd82397404fec404f48f9994b2dd47fceb8a4f6b004d59803cade17
GET /rdcresources/content/media/images/websiteimages/icon-arrow-right.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/RDCResources/Content/rdc-ui.min.css?v=1.0.0.30012
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356744
Date: Thu, 15 Sep 2022 16:31:45 GMT
Cache-Control: max-age= 31536000,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: "c020cd609ab8d81:0"
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2022 15:50:19 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 178
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/H-FAH-preparing-for-a-major-home-remodel-thumb.jpg?revision=cea5c952-835f-4735-af18-4850d9b0646f
205.255.103.100200 OK 98 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/H-FAH-preparing-for-a-major-home-remodel-thumb.jpg?revision=cea5c952-835f-4735-af18-4850d9b0646f
IP 205.255.103.100:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 432x456, components 3\012- data
Hash 372bd7f2ff8ecf74e939d7d7e2ad94af
320244fbc60864b6662f3ae720817099bfaf3add
80d2097213a26f3ae12d5deae29efca6864f9cd0e7886a03812f0da841667207
GET /-/media/Images/Insights/Thumbnail/Personal/H-FAH-preparing-for-a-major-home-remodel-thumb.jpg?revision=cea5c952-835f-4735-af18-4850d9b0646f HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356681
Date: Thu, 15 Sep 2022 16:32:48 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: f78551ee84504eef883b8b40efb13011
Content-Type: image/jpeg
Last-Modified: Mon, 01 Mar 2021 14:39:24 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="H-FAH-preparing-for-a-major-home-remodel-thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 98074
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-understanding-adjustable-rate-mortgages-podcast-Thumb.jpg?revision=123ce605-bb6a-45a2-bee4-cfab482b5041
205.255.103.100200 OK 89 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-understanding-adjustable-rate-mortgages-podcast-Thumb.jpg?revision=123ce605-bb6a-45a2-bee4-cfab482b5041
IP 205.255.103.100:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Macintosh), datetime=2020:01:16 13:59:30 DIY-Thermocam raw data\012- (Lepton 2.x), scale 21870-29766, spot sensor temperature 74893065746301681918931676168192.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 137438953472.000000], baseline, precision 8, 432x456, components 3\012- data
Hash 6f07089f352bd05fa11d90f30e6cc5e4
0cb2658df6969bd6b8be226965eb2c259f0ea20b
1d0f2941a7e38e37c07ab51df9d709e4711faee18fdba5382811abb70e061fa3
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-understanding-adjustable-rate-mortgages-podcast-Thumb.jpg?revision=123ce605-bb6a-45a2-bee4-cfab482b5041 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356632
Date: Thu, 15 Sep 2022 16:33:37 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: fbff9ae4cc204417b09fbc41995b15f9
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:05 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FAH-understanding-adjustable-rate-mortgages-podcast-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 88747
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Save-Money-Refinancing-Your-Mortgage.jpg?revision=d3ad0902-be59-443c-a8a8-980c0ba397cd
205.255.103.100200 OK 16 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Save-Money-Refinancing-Your-Mortgage.jpg?revision=d3ad0902-be59-443c-a8a8-980c0ba397cd
IP 205.255.103.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 216x228, components 3\012- data
Hash 51dd85ef382069ec38904173a12e9812
e821e922c3f7a622b4d032032d8c13eaaa71013a
e0863c1bfa4b1cc0e2068765f09fc77f543a4caa33fdc6b41da08d3f28b9b6b0
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Save-Money-Refinancing-Your-Mortgage.jpg?revision=d3ad0902-be59-443c-a8a8-980c0ba397cd HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356681
Date: Thu, 15 Sep 2022 16:32:48 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: ecc44ec6c3da494498bf2e82b723f903
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:15 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FH-Save-Money-Refinancing-Your-Mortgage.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 16468
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Questions_to_Ask_When_Considering_a_Home_Equity-Thumb.jpg?revision=bef24dc0-fea4-4d81-999e-3fcb5fc79dd3
205.255.103.100200 OK 34 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Questions_to_Ask_When_Considering_a_Home_Equity-Thumb.jpg?revision=bef24dc0-fea4-4d81-999e-3fcb5fc79dd3
IP 205.255.103.100:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 432x456, components 3\012- data
Hash cddff7f07661de94582305c4455e96d7
e61aba41b7d7cc1b05560a1387824f82092cfd05
e6ddaffbc4e3f08ebe842ed529a3aaccbd23d6a140e5cc10db89b056f11e7105
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FH-Questions_to_Ask_When_Considering_a_Home_Equity-Thumb.jpg?revision=bef24dc0-fea4-4d81-999e-3fcb5fc79dd3 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356681
Date: Thu, 15 Sep 2022 16:32:48 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 73176d8e641740558ec2903100565b1b
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:15 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FH-Questions_to_Ask_When_Considering_a_Home_Equity-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 33665
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-UYHE-Is_a_Home_Equity_Loan_or_Line_of_Credit_Right_for_you-Thumb.jpg?revision=015fa817-5dd3-4991-852e-0e106801180a
205.255.103.100200 OK 21 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-UYHE-Is_a_Home_Equity_Loan_or_Line_of_Credit_Right_for_you-Thumb.jpg?revision=015fa817-5dd3-4991-852e-0e106801180a
IP 205.255.103.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 432x456, components 3\012- data
Hash de1166a7dea4821e653419386f30ef80
849da63131c1f7333e790c7b8470beea90797a3d
73f81791ec41abc9a738979de0f83bd6c2efc70908e86047ff2b2aa5cdb62a60
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-UYHE-Is_a_Home_Equity_Loan_or_Line_of_Credit_Right_for_you-Thumb.jpg?revision=015fa817-5dd3-4991-852e-0e106801180a HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356681
Date: Thu, 15 Sep 2022 16:32:48 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 8ca54c4c0b8e477093a82d2796b8587b
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:11 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-UYHE-Is_a_Home_Equity_Loan_or_Line_of_Credit_Right_for_you-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 20600
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FYH-Checklist_Closing_Costs_vs_Prepaid_Items-Thumb.jpg?revision=fd9cddf8-1e36-4d44-a1ee-5aeef8da81e8
205.255.103.100200 OK 22 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FYH-Checklist_Closing_Costs_vs_Prepaid_Items-Thumb.jpg?revision=fd9cddf8-1e36-4d44-a1ee-5aeef8da81e8
IP 205.255.103.100:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 432x456, components 3\012- data
Hash 43c3979dfaa872bee3d5ecd678b41551
efb2b3011959b7e59fdf8a0242fc69190eb85e4b
852995c5e7bd28d42e0086cac3de58ddbd9ef0161ade5267f3d16b09579dd6d4
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FYH-Checklist_Closing_Costs_vs_Prepaid_Items-Thumb.jpg?revision=fd9cddf8-1e36-4d44-a1ee-5aeef8da81e8 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356638
Date: Thu, 15 Sep 2022 16:33:32 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 0bad9f02bd23408ba9830e28065b7798
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:16 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FYH-Checklist_Closing_Costs_vs_Prepaid_Items-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 21773
Strict-Transport-Security: max-age=157680000
www.regions.com/locator/mlo/-/media/Images/Icon/icon-calendar/icon-calendar.svg
205.255.103.100200 OK 940 B URL HTTP/1.1 www.regions.com/locator/mlo/-/media/Images/Icon/icon-calendar/icon-calendar.svg
IP 205.255.103.100:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2699), with no line terminators
Hash c83395d617c81d10166217b9351ddd3d
cc2faff006102f6fffddc4ad5455391471459233
e9c2910517c5105adba61d2001a7ab4ad1f36b90e059fdc8464c6f851310f899
GET /locator/mlo/-/media/Images/Icon/icon-calendar/icon-calendar.svg HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356661
Date: Thu, 15 Sep 2022 16:33:08 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 280096ce24584f08ae4f82ec6e1611c5
Content-Type: image/svg+xml
Content-Encoding: br
Last-Modified: Wed, 03 Mar 2021 23:16:47 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Disposition: inline; filename="icon-calendar.svg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 940
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-ThingsToKnowAboutAnAdjustableRateMortgage-Thumb.jpg?revision=7359873d-ce42-45c7-bef6-35604caaf84b
205.255.103.100200 OK 33 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-ThingsToKnowAboutAnAdjustableRateMortgage-Thumb.jpg?revision=7359873d-ce42-45c7-bef6-35604caaf84b
IP 205.255.103.100:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 432x456, components 3\012- data
Hash a0fdb87f17a0891d20b4c7c7dd489ae3
e64540d9a8a47e946531663c1939a7595ac0da41
673948f25b84f697a6098cdb3880ed34ad8675ffd4b3c5b7c7c984a4a091a551
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-ThingsToKnowAboutAnAdjustableRateMortgage-Thumb.jpg?revision=7359873d-ce42-45c7-bef6-35604caaf84b HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356635
Date: Thu, 15 Sep 2022 16:33:34 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 8058e759fc414eed969f8bd2f43e85a0
Content-Length: 33076
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:16 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FAH-ThingsToKnowAboutAnAdjustableRateMortgage-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-applying-for-a-home-loan-podcast-Thumb.jpg?revision=69f08e28-6916-4f57-a2ed-a1f0ed32dc22
205.255.103.100200 OK 88 kB URL HTTP/1.1 www.regions.com/-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-applying-for-a-home-loan-podcast-Thumb.jpg?revision=69f08e28-6916-4f57-a2ed-a1f0ed32dc22
IP 205.255.103.100:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 21.0 (Macintosh), datetime=2020:01:16 13:19:44], baseline, precision 8, 432x456, components 3\012- data
Hash c8841785cd39c7400eb055f52f4fd395
dcb5859dc36c50ab2727e2a9366d5c59551a4b28
1d47fb60ed8a9217554a061f114f98265f0241adeec6b7ecfe58b98a9ca9f137
GET /-/media/Images/Insights/Thumbnail/Personal/P-H-FAH-applying-for-a-home-loan-podcast-Thumb.jpg?revision=69f08e28-6916-4f57-a2ed-a1f0ed32dc22 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356632
Date: Thu, 15 Sep 2022 16:33:38 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: db4a6978e622401bbde4a35d3c2b7841
Content-Length: 88363
Content-Type: image/jpeg
Last-Modified: Fri, 11 Sep 2020 15:58:05 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="P-H-FAH-applying-for-a-home-loan-podcast-Thumb.jpg"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Strict-Transport-Security: max-age=157680000
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.regions.com/-/media/Images/WebSiteImages/favicon.ico
205.255.103.100200 OK 9.7 kB URL HTTP/1.1 www.regions.com/-/media/Images/WebSiteImages/favicon.ico
IP 205.255.103.100:0
File type MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel\012- data
Hash 770326a3949eeac3b1b32f636a435b24
34e947c7883865ed4982b1108ff1d8d3225edaaf
d40069d6602b8db241d15a18513f0d26f783b9b012a46b7fca2bd4a23ccb5be1
GET /-/media/Images/WebSiteImages/favicon.ico HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False; Regions_SessionId=b6b50e85-f4fe-441d-8076-b8ad8fbc6ed7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356750
Date: Thu, 15 Sep 2022 16:31:40 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: c8a67602af18477991e64598d71384a6
Content-Type: image/x-icon
Last-Modified: Wed, 26 Jan 2022 21:49:47 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="favicon.ico"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 9662
Strict-Transport-Security: max-age=157680000
maps.googleapis.com/maps/api/js?v=3.exp&libraries=places&client=gme-regionsbank&callback=REGIONS.maps.afterInit&_=1663616230510
142.250.74.42200 OK 56 kB URL HTTP/2 maps.googleapis.com/maps/api/js?v=3.exp&libraries=places&client=gme-regionsbank&callback=REGIONS.maps.afterInit&_=1663616230510
IP 142.250.74.42:0
File type ASCII text, with very long lines (2523)
Hash bb844b9c9152a390818f2e751b052445
b28d44c22927d68c8de8c3b2cc34f7d8a9bcae3d
3e122841a4dd0daca41dfab1b086ad76b873e4af8ac4d101bf4b2aa520e336ac
GET /maps/api/js?v=3.exp&libraries=places&client=gme-regionsbank&callback=REGIONS.maps.afterInit&_=1663616230510 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Mon, 19 Sep 2022 19:37:30 GMT
expires: Mon, 19 Sep 2022 20:07:30 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 56288
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=22
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash eaa8b4aa123f9dd7237c5c51d2f848d9
1082f5f6ef7229ec76f94f3d236f273b26294563
d1ad33dae2fcab5c7d66875f0e7a01cc30e0b3a031606917fa5448c54f84e20d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nexus.ensighten.com/regions/regions-prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-prod/code/&publishedOn=Mon%20Sep%2019%2016:07:04%20GMT%202022&ClientID=1202&PageID=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
54.230.111.14200 OK 398 B URL HTTP/2 nexus.ensighten.com/regions/regions-prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-prod/code/&publishedOn=Mon%20Sep%2019%2016:07:04%20GMT%202022&ClientID=1202&PageID=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
IP 54.230.111.14:0
File type ASCII text, with very long lines (397)
Hash 664a33213f0a544cd0d6326b5d1fc724
d1d34ad238643356732a5f94f046b4bc9b3f36df
ec4cdf0b95c7420c1ce1fcf6b0f55259d675555034719bb319c9790f6b328b4f
GET /regions/regions-prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-prod/code/&publishedOn=Mon%20Sep%2019%2016:07:04%20GMT%202022&ClientID=1202&PageID=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/javascript
content-length: 398
server: nginx
date: Mon, 19 Sep 2022 19:37:30 GMT
expires: Mon, 19 Sep 2022 19:37:29 GMT
cache-control: no-cache, no-store
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y08NEFSiTjJ-_Hcxzkji1V7gmcTHWONWOj6Uy9_E2xGJh1XZ9VVK9g==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 45f95aa258ab932ac2f8a33ff7944ffe
8f52b66e897dab7cb160d481886805ea216f407f
de4fd2aaa566b601e82c38806ec8ea84110b1d63f15efe48186f5bcf70847488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-1013536406&l=regionsDataLayer
142.250.74.72200 OK 47 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-1013536406&l=regionsDataLayer
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 7c174b92708c1d9f0df05f9429ea93d0
126e5d3676c278db373bd578406668d5bc876799
7011ab9650423882dcbbee83e357c7d380dd4debf4077a2e30866bbab26a5e41
GET /gtag/js?id=AW-1013536406&l=regionsDataLayer HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:37:31 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46552
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.regions.com/-/media/Images/DotCom/Generic/video-component-background.jpg?revision=bd3405f8-01e8-4334-ab30-0fa6d90ca353
205.255.103.100200 OK 926 kB URL HTTP/1.1 www.regions.com/-/media/Images/DotCom/Generic/video-component-background.jpg?revision=bd3405f8-01e8-4334-ab30-0fa6d90ca353
IP 205.255.103.100:0
File type PNG image data, 1400 x 450, 8-bit/color RGBA, non-interlaced\012- data
Size 926 kB (926480 bytes)
Hash 869f6fce3cc41447159b757d89bc8ba7
e9e34caba119cb5727bf3324c4d897edd22ea1e6
8e8dcd035a49dabbf01d255019d0fca12bace4c39bbb8b3aa7373a1dadae49a5
GET /-/media/Images/DotCom/Generic/video-component-background.jpg?revision=bd3405f8-01e8-4334-ab30-0fa6d90ca353 HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False; Regions_SessionId=b6b50e85-f4fe-441d-8076-b8ad8fbc6ed7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356661
Date: Thu, 15 Sep 2022 16:33:08 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: f294c5922dab4c0da74893f259ffb939
Content-Type: image/png
Last-Modified: Tue, 04 Aug 2020 19:24:35 GMT
Accept-Ranges: bytes
Content-Disposition: inline; filename="video-component-background.png"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 926480
Strict-Transport-Security: max-age=157680000
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 26fcf8aea27805b4a6a29e3e2a4ba19b
f920fd6c5a79a4adb2f456edcee678757ff1602c
7aa63d03f514e4f51190e85f167f747563f980e0e6fdee6cce9393321dff1038
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-959581806&l=regionsDataLayer&cx=c
142.250.74.72200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-959581806&l=regionsDataLayer&cx=c
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash e6f58f04febd0b1d8f42ce63da5125a9
35eeebf821898b5c6e6a07cd5b82d4aea2b7e916
b4ea172b36bf2db12267038a8106b7337d50c71ad1257271ebba1aa266e62dd0
GET /gtag/js?id=AW-959581806&l=regionsDataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:37:31 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Sep 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46475
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=2f522f2cbc0fecebadd20f961aabdb13&k=regions-bank-pixel-8219&zmpID=regions-bank&cache_buster=3273525623922463&PageUrl=https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
143.204.55.19200 OK 1.9 kB URL HTTP/2 live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=2f522f2cbc0fecebadd20f961aabdb13&k=regions-bank-pixel-8219&zmpID=regions-bank&cache_buster=3273525623922463&PageUrl=https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
IP 143.204.55.19:0
File type HTML document, ASCII text, with very long lines (1202)
Hash 89c7f68d93da8d984267e95904b011a2
fff87810f753d34a6b9a1b61a8ff252156f1cd80
3ccaf58063ee70e27d658b3a99b2bd8e94c9359d660ae4eebe7932bb3127bcce
GET /sync?c=16b6410431b6374e780104abb0443ca8&p=2f522f2cbc0fecebadd20f961aabdb13&k=regions-bank-pixel-8219&zmpID=regions-bank&cache_buster=3273525623922463&PageUrl=https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 1876
date: Mon, 19 Sep 2022 19:37:31 GMT
set-cookie: zync-uuid=537b32e2-9f88-4be6-a07e-82146508cd8f:1663616251.0558674; Domain=rezync.com; Expires=Sat, 18 Mar 2023 19:37:31 GMT; Path=/; SameSite=None; Secure
sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNTM3YjMyZTItOWY4OC00YmU2LWEwN2UtODIxNDY1MDhjZDhmOjE2NjM2MTYyNTEuMDU1ODY3NCJ9.YyjE-w.6f0cS_jlD-ZotEV1wV3RTqmKWm8; Expires=Sat, 18 Mar 2023 19:37:31 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: igENSaObnybI6LPc2_2LWGhLBTJxJjSGSN3WX5vRKerI5S7s0GrD0A==
X-Firefox-Spdy: h2
t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0
104.244.42.5200 OK 43 B URL HTTP/2 t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0
IP 104.244.42.5:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0 HTTP/1.1
Host: t.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:30 GMT
server: tsa_o
set-cookie: muc_ads=da1e3c24-64f0-4f2f-be4d-30a9485c1650; Max-Age=63072000; Expires=Wed, 18 Sep 2024 19:37:31 GMT; Path=/; Domain=t.co; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
strict-transport-security: max-age=0
x-response-time: 103
x-connection-hash: 3c947357d4eea11799f1e08ad1d249993371bcf4ca1c410c373c048608b90543
X-Firefox-Spdy: h2
cdn.boomtrain.com/p13n/regions-bank/p13n.min.js
143.204.55.27200 OK 25 kB URL HTTP/1.1 cdn.boomtrain.com/p13n/regions-bank/p13n.min.js
IP 143.204.55.27:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab8cd332a22e1d2db064b058294376e8
9dc75f11aa8e1fba0f793bf9cd9b6d7c1bce5ef8
329e298368dca6b24c3ef075eb6b893ca4f1a9e1d2017fd581a714a5445297d5
GET /p13n/regions-bank/p13n.min.js HTTP/1.1
Host: cdn.boomtrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 07:49:41 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: XG4gQnUy2H_5UJpFHdRg4R7Iy7nYL_5J
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 18:53:13 GMT
Cache-Control: public, max-age=3600
ETag: W/"b5c7a6912795e6d385f5e9a8b245f7dd"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ImcU6UiDovDCl5mFGOwaavKmcktIO1cQfY8X4cCcbm657ChG7KmASQ==
Age: 2659
nexus.ensighten.com/error/e.gif?msg=Invalid%20data%20definition%20used%3A%2059857&lnn=54&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-prod%2FBootstrap.js&cid=1202&client=regions&publishPath=regions-prod&rid=-1&did=-1&errorName=DataDefinitionException
54.230.111.14204 No Content 0 B URL HTTP/2 nexus.ensighten.com/error/e.gif?msg=Invalid%20data%20definition%20used%3A%2059857&lnn=54&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-prod%2FBootstrap.js&cid=1202&client=regions&publishPath=regions-prod&rid=-1&did=-1&errorName=DataDefinitionException
IP 54.230.111.14:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /error/e.gif?msg=Invalid%20data%20definition%20used%3A%2059857&lnn=54&fn=https%3A%2F%2Fnexus.ensighten.com%2Fregions%2Fregions-prod%2FBootstrap.js&cid=1202&client=regions&publishPath=regions-prod&rid=-1&did=-1&errorName=DataDefinitionException HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: CloudFront
date: Mon, 19 Sep 2022 01:05:17 GMT
cache-control: no-cache, no-store
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mRSZPLtuK-yuTjrfxsJB_JDTtfVMf1nqgTgj1Eiag8JWTrzU99Vigg==
age: 66734
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (38826), with no line terminators
Hash 293ae3e0fc8b0d5c143fdf9d8490228d
3976c659b908e70818a3a1ac71860b497fe2d1a9
04a840d967ae836e14179bde574cabf14a1fc871182ca0f8193e7a0b06c727ab
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11367
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ranges: bytes
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
set-cookie: MUID=044104134C51601A159116374D0661F9; domain=.bing.com; expires=Sat, 14-Oct-2023 19:37:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1E0ED98281684120A011E496760F26AB Ref B: OSL30EDGE0317 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:30 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5b7a05fad83d3476facabd4e7eb8dc42
64d6ee10d23330cd51ea38487544c595b47f2633
4ff8fbed80185bfa0a9196affa36c5f60e743c86d3cf5328a5884b8058dca635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4789
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 18:17:42 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
c1.rfihub.net/js/tc.min.js
54.230.111.62200 OK 6.2 kB URL HTTP/2 c1.rfihub.net/js/tc.min.js
IP 54.230.111.62:0
File type C source, ASCII text, with very long lines (19497)
Hash ab5a2e3f2414c0a2b622e48c0b6da2fd
1a894787bde6cbf9b58d47b8f4245607420112ad
a5ef19cf7ca85f760c462ed2f228430c8d0a6d9daf3aa34894a5c42113cfdb8f
GET /js/tc.min.js HTTP/1.1
Host: c1.rfihub.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6162
date: Mon, 19 Sep 2022 18:50:51 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
expires: Mon, 19 Sep 2022 19:50:51 GMT
last-modified: Mon, 19 Sep 2022 18:50:41 GMT
content-encoding: gzip
server: Jetty(9.3.29.v20201019)
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YQfUj9a5GOHH74tYYGVyOhRuhzKE9FksXmGL5GCiJ6Sx9PRvmE8--g==
age: 2800
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ef491d15a0bde5279fa4fc8b426a9941
efd17fcc768356192e7ff660ecf77b5ca845ef77
43b144675694707debd0125a8e2a0acbc2a53ab34e33df0071ae8f0a2d0bfc05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
p.teads.tv/teads-fellow.js
23.195.255.234200 OK 6.1 kB URL HTTP/1.1 p.teads.tv/teads-fellow.js
IP 23.195.255.234:0
File type ASCII text, with very long lines (18731), with no line terminators
Hash 902bc7132072846ba4cc1f1f7cc252c6
a49200dff348bcf4fa95b44affdad4b66c1cc0ee
9f00a9c3d9f7b946e338b2e032ad970efe9038111c366b40c29d19ed94fed2d4
GET /teads-fellow.js HTTP/1.1
Host: p.teads.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: /lbovGDiT6tEkfAGuFXPcZX8AX+QFWSaDE+RNzg/J6J1okPgkntwiEsE82zCPa645+MFY5zvRpI=
x-amz-request-id: VZSQVCHBHDT9J4RK
Last-Modified: Mon, 29 Aug 2022 07:30:51 GMT
ETag: "38cde7fdc2be1baf0e19adba420b4480"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Encoding: gzip
Content-Length: 6068
Cache-Control: max-age=559
Date: Mon, 19 Sep 2022 19:37:31 GMT
Connection: keep-alive
Vary: Accept-Encoding
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8014ea74946aee77ef2f3b9a264be553
fda85fc27ac2f811e543c11436cf5623cbd46bb2
271b1db0f8cff912a931b78cedb32fd59adeb60025dbcbd7cc5add7d03c82f7c
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 19 Sep 2022 01:41:05 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vsPY12FE0YQ1S35mFjL3MdXigWOWSbDh8CU5go_mp5oBN6yM4XWwNQ==
Age: 64587
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 33468eb2632c1c57c025c475785f3889
9d2b5d4dcce21542290262c42ea09fb6c0d8ad3a
ce07d1c50fa0a5560e83c910eff64f46f6097c3b98209268581fc9ad14078098
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5973
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 17:57:58 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 048e52d1944b049a22496a47fe2de926
f78ac56854d628008a36113c0e58614f7bc2cef5
d36def314bb9bc23d28503ed3ce6db2ebdb065ec7cdb01e1d0c32de0c4a97d61
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 18:21:19 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 313
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6f0747f732f05e110f9fe9938de620d3
d4e9a55014187d0d2af174e5c27d03cc10c6cb05
32a866308c9d930c425a8ced1974039a409528cb4a0bd07bfbe4d8cd39be9742
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.bttrack.com/js/44911/analytics/1.0/analytics.min.js
69.16.175.42200 OK 369 B URL HTTP/1.1 cdn.bttrack.com/js/44911/analytics/1.0/analytics.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (599), with no line terminators
Hash ad0eb0570078f9251ad5b5f6bde73010
c8787129ce4b915314a5c05be6812f74fb148945
80a9e2602c17d221fe8d16a24af2a9a7b477d0ce22e3e5e124575cea35953026
GET /js/44911/analytics/1.0/analytics.min.js HTTP/1.1
Host: cdn.bttrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:31 GMT
Connection: Keep-Alive
Cache-Control: max-age=75017
Content-Encoding: gzip
Content-Length: 369
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
X-HW: 1663616251.dop220.sk1.t,1663616251.cds202.sk1.shn,1663616251.dop220.sk1.t,1663616251.cds229.sk1.c
connect.facebook.net/en_US/fbevents.js
157.240.200.14200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.200.14:0
File type ASCII text, with very long lines (64348)
Hash 9ecd89752214ef749272eef344b9089a
70a58a49c08934265ee34c74efb01d6b3124095d
f76c51487e348977288fcaf83984cd8fe4e73758cc352402774d9eb94680d528
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: cvnjGqBQPlYvshcGjLeGY9eYApwoJIiCyGUInbJiztCTdAXCzZHQvWMFeg8EDFnYcVMqXHwVqyywPo/LjBtK4Q==
content-length: 26839
x-fb-trip-id: 1679558926
date: Mon, 19 Sep 2022 19:37:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4ee5c6443c11da4a5cf7ea801cd0c62f
e742a7ee1cbedf1a23a82361f3873dbc165f927c
e3682e49ed03efcf590a500154380807b54433f8344923e9017994bdf0d46924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/action/0?ti=21011282&Ver=2&mid=026c8d7c-e866-493a-a662-fa6e2ec43a11&sid=74da4b90385211ed877c13903b979b9f&vid=74da8dc0385211edbeaa8feb9eba10a9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&kw=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&p=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&r=<=3175&evt=pageLoad&sv=1&rn=617841
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=21011282&Ver=2&mid=026c8d7c-e866-493a-a662-fa6e2ec43a11&sid=74da4b90385211ed877c13903b979b9f&vid=74da8dc0385211edbeaa8feb9eba10a9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&kw=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&p=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&r=<=3175&evt=pageLoad&sv=1&rn=617841
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=21011282&Ver=2&mid=026c8d7c-e866-493a-a662-fa6e2ec43a11&sid=74da4b90385211ed877c13903b979b9f&vid=74da8dc0385211edbeaa8feb9eba10a9&vids=1&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&kw=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&p=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&r=<=3175&evt=pageLoad&sv=1&rn=617841 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=14EB5663707669AD39704447712168A6; domain=.bing.com; expires=Sat, 14-Oct-2023 19:37:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3E86B67676AA4B56A9005E8862629025 Ref B: OSL30EDGE0317 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:30 GMT
X-Firefox-Spdy: h2
ad.doubleclick.net/ddm/activity/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607
216.58.207.198302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607
IP 216.58.207.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10175658&he=start&auid=regio0
212.82.100.181200 OK 43 B URL HTTP/2 sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10175658&he=start&auid=regio0
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bff56ce49dd485d195fdfa0a02342568
74fb4071deab7d3ab083562067b735df32c43397
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
GET /spp.pl?a=10000&.yp=10175658&he=start&auid=regio0 HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:31 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: image/gif
accept-ranges: bytes
content-length: 43
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBPvEKGMCECyH_88UWQNhvL_x-PR3Q7YFEgEBAQEWKmMyYwAAAAAA_eMAAA&S=AQAAAnSGq_9D-eLEBf-0DOsNNuw; Expires=Wed, 20 Sep 2023 01:37:31 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/activity;xsp=4958803;ord=688565102512972?
216.58.211.2200 OK 42 B URL HTTP/2 pubads.g.doubleclick.net/activity;xsp=4958803;ord=688565102512972?
IP 216.58.211.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /activity;xsp=4958803;ord=688565102512972? HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:31 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 61bf976ff6b3fa763b7be75e0dc644d9
5a83f04285ae91d8eb8f065cf885bc38d06699b0
f159f1113ea300b559fd7a5ee32fc5ff7aef0460cda84a7be7ff07f6650026c3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4094
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 18:29:17 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
www.youtube.com/s/player/a97e97de/www-widgetapi.vflset/www-widgetapi.js
216.58.207.206200 OK 54 kB URL HTTP/2 www.youtube.com/s/player/a97e97de/www-widgetapi.vflset/www-widgetapi.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (717)
Hash 6e76f026784d989bd29e49c9ddccc987
c34de6c0b940b84f9661362f0f6066add02c514a
114d7eaf08937f0aa614ce1160b1426a5d2e6d3ad05ace9ce6f264dbcf5e50c2
GET /s/player/a97e97de/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53518
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 03:05:19 GMT
expires: Sat, 16 Sep 2023 03:05:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Sep 2022 21:54:27 GMT
content-type: text/javascript
age: 318732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dc.ads.linkedin.com/collect/?pid=681506&fmt=gif
13.107.42.14302 Found 0 B URL HTTP/2 dc.ads.linkedin.com/collect/?pid=681506&fmt=gif
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect/?pid=681506&fmt=gif HTTP/1.1
Host: dc.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D681506%26fmt%3Dgif%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLD6JF61FHyyAAAAYNXQXYukhwujHVNgJQU29S2w8jk4kaTKiZm8nBN3mPMtmu4DRIyLnZpxw1x4w; Max-Age=2592000; Expires=Wed, 19 Oct 2022 19:37:31 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIpMKhvugsnrAAAAYNXQXYub3uYIum_FQiDFR9Iq3vriIePKQCRinY3R2R5Zv_qtdvubPINMuZTBCnt70d-LA; Max-Age=2592000; Expires=Wed, 19 Oct 2022 19:37:31 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&25575341-284f-4824-8a5f-bc0e64a22c6e"; domain=.linkedin.com; Path=/; Secure; Expires=Tue, 19-Sep-2023 19:37:31 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2388:u=1:x=1:i=1663616251:t=1663702651:v=2:sig=AQEluhJA6aaHNKgke5cl2Vq2IJeJNcKM"; Expires=Tue, 20 Sep 2022 19:37:31 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXpDNe1gAxGmDpizdf0xg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 543E0EA7442C4B198C884FF650ED06B3 Ref B: OSL30EDGE0210 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:30 GMT
content-length: 0
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 16 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 890f716858b5f72587e47c5eca121cb5
91871a0acd9a0ab644d51036bb5ca0c3bdc5e687
7a3629e375468328b3fb25e1a6cc5749604f09099e8d2109f366e7e0226aee4a
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 19 Sep 2022 19:37:31 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 3080337328058561381
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 15693
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5b7a05fad83d3476facabd4e7eb8dc42
64d6ee10d23330cd51ea38487544c595b47f2633
4ff8fbed80185bfa0a9196affa36c5f60e743c86d3cf5328a5884b8058dca635
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4789
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 18:17:42 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ib.adnxs.com/pixie?pi=8d5f389a-2c0c-4c6f-bc78-444ec3a0890e=PageView&script=0
185.89.211.132400 Bad Request 200 B URL HTTP/1.1 ib.adnxs.com/pixie?pi=8d5f389a-2c0c-4c6f-bc78-444ec3a0890e=PageView&script=0
IP 185.89.211.132:0
Hash fefdd5c33b3c8085f2c5b9293595122f
cdd78b96794eab7b50a4c41553a79b00dbe9da58
f918345e81bc13de00d6fa8ec2c395a454340493c9fc84c479648aebb23443eb
GET /pixie?pi=8d5f389a-2c0c-4c6f-bc78-444ec3a0890e=PageView&script=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 400 Bad Request
Server: nginx/1.21.3
Date: Mon, 19 Sep 2022 19:37:31 GMT
Content-Type: text/plain
Content-Length: 200
Connection: keep-alive
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
bat.bing.com/p/action/21011282.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/21011282.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/21011282.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=2F712A6E282868E93A94384A297F698B; domain=.bing.com; expires=Sat, 14-Oct-2023 19:37:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 55235AEFFF9F46EA90719609279706A4 Ref B: OSL30EDGE0317 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:30 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375
54.171.150.101302 Found 0 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375
IP 54.171.150.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.regions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v041-04f3600a1.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=86883885096696744580085310452008953269; Max-Age=15552000; Expires=Sat, 18 Mar 2023 19:37:31 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 7FX3OjlLQns=
Content-Length: 0
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 56433b6932f28a949ac82fec1caa9e99
017c5a1ccc0f6e68fd60a9d0658c0526b81b4156
a6fe9208db3d30b3a81378a59aa588480ab2080c33f1d0921752c2dfdc76d1fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pixel.quantserve.com/pixel;r=1102307291;labels=_fp.event.PageView;rf=3;a=p-AMy7w2y7nzRg3;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;uht=2;fpan=1;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=regions.com;dst=0;et=1663616231840;tzo=0;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0;ses=7676ffb8-9ab1-4f3b-8728-510d354d8130
91.228.74.200200 OK 35 B URL HTTP/2 pixel.quantserve.com/pixel;r=1102307291;labels=_fp.event.PageView;rf=3;a=p-AMy7w2y7nzRg3;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;uht=2;fpan=1;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=regions.com;dst=0;et=1663616231840;tzo=0;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0;ses=7676ffb8-9ab1-4f3b-8728-510d354d8130
IP 91.228.74.200:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
GET /pixel;r=1102307291;labels=_fp.event.PageView;rf=3;a=p-AMy7w2y7nzRg3;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;uht=2;fpan=1;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;cm=;gdpr=0;ref=;d=regions.com;dst=0;et=1663616231840;tzo=0;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0;ses=7676ffb8-9ab1-4f3b-8728-510d354d8130 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:31 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=6328c4fb-8afb6-8c2bd-6925e; expires=Fri, 20-Oct-2023 19:37:31 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4
142.250.74.164302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4
IP 142.250.74.164:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0
104.244.42.3200 OK 43 B URL HTTP/2 analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0
IP 104.244.42.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/adsct?p_id=Twitter&p_user_id=0&txn_id=o1rxt&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0 HTTP/1.1
Host: analytics.twitter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:30 GMT
server: tsa_o
set-cookie: personalization_id="v1_DWTXzby5MeMKRsVotdre0g=="; Max-Age=63072000; Expires=Wed, 18 Sep 2024 19:37:31 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
content-length: 43
strict-transport-security: max-age=631138519
x-response-time: 111
x-connection-hash: f9aa8c13aa0f923b5463b986d31dfe1dc58571cd54f81d0becf728d376feddb8
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash de804a0450efa77b8584ae7a48180edc
68316b235ee3ceda45b5cc527af0e580fb99cfc2
a2756592d52a1e9af98d5a800cd73939c4a3833e8533fb3ed4028dba2ea13237
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 14:15:47 GMT
Expires: Sat, 24 Sep 2022 14:15:46 GMT
Etag: "68316b235ee3ceda45b5cc527af0e580fb99cfc2"
Cache-Control: max-age=412094,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6c45d410b02-OSL
dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375
54.171.150.101200 OK 124 B URL HTTP/1.1 dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375
IP 54.171.150.101:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1f6783349ac4177ec3b3845fd520dca6
d84e7a43a8c8ff6f1a568ad6cb4162767f5b32b7
64bc30aa6a9d9e5396bb67c6af32c31f5ca6610641f0bdea10d759281df6adca
GET /id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1663616231375 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Content-Type: application/x-www-form-urlencoded
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.regions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-0a7be6408.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-Error: 172
X-TID: LCyUqrX6TNY=
Content-Length: 124
Connection: keep-alive
cm.teads.tv/v2/advertiser?referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&buyer_pixel_id=5995
23.195.255.234200 OK 82 B URL HTTP/1.1 cm.teads.tv/v2/advertiser?referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&buyer_pixel_id=5995
IP 23.195.255.234:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 669b85d39cbaf491467a2f594c37a276
43b6c9f872ea750afc50329acb8a47cd46588295
fa10b271504d790905396d9315306150a550072c628611f73bb5784773ff93cf
GET /v2/advertiser?referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&buyer_pixel_id=5995 HTTP/1.1
Host: cm.teads.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Origin: https://www.regions.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 82
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.regions.com
Expires: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 19 Sep 2022 19:37:31 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dda77a44a7f9eeb9bd828f659ccb7e22
9af43f88835600fd3206e4f18b0c1c2571a3959c
c8effed6366a20b26e104fc4f64d24213eb357d61e7683e28f812d0c21edd044
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ef491d15a0bde5279fa4fc8b426a9941
efd17fcc768356192e7ff660ecf77b5ca845ef77
43b144675694707debd0125a8e2a0acbc2a53ab34e33df0071ae8f0a2d0bfc05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rules.quantcount.com/rules-p-AMy7w2y7nzRg3.js
54.230.111.16200 OK 271 B URL HTTP/2 rules.quantcount.com/rules-p-AMy7w2y7nzRg3.js
IP 54.230.111.16:0
Hash c3aea86cfb633cfbbc5016b7c212fbc1
89934f12847b20c8d992007ab07494977f56ce84
b6d7b217464fd3d4447c18b0c1df4bb42e458c41841e9d2a5ab780f853943884
GET /rules-p-AMy7w2y7nzRg3.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 271
last-modified: Fri, 26 Aug 2022 12:05:44 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
date: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: max-age=3600
etag: "c3aea86cfb633cfbbc5016b7c212fbc1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CvliP2ldzgQuVvEjY2WTRF2oqiECTuL6zKkM6FfgDq77LmduEX8nUg==
age: 2547
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
142.250.74.130302 Found 0 B URL HTTP/2 adservice.google.com/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.no/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
20839218p.rfihub.com/ca.html?ver=9&rb=46121&ca=20839218&cust1=https%3A%2F%2Fwww.regions.com%2F&pe=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&pf=&ra=6276988479240293
193.0.160.129200 OK 2.7 kB URL HTTP/1.1 20839218p.rfihub.com/ca.html?ver=9&rb=46121&ca=20839218&cust1=https%3A%2F%2Fwww.regions.com%2F&pe=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&pf=&ra=6276988479240293
IP 193.0.160.129:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (2669), with no line terminators
Hash 7fa4115cd29e1b7629b89433ded58ff0
28e579c56ba5d913db6848b52355f53b6d313480
7e62fa957d7cfb7365ab18c37ee3e289d904746b7f47de11ca3b84387f5cef91
GET /ca.html?ver=9&rb=46121&ca=20839218&cust1=https%3A%2F%2Fwww.regions.com%2F&pe=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&pf=&ra=6276988479240293 HTTP/1.1
Host: 20839218p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:31 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0NjExNTUxtDQyNrI0MTI1MBDiM9Qt8PcuTbZMdsny9I4CAGh8IWMlAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:31 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0NjExNTUxtDQyNrI0MTI1MBDiM9Qt8PcuTbZMdsny9I4CAGh8IWMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_5vFyGtoZmZsZmhmZGpoZm6wCo1_Co3_Co3_C40_iQmVPwuNvwiNvwqNvwmNvwtdPQsq_xYafxMrmn5uNPei8RcJo_IfofEBpPOXYCABAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:31 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 2669
Server: Jetty(9.3.29.v20201019)
googleads.g.doubleclick.net/pagead/viewthroughconversion/959581806/?random=1663616231897&cv=9&fst=1663616231897&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.98200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/959581806/?random=1663616231897&cv=9&fst=1663616231897&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2444), with no line terminators
Hash 5014f42dd0a3527fdef834308550d6b8
5613d786c12df786aa6dc5b757f7d594a4d58a60
1a91486b56f62a49c478e84444ba6180b3af4090ec63e59cf1b86ff91a2acd99
GET /pagead/viewthroughconversion/959581806/?random=1663616231897&cv=9&fst=1663616231897&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1089
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:31 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/1013536406/?random=1663616231904&cv=9&fst=1663616231904&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4
142.250.74.98200 OK 1.1 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1013536406/?random=1663616231904&cv=9&fst=1663616231904&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 142.250.74.98:0
File type ASCII text, with very long lines (2446), with no line terminators
Hash d0428738d341e1188c8b23ee4c266538
7bfd773c02acd699031dea68fb8cc60815057130
19603ad9582b7030ce36b3148e5a616d20e35e1b0022c855b7b4c8bd896f9d68
GET /pagead/viewthroughconversion/1013536406/?random=1663616231904&cv=9&fst=1663616231904&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1089
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:31 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&fmt=3&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&ct_cookie_present=1&async=1
142.250.74.98200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&fmt=3&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&ct_cookie_present=1&async=1
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&fmt=3&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&ct_cookie_present=1&async=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:31 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d6ab54514a48ac6a25b4feed27b69d0a
0694d35a4ba2f79393f4932379ca8c8db3c8e6cf
103458d752a216dc0c9852c2f49010edc4a933d69348a94118ff608eee901402
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:37:31 GMT
Last-Modified: Mon, 19 Sep 2022 17:49:35 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: u272viYweTM7-MNiKoy8w61SLXKTO1ZE_V2PuXC7IlehBwz0XCskcA==
Age: 6476
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D681506%26fmt%3Dgif%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D681506%26fmt%3Dgif%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D681506%26fmt%3Dgif%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?pid=681506&fmt=gif&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&efa9530c-6462-4888-8cd1-21c6d6e582f9"; Domain=.linkedin.com; Expires=Tue, 19-Sep-2023 19:37:31 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&20220919193731e2a3da6c-0ab7-4df6-8446-5cb597aa14c0AQEfydZNPEEdTPBFmzjJZF9aW55VIIR9"; Domain=.www.linkedin.com; Expires=Tue, 19-Sep-2023 19:37:31 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NjM2MTYyNTE7MjswMjHD7FZYJoFhr3tBGQZMnZDQspCLHMvj0ICaUORcwG6/CA==; Domain=.linkedin.com; Expires=Sat, 18 Mar 2023 19:37:31 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2345:u=1:x=1:i=1663616251:t=1663702651:v=2:sig=AQGEeh3QngHbNsuG2YWihJE2ftxuxF_9"; Expires=Tue, 20 Sep 2022 19:37:31 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com https://*.qualtrics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri /security/csp?e=p&f=t
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpDNe493LmbrM9bc/YeA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 8B07CA92D36A4FD18AECD375FACE83D0 Ref B: OSL30EDGE0210 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:31 GMT
content-length: 0
X-Firefox-Spdy: h2
pxl.qccerttest.com/pixel?r=976968941;fpan=0;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;ref=;cm=;gdpr=0;d=regions.com;dst=0;et=1663616232031;tzo=0;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0
143.204.55.81200 OK 35 B URL HTTP/2 pxl.qccerttest.com/pixel?r=976968941;fpan=0;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;ref=;cm=;gdpr=0;d=regions.com;dst=0;et=1663616232031;tzo=0;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0
IP 143.204.55.81:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
GET /pixel?r=976968941;fpan=0;fpa=P0-1102145473-1663616231840;pbc=;ns=0;ce=1;qjs=1;qv=d18171e5-20220913105912;ref=;cm=;gdpr=0;d=regions.com;dst=0;et=1663616232031;tzo=0;url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta;ogl=locale.en_US%2Csite_name.RegionsBank%2Ctype.article%2CTitle.Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions%2Cdescription.Looking%20for%20a%20mortgage%20lender%20in%20Atlanta%3F%20Chris%20Tilley%20at%20Regions%20Bank%20can%20assis%2Curl.https%3A%2F%2Fwww%252Eregions%252Ecom%2Flocator%2Fmlo%2Fmortgage-loan-officer-Chris-Tilley-Atlanta%2Cimage.https%3A%2F%2Fwww%252Eregions%252Ecom%2F-%2Fmedia%2FImages%2FWebSiteImages%2Fregions-logo%252Epng%3Frevision%3D0 HTTP/1.1
Host: pxl.qccerttest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 35
last-modified: Thu, 04 Aug 2022 16:01:04 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Mon, 19 Sep 2022 02:11:33 GMT
etag: "55d25e9dc950d5db4d53a3b195c046c6"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qorImHX0-66qGFImI3sXWBAVMut22UvrdbpxeCNiCqoX76V0eldkaw==
age: 62759
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=499108531775714&ev=PageView&dl=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&rl=&if=false&ts=1663616232022&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663616232022.1384872279&it=1663616231826&coo=false&rqm=GET
157.240.200.35200 OK 44 B URL HTTP/2 www.facebook.com/tr/?id=499108531775714&ev=PageView&dl=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&rl=&if=false&ts=1663616232022&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663616232022.1384872279&it=1663616231826&coo=false&rqm=GET
IP 157.240.200.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /tr/?id=499108531775714&ev=PageView&dl=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&rl=&if=false&ts=1663616232022&sw=1280&sh=1024&v=2.9.83&r=stable&ec=0&o=30&fbp=fb.1.1663616232022.1384872279&it=1663616231826&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Mon, 19 Sep 2022 19:37:31 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
cache-control: no-cache, must-revalidate, max-age=0
set-cookie:
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 44
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.3200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.3:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1013536406/?random=1663616231909&cv=9&fst=1663616231909&num=1&label=F0kQCIWIgqYBEJatpeMD&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&auid=2121237268.1663616231>m_ee=1&hn=www.google.com&gcp=1&sscte=1&ct_cookie_present=1&async=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/959581806/?random=1663616231897&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=2791322969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/959581806/?random=1663616231897&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=2791322969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/959581806/?random=1663616231897&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=2791322969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/1013536406/?random=1663616231904&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=1914140449&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1013536406/?random=1663616231904&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=1914140449&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1013536406/?random=1663616231904&cv=9&fst=1663614000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oa9e0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&tiba=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions&async=1&fmt=3&is_vtc=1&random=1914140449&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash fd6f5d48a8eb6a76f7c699a235f6ed95
6dfe5af37fa0c7a6ed073d73d8be6e23ec4e1cc4
a7239c791a93ecf634d1afef2a09feae30f46decdbfa039403bd10394e444d56
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
t.teads.tv/track?action=pageView&env=js-web&tag_version=5.6.2_cad4a37&buyer_pixel_id=5995&referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&cohort_id=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions
23.38.201.50200 OK 23 B URL HTTP/2 t.teads.tv/track?action=pageView&env=js-web&tag_version=5.6.2_cad4a37&buyer_pixel_id=5995&referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&cohort_id=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions
IP 23.38.201.50:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash da5b449fff36752a93779fa4067cd2eb
71a96eea77f21ab5f1819b96c4cedd5cd34476ca
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
GET /track?action=pageView&env=js-web&tag_version=5.6.2_cad4a37&buyer_pixel_id=5995&referer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&cohort_id=Atlanta%20Mortgage%20Lender%20%7C%20Chris%20Tilley%20%7C%20Regions HTTP/1.1
Host: t.teads.tv
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 23
cache-control: max-age=0, no-cache, no-store
expires: Sat, 26 Jul 1997 05:00:00 GMT
date: Mon, 19 Sep 2022 19:37:31 GMT
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
142.250.74.98200 OK 42 B URL HTTP/2 adservice.google.no/ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/
IP 142.250.74.98:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ddm/fls/p/src=9100576;type=pv;cat=regio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?6090293955677.607&~oref=https://www.regions.com/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Sep 2022 19:37:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNTM3YjMyZTItOWY4OC00YmU2LWEwN2UtODIxNDY1MDhjZDhmOjE2NjM2MTYyNTEuMDU1ODY3NCJ9fQ%3D%3D&site_id=regions-bank
54.81.23.211200 OK 146 B URL HTTP/1.1 people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNTM3YjMyZTItOWY4OC00YmU2LWEwN2UtODIxNDY1MDhjZDhmOjE2NjM2MTYyNTEuMDU1ODY3NCJ9fQ%3D%3D&site_id=regions-bank
IP 54.81.23.211:0
File type JSON data\012- , ASCII text
Hash b0aa08c08b8bae03aacc629d5ea01b67
dbd104c7d4cf96c8088bf785881d17324f58bde5
4456df8ac8dcbcd44a5437aae576ba6f0d78309ac1b7cf6e193a41f2716b14d7
GET /identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNTM3YjMyZTItOWY4OC00YmU2LWEwN2UtODIxNDY1MDhjZDhmOjE2NjM2MTYyNTEuMDU1ODY3NCJ9fQ%3D%3D&site_id=regions-bank HTTP/1.1
Host: people.api.boomtrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,x-app-id
Access-Control-Allow-Methods: GET,PUT,POST,DELETE
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Mon, 19 Sep 2022 19:37:31 GMT
Server: nginx
Content-Length: 146
Connection: keep-alive
px.ads.linkedin.com/collect?pid=681506&fmt=gif&liSync=true
13.107.42.14200 OK 65 B URL HTTP/2 px.ads.linkedin.com/collect?pid=681506&fmt=gif&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 8b0d5b18476ae12e2476f3621d54c4a5
2ad669e9d207fbb37e84dda25766dbaeb66d792c
2d7244b6960d26ae56f048f162f02949ca7858be19d9349ec82906e56dfa3cfe
GET /collect?pid=681506&fmt=gif&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 65
content-type: image/gif
content-encoding: gzip
vary: Accept-Encoding
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&7136ac43-d818-4c9a-8063-c3758886a761"; domain=.linkedin.com; Path=/; Secure; Expires=Tue, 19-Sep-2023 19:37:31 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2345:u=1:x=1:i=1663616251:t=1663702651:v=2:sig=AQGEeh3QngHbNsuG2YWihJE2ftxuxF_9"; Expires=Tue, 20 Sep 2022 19:37:31 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXpDNe8aKodLoOO84Z1LA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: FCBE9AC7D10941538D93CA03C0E9793D Ref B: OSL30EDGE0210 Ref C: 2022-09-19T19:37:31Z
date: Mon, 19 Sep 2022 19:37:31 GMT
X-Firefox-Spdy: h2
bttrack.com/engagement/js?goalId=44911&cb=1663616231787
192.132.33.46200 OK 3.5 kB URL HTTP/2 bttrack.com/engagement/js?goalId=44911&cb=1663616231787
IP 192.132.33.46:0
File type ASCII text, with very long lines (10120), with no line terminators
Hash df05ceaac662e31a3621e12482e7e48a
7f174618f494d70863b5e117456c0bd8106a6f12
11f254ac78c50e87620afcdc9d0509f5125349ba294df11a3353a0e0db119522
GET /engagement/js?goalId=44911&cb=1663616231787 HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
set-cookie: bt-es-44911=4abf32da-04cc-4bc4-901f-7795c672d26e; path=/
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track004-iad
date: Mon, 19 Sep 2022 19:37:20 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=1121&dpuuid=5134455419232942500&redir=
54.171.150.101302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=1121&dpuuid=5134455419232942500&redir=
IP 54.171.150.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=1121&dpuuid=5134455419232942500&redir= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v041-0a2fee448.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455419232942500&redir=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=20980105622787379093144026724957000583; Max-Age=15552000; Expires=Sat, 18 Mar 2023 19:37:31 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 91XuIBiMSKk=
Content-Length: 0
Connection: keep-alive
live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455419232942500&referrer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
143.204.55.19302 Found 661 B URL HTTP/2 live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455419232942500&referrer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
IP 143.204.55.19:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (575)
Hash 34226c6ec8c30b9d0989764a23153207
0dded62281c913de16a44a59124f5952815b329b
01d8332e319c1c347157aa814eb8ee761968337ac3c8112667785fcfc7b4f199
GET /pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=5134455419232942500&referrer=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta HTTP/1.1
Host: live.rezync.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Cookie: zync-uuid=537b32e2-9f88-4be6-a07e-82146508cd8f:1663616251.0558674; sd-session-id=eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNTM3YjMyZTItOWY4OC00YmU2LWEwN2UtODIxNDY1MDhjZDhmOjE2NjM2MTYyNTEuMDU1ODY3NCJ9.YyjE-w.6f0cS_jlD-ZotEV1wV3RTqmKWm8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 661
location: https://p.rfihub.com/cm?pub=39342&in=0&userid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D537b32e2-9f88-4be6-a07e-82146508cd8f%253A1663616251.0558674
date: Mon, 19 Sep 2022 19:37:31 GMT
set-cookie: zync-uuid=537b32e2-9f88-4be6-a07e-82146508cd8f:1663616251.0558674; Domain=rezync.com; Expires=Sat, 18 Mar 2023 12:37:31 GMT; Path=/; SameSite=None; Secure
sd-session-id=.eJwVytsOgjAMANB_6TMza9d2Yz9DuJRkUaZh-CLh39XHk5wThpft21itHpCP_W0dzI_yU4N8Qiufze6QQTAwizD2FKhnEu_h6qBZa-VZh7L8T4hTICPXryk5nkzd6KO5RMgqPs1LWjOqBkUlwZsXSRoZri-ehSVA.YyjE-w.I5UM7Y3tvXMX3sD7SDoksgIZUIs; Expires=Sat, 18 Mar 2023 19:37:31 GMT; HttpOnly; Path=/; SameSite=None; Secure
vary: Cookie
server: lighttpd/1.4.59
x-cache: Miss from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: K9kPjMdaC84fwMNC0Unc3DrR_ryitUPyBhVvjpjbyp0qFxtvDrV31Q==
X-Firefox-Spdy: h2
contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5134455419232942500
23.38.200.22200 OK 45 B URL HTTP/2 contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=5134455419232942500
IP 23.38.200.22:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 99cceceaed4d575484b69ddaf9ed66a7
1e3a3b15296b585833a22d987a387aa58aa1642d
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
GET /cksync.php?cs=3&type=rkt&ovsid=5134455419232942500 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-length: 45
content-type: image/gif
set-cookie: visitor-id=3066178523580222000V10; Expires=Tue, 19 Sep 2023 19:37:32 GMT; domain=.media.net; Path=/;
data-rk=5134455419232942500~~3;Expires=Mon, 18 Sep 2023 19:37:32 GMT;path=/;domain=.media.net;
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
strict-transport-security: max-age=31536000
x-mnet-hl2: E
expires: Mon, 19 Sep 2022 19:37:32 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 19 Sep 2022 19:37:32 GMT
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=
142.250.74.66302 Found 369 B URL HTTP/2 cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash fabc2ac1c559d0ea4a6338a72ecd5aae
5ca0579395f80937e1049734e909542ca5484658
8595a6b9285df0fdbd0514148361e567461dfb11ce3b3ecbb0f0f88f0f965749
GET /pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=&google_tc=
date: Mon, 19 Sep 2022 19:37:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 369
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 19-Sep-2022 19:52:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5d4693b09940bb4464c7b058daff0a5e
d0041dc6d0921c59332576bedc0f7aad56eeb722
d78c74369ee79b2d87a2b7ae0a1526071ada77bf37af99e6f3f832dfc0fc8bf5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Server: ECS (amb/6B8A)
Content-Length: 471
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash bfd76bd53be2d559a22f31a1ced0ef3f
98fa3effa142f2d8bca0cf650cf8bc778d8f370a
9c14e7bacbbab52473f2207904c763ee8d7fb8e9c9bc0ed9b743e5624ee362fe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:56:11 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OxP4AUf4Wjqj2rS9x9lib0n4kf-2UKiMFHFH9LyahnOI90zCyedUWA==
Age: 2481
sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
151.101.86.49503 Service Unavailable 0 B URL HTTP/2 sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
IP 151.101.86.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP/1.1
Host: sync-tm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 503 Service Unavailable
server: Varnish
retry-after: 0
accept-ranges: bytes
date: Mon, 19 Sep 2022 19:37:32 GMT
via: 1.1 varnish
x-served-by: cache-bma1621-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1663616252.084756,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0
X-Firefox-Spdy: h2
dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=
104.18.18.126302 Found 0 B URL HTTP/2 dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=
IP 104.18.18.126:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward= HTTP/1.1
Host: dsum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 19 Sep 2022 19:37:32 GMT
content-length: 0
location: /rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=&C=1
cf-ray: 74d4c6c78d62b4e8-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMID=YyjE-KVSpPixf4SWHQm8VQAA; Path=/; Domain=casalemedia.com; Expires=Tue, 19 Sep 2023 19:37:32 GMT; Max-Age=31536000; Secure; SameSite=None
CMPS=4534; Path=/; Domain=casalemedia.com; Expires=Sun, 18 Dec 2022 19:37:32 GMT; Max-Age=7776000; Secure; SameSite=None
CMPRO=4534; Path=/; Domain=casalemedia.com; Expires=Sun, 18 Dec 2022 19:37:32 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ly8ZwGjrfHVgtxLORsaWdR1rzaiKgFbH60WLUytkBFP2nkx2qFlyF0bngAbdScSWkK8oevN%2FMwmY3x4rRuaQLeO041JWFeyR%2FOJv3AlvWdNfPqHLiPG0TNpF0pBSiwmVy9enJ3C1qkjN3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.regions.com/-/media/js/oo_engine.js
205.255.103.100200 OK 15 kB URL HTTP/1.1 www.regions.com/-/media/js/oo_engine.js
IP 205.255.103.100:0
Hash 54216df51ccc54b91647f46e6324a5d1
35cf90a9b3fe6579456b237653cd652dd86fc347
7e268465893e047076cb3331536cd5762cebc6f6e96a5d17a7c16165fda220d0
GET /-/media/js/oo_engine.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False; Regions_SessionId=b6b50e85-f4fe-441d-8076-b8ad8fbc6ed7; _gcl_au=1.1.2121237268.1663616231; btIdentify=dae2c150-ca73-41fb-c6c6-5e8b7977d202; _bti=%7B%22app_id%22%3A%22regions-bank%22%2C%22bsin%22%3A%22QGh285WDemJB9Fdwv2xxa3zR09NypTtJEokYfQijpEH8%2BEP11dSPG6uuuapS5y%2B%2BkqowefKC0xZDD8U2o%2Fiv5Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=713a5118-b4b9-480c-a03c-ce87dd389be7; _uetsid=74da4b90385211ed877c13903b979b9f; _uetvid=74da8dc0385211edbeaa8feb9eba10a9; qcSxc=1663616231841; __qca=P0-1102145473-1663616231840; _fbp=fb.1.1663616232022.1384872279
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356753
Date: Thu, 15 Sep 2022 16:31:39 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 6bf959c8100849ea8da66ecf3fc7ab49
Content-Type: application/x-javascript
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2016 21:09:39 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Disposition: inline; filename="oo_engine.js"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 15048
Strict-Transport-Security: max-age=157680000
www.regions.com/-/media/js/mp_linkcode.js
205.255.103.100200 OK 681 B URL HTTP/1.1 www.regions.com/-/media/js/mp_linkcode.js
IP 205.255.103.100:0
File type exported SGML document, ASCII text, with CRLF line terminators
Hash 662fd21e25a8269185df8c993bfd251d
4da619e51fa6a54e5ffcdd7d826c1e5550a67840
f9465098d4cfa9edb9fed28c3eceb6bd3251c3fb011e86d1fa8f27bf1a680ceb
GET /-/media/js/mp_linkcode.js HTTP/1.1
Host: www.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/locator/mlo/mortgage-loan-officer-chris-tilley-atlanta
Cookie: NSC_SED-XXX.SFHJPOT.DPN-9.3-80_mc=ffffffff09ae120545525d5f4f58455e445a4a423660; ASP.NET_SessionId=fwexflprdrlfdypbxeihstgz; SC_ANALYTICS_GLOBAL_COOKIE=588eca2680684234905fd200e87fa6a7|False; Regions_SessionId=b6b50e85-f4fe-441d-8076-b8ad8fbc6ed7; _gcl_au=1.1.2121237268.1663616231; btIdentify=dae2c150-ca73-41fb-c6c6-5e8b7977d202; _bti=%7B%22app_id%22%3A%22regions-bank%22%2C%22bsin%22%3A%22QGh285WDemJB9Fdwv2xxa3zR09NypTtJEokYfQijpEH8%2BEP11dSPG6uuuapS5y%2B%2BkqowefKC0xZDD8U2o%2Fiv5Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=713a5118-b4b9-480c-a03c-ce87dd389be7; _uetsid=74da4b90385211ed877c13903b979b9f; _uetvid=74da8dc0385211edbeaa8feb9eba10a9; qcSxc=1663616231841; __qca=P0-1102145473-1663616231840; _fbp=fb.1.1663616232022.1384872279
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Age: 356753
Date: Thu, 15 Sep 2022 16:31:39 GMT
Cache-Control: max-age= 604800,public
Connection: Keep-Alive
Via: NS-CACHE:
ETag: 32fbff40b5ed4dcfb4de06b0179c338b
Content-Type: application/x-javascript
Content-Encoding: br
Last-Modified: Thu, 25 Aug 2016 21:09:38 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Disposition: inline; filename="mp_linkcode.js"
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Content-Length: 681
Strict-Transport-Security: max-age=157680000
p.rfihub.com/cm?pub=24472&in=1
193.0.160.129302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?pub=24472&in=1
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?pub=24472&in=1 HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 302 Found
Date: Mon, 19 Sep 2022 19:37:32 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0MTexMDC2NBfiM9Q1zgsoNy728c3xN_MEANtvb5glAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0MjE2MjI2MjY0MTexMDC2NBfiM9Q1zgsoNy728c3xN_MEANtvb5glAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_7vFwmtoZmZsZmhmZGpkaGQGAB1LB3EQAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
Location: https://ps.eyeota.net/match?uid=5124322323147480397&bid=omt9pi0
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
smetrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1663616232048
15.188.95.229200 OK 48 B URL HTTP/2 smetrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1663616232048
IP 15.188.95.229:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c092a05ebb8c2070d0716aa303232e58
7f4dac2d086b835f5ced92536974759a6e5f4887
ce599ef38658897eecd440cf6f6efadfd5e84936257912d38ef4c77749815990
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1663616232048 HTTP/1.1
Host: smetrics.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: _gcl_au=1.1.2121237268.1663616231; btIdentify=dae2c150-ca73-41fb-c6c6-5e8b7977d202; _bti=%7B%22bsin%22%3A%22%22%7D; _bts=713a5118-b4b9-480c-a03c-ce87dd389be7; _uetsid=74da4b90385211ed877c13903b979b9f; _uetvid=74da8dc0385211edbeaa8feb9eba10a9; __qca=P0-1102145473-1663616231840; _fbp=fb.1.1663616232022.1384872279
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
access-control-allow-origin: https://www.regions.com
access-control-allow-credentials: true
date: Mon, 19 Sep 2022 19:37:32 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg=0%7CMCMID%7C53856063045845161293466509339461368495; Path=/; Domain=regions.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 19:37:37 GMT;
s_ecid=MCMID%7C53856063045845161293466509339461368495; Path=/; Domain=regions.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 19:37:37 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455419232942500
185.89.211.132200 OK 43 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455419232942500
IP 185.89.211.132:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fsetuid%3Fentity%3D18%26code%3D5134455419232942500 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 1b91b959-4bc9-42cc-a9b0-1759e894bdda
Set-Cookie: anj=dTM7k!M4/YErk#WF']wIg2Il`t!*sS!]tbPl1MNu::wpAk`W>$e8P3Xe9hwVk_?P_fSN!on*wSvV?@OI!AXTO:4=sB!(nlNRwX1`; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 18-Dec-2022 19:37:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455419232942500&img=1
185.94.180.125302 Found 0 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455419232942500&img=1
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /partner?adv_id=7180&uid=5134455419232942500&img=1 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=8107923a-3852-11ed-85b1-1a3233820306; expires=Mon, 17-Oct-2022 19:37:32 GMT; path=/; domain=.spotxchange.com; SameSite=none
Location: /partner?adv_id=7180&uid=5134455419232942500&img=1&__user_check__=1&sync_id=81079274-3852-11ed-85b1-1a3233820306
X-fe: 109
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1d13fc88355dd2c1d95b41c427ee8cd3
92737e60d55c4ddfd14a0f0bcc493ab272811c9f
234cb8cfbd31c3ef1ba5fdabe7751534c2b5134926636218b0d57be3b3bbe26d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1916
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 19:05:36 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7d5d7863f71d6844159c8179578b5660
25e03aece927733851c4c6725de955b2a0036823
1feca7c763a9d811613ad184b6eb017917bf791cc60fe7daa2449716645a9cfb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6451
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 17:50:02 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455419232942500&redir=
54.171.150.101200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455419232942500&redir=
IP 54.171.150.101:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=5134455419232942500&redir= HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v041-0a60a8ed6.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 5oO1aiLdSbI=
Content-Length: 59
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash eef981a2e9b49c55254884bfd82cea52
c57dba96e3bda7a2954e653b4ca7067c03d76682
935284f4fe9140da0e763fc891e1b8a67f21b796436597c7cde430cc8cc23dec
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:43:35 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UImqq3RziUwOM93yl8mqcTuA-Fbc3v442ELHEGa1s9pba5x-bMG3kA==
Age: 3237
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash d4cf5aa1494b960955390d8b32b5d50d
21130f260088120f9dce017bd8b6de20e90b7489
12a8a37c22acf5b1034c73852b89157df68243275076775a315a55df63f0f2b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6488
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 17:49:24 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 727
cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=&google_tc=
142.250.74.66302 Found 269 B URL HTTP/2 cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=&google_tc=
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 2ac1f21e70e438c7e2193d02ee7e9be0
f9a11bb626bad146751fc166f96b91f6aeae7eab
de4a04a623ca095cd229a54edeb3120d9dc94d227198b75cb9a0a69677ed7c85
GET /pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=NTEzNDQ1NTQxOTIzMjk0MjUwMA==&forward=&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_error=3
date: Mon, 19 Sep 2022 19:37:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 269
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5134455419232942500&
213.19.162.90204 No Content 0 B URL HTTP/1.1 pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5134455419232942500&
IP 213.19.162.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tap.php?v=13490&nid=2596&put=5134455419232942500& HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: deb9f124eecce7a554c70ca983265c95
Content-Type: image/gif
secure.quantserve.com/quant.js
91.228.74.200200 OK 10 kB URL HTTP/2 secure.quantserve.com/quant.js
IP 91.228.74.200:0
Hash 344a60fefb63d6db45079191f03a7c37
4d022a90c0d99ef4d05fba4ba2d52b662f875912
a74c47f607a3661903cff11a88ac5297c4d1afd6c3b8cb17087f5359e42c0dc1
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:31 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "eN3sxSgaav0x5wHLxGB1gQ=="
expires: Mon, 26 Sep 2022 19:37:31 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5134455419232942500
34.249.4.48204 No Content 0 B URL HTTP/2 beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=5134455419232942500
IP 34.249.4.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usermatch.gif?partner_id=rfuel&partner_user_id=5134455419232942500 HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Mon, 19 Sep 2022 19:37:32 GMT
set-cookie: _kuid_=PFsFGSB3; Expires=Sat, 18-Mar-23 19:37:32 GMT; Max-Age=15552000; Domain=.krxd.net; Path=/
cache-control: private, no-cache, no-store
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-served-by: beacon-n006-dub-prod.krxd.net
x-request-time: D=21 t=1663616252
X-Firefox-Spdy: h2
sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455419232942500&img=1&__user_check__=1&sync_id=81079274-3852-11ed-85b1-1a3233820306
185.94.180.125200 OK 43 B URL HTTP/1.1 sync.search.spotxchange.com/partner?adv_id=7180&uid=5134455419232942500&img=1&__user_check__=1&sync_id=81079274-3852-11ed-85b1-1a3233820306
IP 185.94.180.125:0
ASN #35220 SpotXchange, INC
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /partner?adv_id=7180&uid=5134455419232942500&img=1&__user_check__=1&sync_id=81079274-3852-11ed-85b1-1a3233820306 HTTP/1.1
Host: sync.search.spotxchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Set-Cookie: audience=81130a1f-3852-11ed-be74-174deb1e0206; expires=Mon, 17-Oct-2022 19:37:32 GMT; path=/; domain=.spotxchange.com
x-spotx-halt-type: Audience DSP sync endpoint was unable to cookie the audience.
X-fe: 62
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=&C=1
104.18.18.126200 OK 43 B URL HTTP/2 dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=&C=1
IP 104.18.18.126:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /rum?cm_dsp_id=57&external_user_id=5134455419232942500&forward=&C=1 HTTP/1.1
Host: dsum-sec.casalemedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: image/gif
content-length: 43
cf-ray: 74d4c6c85e4fb4e8-OSL
cache-control: no-cache
expires: 0
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTeIgXrZnaP58RCAfaJwzGdieDE6ZBwGWjHMqkSV5wmpTf%2BJ0jUji0jMxi4lqF5D58mxiEx4zU6wh4bzkOZh%2Bt6k4kj5RLUYJG19Z6N9G6pSYdbV%2FC%2Fbd6K2mNfWGXNUAOkBgfadXrp3KA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
18.159.27.52200 OK 0 B URL HTTP/2 bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
IP 18.159.27.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-length: 0
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NOI DEVa OUR BUS UNI"
X-Firefox-Spdy: h2
bpi.rtactivate.com/tag/?id=11017&user_id=5134455419232942500
3.224.161.11200 OK 43 B URL HTTP/2 bpi.rtactivate.com/tag/?id=11017&user_id=5134455419232942500
IP 3.224.161.11:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /tag/?id=11017&user_id=5134455419232942500 HTTP/1.1
Host: bpi.rtactivate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: image/gif
content-length: 43
X-Firefox-Spdy: h2
aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5134455419232942500
54.171.98.27200 OK 43 B URL HTTP/2 aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=5134455419232942500
IP 54.171.98.27:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash db04c7b378cb2db912c3ba8a5a774ee3
dee34bd86c3484d31002182aa2b7caa4699126b8
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
GET /adscores/g.pixel?sid=9212192898&rf=5134455419232942500 HTTP/1.1
Host: aa.agkn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: image/gif
content-length: 43
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
X-Firefox-Spdy: h2
p.rfihub.com/cm?pub=39342&in=0&userid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D537b32e2-9f88-4be6-a07e-82146508cd8f%253A1663616251.0558674
193.0.160.129302 Found 0 B URL HTTP/1.1 p.rfihub.com/cm?pub=39342&in=0&userid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D537b32e2-9f88-4be6-a07e-82146508cd8f%253A1663616251.0558674
IP 193.0.160.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm?pub=39342&in=0&userid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3D537b32e2-9f88-4be6-a07e-82146508cd8f%253A1663616251.0558674 HTTP/1.1
Host: p.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Date: Mon, 19 Sep 2022 19:37:32 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: euds=H4sIAAAAAAAA_wXBwRGAMAgEwI_t4ACB47QbE0khVu7ud1SOmsPb5dqkxGzIo9VCt0Aq18t9GzBg8LRTM4mKH3nuE786AAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_z3IsRWAIAwFwAmsmCM-8kN-otuAwkCWTmvnlfeUcIthmJBjZUobk9JrTEloo9e87lynkkYlXPfqnoz2lu1PgPgAXsuG4UoAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjE2srAwtTC1NBXiM9QNzXbOi4yPKMj3Co8HANeu228lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
rud=H4sIAAAAAAAA_-MSNjU0sDSzMDUzMjE2srAwtTC1NBXiM9QNzXbOi4yPKMj3Co8HANeu228lAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
Location: https://idsync.rlcdn.com/501709.gif?partner_uid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674
Content-Length: 0
Server: Jetty(9.3.29.v20201019)
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 29f639cb699e6e460058e3c99bd4f3cf
9caeef6cf092a5afaf4578321a7301651468e3ce
5d9664e0c869eab361913cd50bf4e1cca2601239b467adba3af0ae049e7c070a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 01:42:53 GMT
Expires: Sun, 25 Sep 2022 01:42:52 GMT
Etag: "9caeef6cf092a5afaf4578321a7301651468e3ce"
Cache-Control: max-age=453319,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6c7ca6d0b02-OSL
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 84f83ea4b2eec04dd7b984322be797bd
b909f42333e834a00e5c519ac17f6a9b49d460a1
42660bfa0428c32eea3301e998f448d1523289a43d3d2ef714919b6431bde540
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 21:01:04 GMT
Expires: Sat, 24 Sep 2022 21:01:03 GMT
Etag: "b909f42333e834a00e5c519ac17f6a9b49d460a1"
Cache-Control: max-age=603792,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1369
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74d4c6c908160b06-OSL
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 2f3cf05aed003dab50e21ce1aa4e6d02
9b07a54ca205a8365ae7e1b9396e6be388cf40d2
bfea397554f7ec02cec37f3c4ee331babd059973d75d6a8be91ae7afe8e426fe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:18:02 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2RkKfFL1PEQLoWEe5jT9ednXtCVUJ3T-goTS_uTTYnei7tR5V7iKCA==
Age: 4770
ps.eyeota.net/match?uid=5124322323147480397&bid=omt9pi0
3.122.214.165200 OK 0 B URL HTTP/1.1 ps.eyeota.net/match?uid=5124322323147480397&bid=omt9pi0
IP 3.122.214.165:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /match?uid=5124322323147480397&bid=omt9pi0 HTTP/1.1
Host: ps.eyeota.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Set-Cookie: SERVERID=21538~DM; Domain=eyeota.net; Path=/; Expires=Mon, 19 Sep 2022 19:47:32 GMT; Secure; SameSite=None;
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Content-Length: 0
Date: Mon, 19 Sep 2022 19:37:32 GMT
a.rfihub.com/cm?pub=445&in=0&forward=&google_error=3
193.0.160.129200 OK 42 B URL HTTP/1.1 a.rfihub.com/cm?pub=445&in=0&forward=&google_error=3
IP 193.0.160.129:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash accba0b69f352b4c9440f05891b015c5
9d01cc5dc8e042c0d4ad6cfb8b3ac38e84a5ef9f
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
GET /cm?pub=445&in=0&forward=&google_error=3 HTTP/1.1
Host: a.rfihub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAA_-MSNjU0NjQwNzc3MjK1NDYyNDOzNBHiM9T1KHAucjR3zSzLrAgFAL3xNt4lAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
euds=H4sIAAAAAAAA_-NicjUGAEAxo38EAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
ruds=H4sIAAAAAAAA_-MSNjU0NjQwNzc3MjK1NDYyNDOzNBHiM9T1KHAucjR3zSzLrAgFAL3xNt4lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
eud=H4sIAAAAAAAA_-NicjUO4jU0MzM2MzQzMjUyNjUHAPoc-7kTAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 14 Oct 2023 19:37:32 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: image/gif
Content-Length: 42
Server: Jetty(9.3.29.v20201019)
idsync.rlcdn.com/360947.gif?partner_uid=5134455419232942500
35.244.174.68200 OK 42 B URL HTTP/2 idsync.rlcdn.com/360947.gif?partner_uid=5134455419232942500
IP 35.244.174.68:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /360947.gif?partner_uid=5134455419232942500 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: rlas3=JtejBWG34iYAnCDKPkRtzPGjuO0+ACj89uIiwqj1RC4=; Path=/; Domain=rlcdn.com; Expires=Tue, 19 Sep 2023 19:37:32 GMT; Secure; SameSite=None
pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Fri, 18 Nov 2022 19:37:32 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Mon, 19 Sep 2022 19:37:32 GMT
content-length: 42
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
events.api.boomtrain.com/event/track
35.172.171.246200 OK 2 B URL HTTP/2 events.api.boomtrain.com/event/track
IP 35.172.171.246:0
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /event/track HTTP/1.1
Host: events.api.boomtrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 555
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-length: 2
server: nginx
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type, Authorization, x-app-id
access-control-allow-methods: GET, PUT, POST, DELETE
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dafd2d64adcd70155f1dd2291b620c7f
96979080eeea4d3716eed32fc955d4882864106a
e133f4d129153e843b03fca5c6cf0d57fbbf9b136f83229d7e1f5c311bfa91c3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4281
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:26:11 GMT
Server: ECS (amb/6B8A)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=53856063045845161293466509339461368495&ts=1663616232513
54.171.150.101200 OK 1.3 kB URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=53856063045845161293466509339461368495&ts=1663616232513
IP 54.171.150.101:0
File type JSON data\012- , ASCII text, with very long lines (3731), with no line terminators
Hash 1cee4e11ab46769d6b42e9580bfdd352
c7b0ec8e6748868f69398d447f9beceb39b96958
428e6216d5d6cec07775927e31d94137f60adad405e10a8a0d0a99c30875aa6d
GET /id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=53856063045845161293466509339461368495&ts=1663616232513 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.regions.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v041-04f3600a1.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=48053985149019428604041474872451136194; Max-Age=15552000; Expires=Sat, 18 Mar 2023 19:37:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: yz0TTWDBSYw=
Content-Length: 1275
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a63f008121441b3610f09d5a8d21f2eb
12855b87981010ed81a3582a3ce06eae3ef5dc6f
71c6b98c6b091b2239c705069605ce73abd18b3e4426e0011bfa16499aaf136e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 01:56:49 GMT
Expires: Sat, 24 Sep 2022 01:56:48 GMT
Etag: "12855b87981010ed81a3582a3ce06eae3ef5dc6f"
Cache-Control: max-age=367755,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6c89b87b4fa-OSL
bttrack.com/engagement/getpixels?gid=44911
192.132.33.46200 OK 0 B URL HTTP/2 bttrack.com/engagement/getpixels?gid=44911
IP 192.132.33.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engagement/getpixels?gid=44911 HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/html
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track001-iad
date: Mon, 19 Sep 2022 19:37:21 GMT
content-length: 0
X-Firefox-Spdy: h2
bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2244911%22%2C%22sessionId%22%3A%224abf32da-04cc-4bc4-901f-7795c672d26e%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
192.132.33.46200 OK 0 B URL HTTP/2 bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2244911%22%2C%22sessionId%22%3A%224abf32da-04cc-4bc4-901f-7795c672d26e%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
IP 192.132.33.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2244911%22%2C%22sessionId%22%3A%224abf32da-04cc-4bc4-901f-7795c672d26e%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/plain
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track004-iad
date: Mon, 19 Sep 2022 19:37:21 GMT
content-length: 0
X-Firefox-Spdy: h2
x.bidswitch.net/sync?dsp_id=119&user_id=5134455419232942500&expires=30
3.122.23.145302 Moved Temporarily 0 B URL HTTP/1.1 x.bidswitch.net/sync?dsp_id=119&user_id=5134455419232942500&expires=30
IP 3.122.23.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?dsp_id=119&user_id=5134455419232942500&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 19 Sep 2022 19:37:32 GMT
Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455419232942500&expires=30
Set-Cookie: tuuid=2fec6010-9272-4fc2-a7d3-9e67834011f1; path=/; expires=Tue, 19-Sep-2023 19:37:32 GMT; domain=.bidswitch.net; samesite=none; secure
c=1663616252; path=/; expires=Tue, 19-Sep-2023 19:37:32 GMT; domain=.bidswitch.net; samesite=none; secure
tuuid_lu=1663616252; path=/; expires=Tue, 19-Sep-2023 19:37:32 GMT; domain=.bidswitch.net; samesite=none; secure
c=1663616252; path=/; expires=Tue, 19-Sep-2023 19:37:32 GMT; domain=.bidswitch.net; samesite=none; secure
Content-Length: 0
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e151f261e434f2c1786fd0929cc8ec96
a26ee2d6b7cda5e922a122539eb31ad72c27d6a3
c5aa1bf6a68274c66bd172ed53d9a03e836f407b5b86c99206c29806640a93ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3898
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:32:34 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 278
x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455419232942500&expires=30
3.122.23.145200 OK 43 B URL HTTP/1.1 x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=5134455419232942500&expires=30
IP 3.122.23.145:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync?dsp_id=119&user_id=5134455419232942500&expires=30 HTTP/1.1
Host: x.bidswitch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Length: 43
Connection: keep-alive
zn2tbnxzsysy6zef7-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_2tbnXZsYSY6ZeF7&Q_LOC=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&t=1663616232365
104.17.208.240200 OK 3.6 kB URL HTTP/2 zn2tbnxzsysy6zef7-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_2tbnXZsYSY6ZeF7&Q_LOC=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&t=1663616232365
IP 104.17.208.240:0
File type ASCII text, with very long lines (6801)
Hash aaf16e0037a51101e05e19f4f71e689e
612b4b537f127bec8ce47557852ee1fdf4e518ec
03bbbf2f81eb203fc718fd394a8849e719ca86bf191a387637aa19b58cbf333f
GET /WRSiteInterceptEngine/?Q_ZID=ZN_2tbnXZsYSY6ZeF7&Q_LOC=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&t=1663616232365 HTTP/1.1
Host: zn2tbnxzsysy6zef7-regions.siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 74d4c6c83bb1fab8-OSL
access-control-allow-origin: *
age: 305266
cache-control: public, max-age=3600, s-maxage=604800
etag: W/"2127-VrFrN4b27frFkCMw5F5UrW3+Nq8"
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=8487
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1202&i=6ntev9&p=regions-prod&s=340&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MCwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAAYCIsInR5cFkA8A9iaWxsaW5nIiwic3RhcnQiOjE2NjM2MTYyMzIzNTliAMBkIjotMSwic291cmMyAAIrAPAAdHVzIjoiIiwicmVhc29uZQDUXSwiZGF0YVBhdHRlchIAsGxpc3QiOltdLCJpEgHwADY2MzYxNjIzMjM1OX1dfQ
63.34.68.24204 No Content 0 B URL HTTP/2 data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1202&i=6ntev9&p=regions-prod&s=340&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MCwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAAYCIsInR5cFkA8A9iaWxsaW5nIiwic3RhcnQiOjE2NjM2MTYyMzIzNTliAMBkIjotMSwic291cmMyAAIrAPAAdHVzIjoiIiwicmVhc29uZQDUXSwiZGF0YVBhdHRlchIAsGxpc3QiOltdLCJpEgHwADY2MzYxNjIzMjM1OX1dfQ
IP 63.34.68.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /privacy/v1/b/r.rnc?n=0&c=1202&i=6ntev9&p=regions-prod&s=340&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MCwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAAYCIsInR5cFkA8A9iaWxsaW5nIiwic3RhcnQiOjE2NjM2MTYyMzIzNTliAMBkIjotMSwic291cmMyAAIrAPAAdHVzIjoiIiwicmVhc29uZQDUXSwiZGF0YVBhdHRlchIAsGxpc3QiOltdLCJpEgHwADY2MzYxNjIzMjM1OX1dfQ HTTP/1.1
Host: data.privacy.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 19 Sep 2022 19:37:32 GMT
expires: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: no-cache, no-store
X-Firefox-Spdy: h2
smetrics.regions.com/b/ss/regionsbankprod/10/JS-2.22.3/s83939419440152?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=19%2F8%2F2022%2019%3A37%3A12%201%200&d.&nsid=0&jsonv=1&.d&mid=53856063045845161293466509339461368495&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=rdc%7Clocator%7Cmortgage%20loan%20officer%20chris%20tilley%20atlanta&g=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=locator&server=www.regions.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=rdc&h1=D%3Dv1&c2=D%3Dv2&v2=mlo&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=mortgage%20loan%20officer%20chris%20tilley%20atlanta&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=22.3.2%7C2.22.3%7C4.4.0%7C20220801&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1
15.188.95.229200 OK 3.7 kB URL HTTP/2 smetrics.regions.com/b/ss/regionsbankprod/10/JS-2.22.3/s83939419440152?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=19%2F8%2F2022%2019%3A37%3A12%201%200&d.&nsid=0&jsonv=1&.d&mid=53856063045845161293466509339461368495&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=rdc%7Clocator%7Cmortgage%20loan%20officer%20chris%20tilley%20atlanta&g=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=locator&server=www.regions.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=rdc&h1=D%3Dv1&c2=D%3Dv2&v2=mlo&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=mortgage%20loan%20officer%20chris%20tilley%20atlanta&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=22.3.2%7C2.22.3%7C4.4.0%7C20220801&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1
IP 15.188.95.229:0
File type ASCII text, with very long lines (3687)
Hash 521a89a53688b1ade243ed8e156ac9df
b2f79993295166267b48739be452bb99279ccfaa
87508a9a181d2207ff6a3bc60759fe0aee5a387db3904d95e9784d974c8e8be5
GET /b/ss/regionsbankprod/10/JS-2.22.3/s83939419440152?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=19%2F8%2F2022%2019%3A37%3A12%201%200&d.&nsid=0&jsonv=1&.d&mid=53856063045845161293466509339461368495&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=rdc%7Clocator%7Cmortgage%20loan%20officer%20chris%20tilley%20atlanta&g=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&c.&apl=4.0&getPreviousValue=3.0&getPercentPageViewed=5.0&manageVars=3.0&.c&cc=USD&ch=locator&server=www.regions.com&events=event1&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=D%3Dv1&v1=rdc&h1=D%3Dv1&c2=D%3Dv2&v2=mlo&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=mortgage%20loan%20officer%20chris%20tilley%20atlanta&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=desktop%20layout%7C1280x939&c8=D%3Dv8&c9=D%3Dv9&v9=%7C&v10=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&v12=D%3Dmid&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=22.3.2%7C2.22.3%7C4.4.0%7C20220801&c75=D%3Dv68&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1 HTTP/1.1
Host: smetrics.regions.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Cookie: _gcl_au=1.1.2121237268.1663616231; btIdentify=dae2c150-ca73-41fb-c6c6-5e8b7977d202; _bti=%7B%22app_id%22%3A%22regions-bank%22%2C%22bsin%22%3A%22QGh285WDemJB9Fdwv2xxa3zR09NypTtJEokYfQijpEH8%2BEP11dSPG6uuuapS5y%2B%2BkqowefKC0xZDD8U2o%2Fiv5Q%3D%3D%22%2C%22is_identified%22%3Afalse%7D; _bts=713a5118-b4b9-480c-a03c-ce87dd389be7; _uetsid=74da4b90385211ed877c13903b979b9f; _uetvid=74da8dc0385211edbeaa8feb9eba10a9; __qca=P0-1102145473-1663616231840; _fbp=fb.1.1663616232022.1384872279; AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg=1585540135%7CMCMID%7C53856063045845161293466509339461368495%7CMCAID%7CNONE%7CMCOPTOUT-1663623432s%7CNONE%7CMCAAMLH-1664221032%7C6%7CMCAAMB-1664221032%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CvVersion%7C4.4.0; s_ecid=MCMID%7C53856063045845161293466509339461368495; AMCVS_DB9639725BD2FC5B0A495C65%40AdobeOrg=1; s_lang=en; gpv_pn=rdc%7Clocator%7Cmortgage%20loan%20officer%20chris%20tilley%20atlanta; s_ips=939; s_tp=2685; s_ppv=rdc%257Clocator%257Cmortgage%2520loan%2520officer%2520chris%2520tilley%2520atlanta%2C35%2C35%2C939%2C1%2C2; s_cc=true
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Mon, 19 Sep 2022 19:37:32 GMT
expires: Sun, 18 Sep 2022 19:37:32 GMT
last-modified: Tue, 20 Sep 2022 19:37:32 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C53856063045845161293466509339461368495; Path=/; Domain=regions.com; Max-Age=63072000; Expires=Wed, 18 Sep 2024 19:37:37 GMT;
etag: 3572588699713372160-4619692935081116420
vary: *
dcs: dcs-prod-irl1-2-v041-00a6e6b28.edge-irl1.demdex.com 6 ms
x-aam-tid: 6xzU13BLS14=
content-type: application/x-javascript;charset=utf-8
content-length: 3688
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 29f639cb699e6e460058e3c99bd4f3cf
9caeef6cf092a5afaf4578321a7301651468e3ce
5d9664e0c869eab361913cd50bf4e1cca2601239b467adba3af0ae049e7c070a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 01:42:53 GMT
Expires: Sun, 25 Sep 2022 01:42:52 GMT
Etag: "9caeef6cf092a5afaf4578321a7301651468e3ce"
Cache-Control: max-age=453319,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6c98fa0b518-OSL
idsync.rlcdn.com/501709.gif?partner_uid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674
35.244.174.68307 Temporary Redirect 0 B URL HTTP/2 idsync.rlcdn.com/501709.gif?partner_uid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /501709.gif?partner_uid=537b32e2-9f88-4be6-a07e-82146508cd8f%3A1663616251.0558674 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://20839218p.rfihub.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
cache-control: no-cache, no-store
location: https://idsync.rlcdn.com/1000.gif?memo=CM3PHhJBCj0IARAFGjc1MzdiMzJlMi05Zjg4LTRiZTYtYTA3ZS04MjE0NjUwOGNkOGY6MTY2MzYxNjI1MS4wNTU4Njc0EAAaDQj8iaOZBhIFCOgHEABCAEoA
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Fri, 18 Nov 2022 19:37:32 GMT; Secure; SameSite=None
timing-allow-origin: *
date: Mon, 19 Sep 2022 19:37:32 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
regionsbank.mpeasylink.com/mpel/mpel.js
54.174.98.17200 1.7 kB URL HTTP/1.1 regionsbank.mpeasylink.com/mpel/mpel.js
IP 54.174.98.17:0
File type ASCII text, with very long lines (515)
Hash 6fdd7985388a9a91f458c96ece692409
c655f98e175824e81802934d717e0607b25d906f
17936884b849d8d2f051fa0b88d5cb58466d78931b687900b1b90aecde32d977
Analyzer Verdict Alert quad9 Sinkholed
GET /mpel/mpel.js HTTP/1.1
Host: regionsbank.mpeasylink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"5096-1630605988000"
Last-Modified: Thu, 02 Sep 2021 18:06:28 GMT
Cache-Control: max-age=86400
Expires: Tue, 20 Sep 2022 19:37:32 GMT
vary: accept-encoding
Content-Encoding: gzip
regions.demdex.net/dest5.html?d_nsid=undefined
52.213.133.86200 OK 2.8 kB URL HTTP/1.1 regions.demdex.net/dest5.html?d_nsid=undefined
IP 52.213.133.86:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=undefined HTTP/1.1
Host: regions.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Mon, 19 Sep 2022 19:37:32 GMT
DCS: dcs-prod-irl1-1-v041-0a24ddc8f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Sep 2022 08:53:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: Vvz+cKkpRoQ=
Content-Length: 2791
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 90f4b09564db0d8402746c9b6eac1e71
176e724ecef417cde5d3d3da76d2c9c943a1984f
f0fe0f6b3e61bf2175d12a7cf02269e3dae3235d32699c70c11630c447a0c23a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 17 Sep 2022 15:43:23 GMT
Expires: Sat, 24 Sep 2022 15:43:22 GMT
Etag: "176e724ecef417cde5d3d3da76d2c9c943a1984f"
Cache-Control: max-age=417349,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ca0dcdb4fa-OSL
regionsbank.mpeasylink.com/mpel/mpel_storage.html?cmd=getpref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
54.174.98.17200 1.2 kB URL HTTP/1.1 regionsbank.mpeasylink.com/mpel/mpel_storage.html?cmd=getpref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta
IP 54.174.98.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (650)
Hash 4e15b50697a74d423a6d9933b24a00a3
56185b17a5a18f75c8269f522a6f6e65dfd5a0f2
daccffddc4a2db0ebc4a2461a23cd60cabf64c5f60c9c099fc157ba2278f9dc7
Analyzer Verdict Alert quad9 Sinkholed
GET /mpel/mpel_storage.html?cmd=getpref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta HTTP/1.1
Host: regionsbank.mpeasylink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"2762-1630605988000"
Last-Modified: Thu, 02 Sep 2021 18:06:28 GMT
vary: accept-encoding
Content-Encoding: gzip
lptag.liveperson.net/tag/tag.js?site=60208595
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=60208595
IP 178.249.101.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=60208595 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash e61e62c2907908c95188608e7585a1da
33371f3c18b671d51f4e42e721f1df9e74580e1f
b22984c62ae943c3c5ed1f0bf96fb9c3e7262b183f6c3c99adb1cae19c2e7a54
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 19 Sep 2022 19:37:32 GMT
Last-Modified: Mon, 19 Sep 2022 18:15:32 GMT
Server: ECS (bsa/EB15)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VkuJ15sJTVhdwFScxKGVYXgLN-4rPg7NTUTzg36MtzUyRGhCqubDjA==
Age: 4920
siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
104.17.208.240200 OK 32 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
IP 104.17.208.240:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1861b943b8d4716a42c40280a6e7c9da
d81e72828faeb5f303b580ed6f327f9bd2980fcb
0c1dd6a73f5c691ecabe419c07d6f603bae467e993530c94e6c10bf47506b4d5
GET /dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript
cf-ray: 74d4c6ca9d94fab8-OSL
access-control-allow-origin: *
age: 582154
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"19abd-18333011708"
last-modified: Mon, 12 Sep 2022 18:40:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=105149
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
cm.everesttech.net/cm/dd?d_uuid=48053985149019428604041474872451136194
34.248.32.199302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=48053985149019428604041474872451136194
IP 34.248.32.199:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=48053985149019428604041474872451136194 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~YyjE-AAAAEk5TgN6; Domain=.everesttech.net; Expires=Tue, 19-Sep-2023 19:37:32 GMT; Path=/
everest_session_v2=YyjE-AAAAEk5TwN6; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
Server: AMO-cookiemap/1.1
regionsbank.mpeasylink.com/mpel/mpel?href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&ref=&lang=&country=undefined&curr=undefined®ion=undefined&osl=en-US
54.174.98.17200 641 B URL HTTP/1.1 regionsbank.mpeasylink.com/mpel/mpel?href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&ref=&lang=&country=undefined&curr=undefined®ion=undefined&osl=en-US
IP 54.174.98.17:0
File type ASCII text, with very long lines (641), with no line terminators
Hash b3dd2edb5dfeee1a0529766c41957c67
447d5e8bf3cb4bf49aab01f12639afc933b8ff38
ef9ba31d511766efc2f207e993c8a1286ccddcf236fe5910ebbd70b38d324ecd
Analyzer Verdict Alert quad9 Sinkholed
GET /mpel/mpel?href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&ref=&lang=&country=undefined&curr=undefined®ion=undefined&osl=en-US HTTP/1.1
Host: regionsbank.mpeasylink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 641
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT STA"
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
regionsbank.mpeasylink.com/mpel/mpel_ssd.js
54.174.98.17200 1.3 kB URL HTTP/1.1 regionsbank.mpeasylink.com/mpel/mpel_ssd.js
IP 54.174.98.17:0
File type ASCII text, with very long lines (502)
Hash d2bb2d87021ee3565a99e3a9931bcde4
108222707532738b19ec38f7d76400a42b64c638
88020687f4c733cb981045c3a507745f234a477ad13caf8c17192344c649f480
Analyzer Verdict Alert quad9 Sinkholed
GET /mpel/mpel_ssd.js HTTP/1.1
Host: regionsbank.mpeasylink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"3276-1630605988000"
Last-Modified: Thu, 02 Sep 2021 18:06:28 GMT
Cache-Control: max-age=86400
Expires: Tue, 20 Sep 2022 19:37:32 GMT
vary: accept-encoding
Content-Encoding: gzip
sjc1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_3Rb1cZVNRo1x9BA
23.38.201.123200 OK 2.1 kB URL HTTP/2 sjc1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_3Rb1cZVNRo1x9BA
IP 23.38.201.123:0
File type PNG image data, 40 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 8589c169002370f528326cb492232e81
af7b67df6f182becf3708eb1363858326009a3a0
0055a4ba915b2740205b0823e65ecb2ad2e367938e8cf1fe7010dff9e9c6aeb2
GET /WRQualtricsSiteIntercept/Graphic.php?IM=IM_3Rb1cZVNRo1x9BA HTTP/1.1
Host: sjc1.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "8589c169002370f528326cb492232e81"
access-control-allow-origin: *
x-request-id: e4dd0125-b486-4074-8c83-56d62549e421
x-transaction-id: c5d6906e-1e59-4c92-80e7-8cb34c39a097
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
permissions-policy: camera=(), geolocation=(), microphone=()
x-edgeconnect-midmile-rtt: 23
x-edgeconnect-origin-mex-latency: 182
x-envoy-upstream-service-time: 17
server: envoy
content-disposition: inline; filename=Feedback+tab+-+dark+outline
content-length: 2098
content-type: image/png
x-robots-tag: noindex
cache-control: public, max-age=47
expires: Mon, 19 Sep 2022 19:38:19 GMT
date: Mon, 19 Sep 2022 19:37:32 GMT
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
dpm.demdex.net/ibs:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
54.171.150.101302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
IP 54.171.150.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=YyjE-AAAAEk5TgN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v041-0cfadca90.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=70328939610450999652589284580225765718; Max-Age=15552000; Expires=Sat, 18 Mar 2023 19:37:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: rs1467ZNQU0=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
54.171.150.101200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyjE-AAAAEk5TgN6
IP 54.171.150.101:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YyjE-AAAAEk5TgN6 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.regions.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v041-0fed48681.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 6TZ6WQJqS/g=
Content-Length: 59
Connection: keep-alive
regionsbank.mpeasylink.com/mpel/mpel_storage.html?cmd=storePref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&siteurl=www.regions.com&lang=en&country=®ion=&sitelist=www.regions.com,regions.com,www.regionstest.com;espanol.regions.com¤cy=&nonMP=false&mode=&uuid=
54.174.98.17200 1.2 kB URL HTTP/1.1 regionsbank.mpeasylink.com/mpel/mpel_storage.html?cmd=storePref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&siteurl=www.regions.com&lang=en&country=®ion=&sitelist=www.regions.com,regions.com,www.regionstest.com;espanol.regions.com¤cy=&nonMP=false&mode=&uuid=
IP 54.174.98.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (650)
Hash 4e15b50697a74d423a6d9933b24a00a3
56185b17a5a18f75c8269f522a6f6e65dfd5a0f2
daccffddc4a2db0ebc4a2461a23cd60cabf64c5f60c9c099fc157ba2278f9dc7
Analyzer Verdict Alert quad9 Sinkholed
GET /mpel/mpel_storage.html?cmd=storePref&href=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&siteurl=www.regions.com&lang=en&country=®ion=&sitelist=www.regions.com,regions.com,www.regionstest.com;espanol.regions.com¤cy=&nonMP=false&mode=&uuid= HTTP/1.1
Host: regionsbank.mpeasylink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200
Server: nginx
Date: Mon, 19 Sep 2022 19:37:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
ETag: W/"2762-1630605988000"
Last-Modified: Thu, 02 Sep 2021 18:06:28 GMT
vary: accept-encoding
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7b82cd5e9c823eac9f46bb61a9f93e97
249225558462eb42fb283715a9a90746f81de743
2f92573476ea23077902897224285cf0f141763841ceae243358f1a62a9f0952
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 16:31:52 GMT
Expires: Fri, 23 Sep 2022 16:31:51 GMT
Etag: "249225558462eb42fb283715a9a90746f81de743"
Cache-Control: max-age=333857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ce8caa0b02-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7b82cd5e9c823eac9f46bb61a9f93e97
249225558462eb42fb283715a9a90746f81de743
2f92573476ea23077902897224285cf0f141763841ceae243358f1a62a9f0952
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 16:31:52 GMT
Expires: Fri, 23 Sep 2022 16:31:51 GMT
Etag: "249225558462eb42fb283715a9a90746f81de743"
Cache-Control: max-age=333857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ce8d16b4fa-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7b82cd5e9c823eac9f46bb61a9f93e97
249225558462eb42fb283715a9a90746f81de743
2f92573476ea23077902897224285cf0f141763841ceae243358f1a62a9f0952
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 16:31:52 GMT
Expires: Fri, 23 Sep 2022 16:31:51 GMT
Etag: "249225558462eb42fb283715a9a90746f81de743"
Cache-Control: max-age=333857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ceaa44b518-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7b82cd5e9c823eac9f46bb61a9f93e97
249225558462eb42fb283715a9a90746f81de743
2f92573476ea23077902897224285cf0f141763841ceae243358f1a62a9f0952
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 16:31:52 GMT
Expires: Fri, 23 Sep 2022 16:31:51 GMT
Etag: "249225558462eb42fb283715a9a90746f81de743"
Cache-Control: max-age=333857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6ceba99b4eb-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 7b82cd5e9c823eac9f46bb61a9f93e97
249225558462eb42fb283715a9a90746f81de743
2f92573476ea23077902897224285cf0f141763841ceae243358f1a62a9f0952
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Sep 2022 19:37:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 16 Sep 2022 16:31:52 GMT
Expires: Fri, 23 Sep 2022 16:31:51 GMT
Etag: "249225558462eb42fb283715a9a90746f81de743"
Cache-Control: max-age=333857,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74d4c6cebe5f1c0e-OSL
siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_d6XJAZtXw3FDrIp&Q_SIID=SI_9ZSfygjz9UlZlBP&Q_ASID=AS_41676732&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&r=1663616233081
104.17.208.240200 OK 1.6 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_d6XJAZtXw3FDrIp&Q_SIID=SI_9ZSfygjz9UlZlBP&Q_ASID=AS_41676732&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&r=1663616233081
IP 104.17.208.240:0
File type ASCII text, with no line terminators
Hash 7cdd1f4846296e5a96210388faa2be27
d807ef839b7939ca5cd8cccbdaaa4c70e2e754fc
3164e38eeee997ee07ea858a11b85221ac7befe32f2bc20cd93d9fa33087155b
POST /WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_d6XJAZtXw3FDrIp&Q_SIID=SI_9ZSfygjz9UlZlBP&Q_ASID=AS_41676732&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&r=1663616233081 HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 82
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:33 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 74d4c6cccefafab8-OSL
access-control-allow-origin: https://www.regions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
trace-id: 8d20ec6bae05ac4c
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1202&i=6ntev9&p=regions-prod&s=16471&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MSwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAA80RodHRwczovL3d3dy5nb29nbGUuY29tL3BhZ2VhZC8xcC11c2VyLWxpc3QvOTU5NTgxODA2Lz9yYW5kb209MTY2MzYxNjIzMTg5NyZjdj05JmZzdBcAITQwAQCxJm51bT0xJmJnPWYBAPAPJmd1aWQ9T04mdV9oPTEwMjQmdV93PTEyODAmdV9hEwAgMDIKAAUUADFjZD0lALBoaXM9MSZ1X3R6PSsA8QNqYXZhPWZhbHNlJnVfbnBsdWcXAPAobm1pbWU9MCZndG09Mm9hOWUwJnNlbmRiPTEmZGF0YT1ldmVudCUzRGd0YWcuY29uZmlnJmZybTwAMXJsPQ4BkCUzQSUyRiUyRhQBA6YBABUB8AElMkZsb2NhdG9yJTJGbWxvBgDyIW9ydGdhZ2UtbG9hbi1vZmZpY2VyLWNocmlzLXRpbGxleS1hdGxhbnRhJnRpYmE9QQ0AQyUyME06APAEJTIwTGVuZGVyJTIwJTdDJTIwQz4AQSUyMFRAAAUXAAPTAfAFJmFzeW5jPTEmZm10PTMmaXNfdnQPAAOSAfECMjc5MTMyMjk2OSZyZXNwPUfTAfARbUtUeWJRaENzTyZybXRfdGxkPTAmaXByPXkiLCJ0eXBYAqBpbWciLCJzdGFybwITNtkBQDIwNjZdAgDEAgoUAFNzb3VyYzkA8ABfRE9NQXR0ck1vZGlmaWXPAuFzdGF0dXMiOiJhbGxvdxMAYHJlYXNvboUCMF0sIo0BZFBhdHRlchIAAGQCciI6W10sImluAM8yNDMyNDk1MTU4fSy3AhAvbm-2Av_QHzG2ApCfMDg4NzkyMzc3tgIHAmkF9AZhZHMuZy5kb3VibGVjbGljay5uZXTEAuN2aWV3dGhyb3VnaGNvbnAGD4MFHQSaBQ-DBQUPIwQDD5kFXhBpuwUAEQQPngWwAN0GtjIxMjEyMzcyNjguIgdAJmhuPVEGAvwBAFAGBcsFEnLMBQAGABY0kQVvc2NyaXB0lAUATzE5MDGUBQA1OCwilAWpYXBwZW5kQ2hpbIwFMGxvYRAAD4kFHa8zMzEwMjg0MDU20wL__0ofMtMCDDFtdXS0ChJPAAsyckNMGwMCZggP2gItD60FCPABMjA4MzkyMThwLnJmaWh1YrsD9AwvY2EuaHRtbD92ZXI9OSZyYj00NjEyMSZjYT0vAG8mY3VzdDFSCg4_JnBlJAAOD3YKKPYIcGY9JnJhPTYyNzY5ODg0NzkyNDAyOTNmBFBpZnJhbU4MDPoJTjE3NzWTASc3OWYEs2luc2VydEJlZm9yQgAPjQEqrzQzOTE3ODY1NDVnBAcEXgEPjQHfHzeNAQwPIANCBZMBDyADCArVBgTACAk6Do8xMDEzNTM2NDsOAk85MDQmOw7_cp8xOTE0MTQwNDQ7DjYfOUEEAAAUAAWnCD9pbWc7DkOvMTcxMDEyNjUwOUsEBwe4Ag87DgQPtwL_vA88DhYfOfIQACg5N_gGD7cCRa8zMDg0OTM1NTMztwIHAkAMDzwOIA_OAh0APQ4AnAUPPQ7_vx04Sgg3MTAw3wIPPQ47jzU1NzExNzI4iwUJD9QC__8wHjEeCwrUAg8eC0IE2wIfMaEWCA_bAkUcOTQLAq8FEzlvGQBMEv8NMyZsYWJlbD1GMGtRQ0lXSWdxWUJFSmF0cGVNRJAZAA8NFIYGABUPqhmcDwwUB49ndG1fZWU9MRUUAJJnY3A9MSZjdF_fG6RfcHJlc2VudD0xLxQHvA8PsxkCPzE5MeIFARcy4gUMDgMfQUsRMK80Njc5Mzg1MTUxvAgH4XB4bC5xY2NlcnR0ZXN0SRHwCXBpeGVsP3I9OTc2OTY4OTQxO2ZwYW49MAcA9gA9UDAtMTEwMjE0NTQ3My1MFfAHODQwO3BiYz07bnM9MDtjZT0xO3FqcwYA9x12PWQxODE3MWU1LTIwMjIwOTEzMTA1OTEyO3JlZj07Y209O2dkcHI9MDtkPdsbkztkc3Q9MDtldLwc_wA2MjMyMDMxO3R6bz0wO3UaHEpQO29nbD3jEfMGbGUuZW5fVVMlMkNzaXRlX25hbWUu9xtwQmFuayUyQ6wb_wIuYXJ0aWNsZSUyQ1RpdGxlLlUcL1IlMkNkZXAWUGlvbi5MWR5gbmclMjBm7BxmMGElMjBtsBwUbLAcVGluJTIwfgAvM0a8HAFTYXQlMjDEADIlMjDHADAwY2E6AM1hc3NpcyUyQ3VybC55HVMlMjUyRaIBAQwAP2NvbYEdFgFDHRItQR0ULaEAfzJDaW1hZ2VrABYQLeAdgGVkaWElMkZJOgC1cyUyRldlYlNpdGUQAAOiAFEtbG9nb6cAoHBuZyUzRnJldmkhIDAlM0QJIAC3AT8iOiJjHQUuMzOSCR80sANOMDM4MiMDHzIjDwyBZmFjZWJvb2uuA_AAdHIvP2lkPTQ5OTEwODUzJBT_AjcxNCZldj1QYWdlVmlldyZkRh9KY3JsPSZpZvgfKHRzrwNDMjImczUgEHNHIPYYMjQmdj0yLjkuODMmcj1zdGFibGUmZWM9MCZvPTMwJmZicD1mYi4xoxkADgHXLjEzODQ4NzIyNzkmaQ4EgzE4MjYmY29vegB_cnFtPUdFVIsFDT4yMDIDES8xNdsBTZ8yOTA4MDI0OTK2EyEGbgcfLzIODA-DCAwPfQj_qEBzc2N0nQgPhQgIHya0HB4fMeUEABg1ThgPdw48jzE1NjE5NzA0SxEIBwIUCvQkDwQD__9ID5kLAAkEAwyZCw_lHDIUNQsDD6cOCAcLAw8NFwQP_if_uw8MFxYfNrICABg3LRQMsgIPSw4xFDJDJQ-bCgwCXBEBmQoPsCr_-Q8LFAAvNzP9EEwFqyoPsgIrD3ELDA8oH__HHjkAEC83NLMCTAQjHx8xIQsTDxYIBA-yAv-8DxcIFh85sgIAGDgjHw8XCEEFHh8PhyoIQHQudGUcH7B0di90cmFjaz9hY-kyED0gCAGfEvMAZW52PWpzLXdlYiZ0YWdfWS3xBj01LjYuMl9jYWQ0YTM3JmJ1eWVyX5sW_wFfaWQ9NTk5NSZyZWZlcmVyrSdJYGNvaG9ydHIABbQUDygyJg-bEg8eNZEPKDIz2wkP3yc8nzI0MjIyNjg4OIcMCA-_Af8aHTQ1Bgq_AQyDAw9MDjIFxQEP6QgILWFk1TBAZGRtL4oD8AJ2aXR5L3NyYz05MTAwNTc2OxoXcj1wdjtjYXSQGZAwO2RjX2xhdD0IAGByZGlkPTuoA_AJZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF08Db_FT07dGZ1YT07bnBhPTtvcmQ9MT82MDkwMjkzOTU1Njc3LjYwNw8DDT8xMjgPAw0PoBI7nzI0NTA5NjcxNqQVCA9JAaMAKyUiZW7DNTAzNjFLGw-ZAlICUAEfOH8cCCFidBQGATEOIGVuuDcAPwIRLxM48Qk_aW5wdXQ9JTdCJTIyZ2xvYmFsSWQlMjINOBEyyjhAMDAwLQkACwUAABMAQDAwNDItAGAyQyUyMmOZAjdpdmVAAAUcAFBwbGFjZXYADx0AASlnb3UAVTQ0OTExOgAwc2VzUhoHOAD1FTRhYmYzMmRhLTA0Y2MtNGJjNC05MDFmLTc3OTVjNjcyZDI2ZT8AcnBhcmVudFCCOidlckcABiMADx0ACQCSHA81AAFvY29tbW9uGgABcGhlYXJ0YmUCHABGASExJR0BMHVybHEAAGM5HTL1GxMuTxsAogEP7RsWD245AQBjAAFvALBmaW5nZXJwcmludBQAAXcAAAkADB0AUVByb3ZphjkArAABIgBGMiU3RDcEMnhociUfCh85HzN6IgAQM4AfBeQqslhIUl9NQU5BR0VSQQACJC8PFzknrzM2OTgzMzcwNDJpHwcP6gL__0QOCxQP6gJVD6MOCA_qAgRAZ2V0cFoiMHM_Z7AeAEoFD8wDEA7WDCgzMaMaD8wDP8A1MTA5OTgwMTl9XX0
63.34.68.24204 No Content 0 B URL HTTP/2 data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1202&i=6ntev9&p=regions-prod&s=16471&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MSwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAA80RodHRwczovL3d3dy5nb29nbGUuY29tL3BhZ2VhZC8xcC11c2VyLWxpc3QvOTU5NTgxODA2Lz9yYW5kb209MTY2MzYxNjIzMTg5NyZjdj05JmZzdBcAITQwAQCxJm51bT0xJmJnPWYBAPAPJmd1aWQ9T04mdV9oPTEwMjQmdV93PTEyODAmdV9hEwAgMDIKAAUUADFjZD0lALBoaXM9MSZ1X3R6PSsA8QNqYXZhPWZhbHNlJnVfbnBsdWcXAPAobm1pbWU9MCZndG09Mm9hOWUwJnNlbmRiPTEmZGF0YT1ldmVudCUzRGd0YWcuY29uZmlnJmZybTwAMXJsPQ4BkCUzQSUyRiUyRhQBA6YBABUB8AElMkZsb2NhdG9yJTJGbWxvBgDyIW9ydGdhZ2UtbG9hbi1vZmZpY2VyLWNocmlzLXRpbGxleS1hdGxhbnRhJnRpYmE9QQ0AQyUyME06APAEJTIwTGVuZGVyJTIwJTdDJTIwQz4AQSUyMFRAAAUXAAPTAfAFJmFzeW5jPTEmZm10PTMmaXNfdnQPAAOSAfECMjc5MTMyMjk2OSZyZXNwPUfTAfARbUtUeWJRaENzTyZybXRfdGxkPTAmaXByPXkiLCJ0eXBYAqBpbWciLCJzdGFybwITNtkBQDIwNjZdAgDEAgoUAFNzb3VyYzkA8ABfRE9NQXR0ck1vZGlmaWXPAuFzdGF0dXMiOiJhbGxvdxMAYHJlYXNvboUCMF0sIo0BZFBhdHRlchIAAGQCciI6W10sImluAM8yNDMyNDk1MTU4fSy3AhAvbm-2Av_QHzG2ApCfMDg4NzkyMzc3tgIHAmkF9AZhZHMuZy5kb3VibGVjbGljay5uZXTEAuN2aWV3dGhyb3VnaGNvbnAGD4MFHQSaBQ-DBQUPIwQDD5kFXhBpuwUAEQQPngWwAN0GtjIxMjEyMzcyNjguIgdAJmhuPVEGAvwBAFAGBcsFEnLMBQAGABY0kQVvc2NyaXB0lAUATzE5MDGUBQA1OCwilAWpYXBwZW5kQ2hpbIwFMGxvYRAAD4kFHa8zMzEwMjg0MDU20wL__0ofMtMCDDFtdXS0ChJPAAsyckNMGwMCZggP2gItD60FCPABMjA4MzkyMThwLnJmaWh1YrsD9AwvY2EuaHRtbD92ZXI9OSZyYj00NjEyMSZjYT0vAG8mY3VzdDFSCg4_JnBlJAAOD3YKKPYIcGY9JnJhPTYyNzY5ODg0NzkyNDAyOTNmBFBpZnJhbU4MDPoJTjE3NzWTASc3OWYEs2luc2VydEJlZm9yQgAPjQEqrzQzOTE3ODY1NDVnBAcEXgEPjQHfHzeNAQwPIANCBZMBDyADCArVBgTACAk6Do8xMDEzNTM2NDsOAk85MDQmOw7_cp8xOTE0MTQwNDQ7DjYfOUEEAAAUAAWnCD9pbWc7DkOvMTcxMDEyNjUwOUsEBwe4Ag87DgQPtwL_vA88DhYfOfIQACg5N_gGD7cCRa8zMDg0OTM1NTMztwIHAkAMDzwOIA_OAh0APQ4AnAUPPQ7_vx04Sgg3MTAw3wIPPQ47jzU1NzExNzI4iwUJD9QC__8wHjEeCwrUAg8eC0IE2wIfMaEWCA_bAkUcOTQLAq8FEzlvGQBMEv8NMyZsYWJlbD1GMGtRQ0lXSWdxWUJFSmF0cGVNRJAZAA8NFIYGABUPqhmcDwwUB49ndG1fZWU9MRUUAJJnY3A9MSZjdF_fG6RfcHJlc2VudD0xLxQHvA8PsxkCPzE5MeIFARcy4gUMDgMfQUsRMK80Njc5Mzg1MTUxvAgH4XB4bC5xY2NlcnR0ZXN0SRHwCXBpeGVsP3I9OTc2OTY4OTQxO2ZwYW49MAcA9gA9UDAtMTEwMjE0NTQ3My1MFfAHODQwO3BiYz07bnM9MDtjZT0xO3FqcwYA9x12PWQxODE3MWU1LTIwMjIwOTEzMTA1OTEyO3JlZj07Y209O2dkcHI9MDtkPdsbkztkc3Q9MDtldLwc_wA2MjMyMDMxO3R6bz0wO3UaHEpQO29nbD3jEfMGbGUuZW5fVVMlMkNzaXRlX25hbWUu9xtwQmFuayUyQ6wb_wIuYXJ0aWNsZSUyQ1RpdGxlLlUcL1IlMkNkZXAWUGlvbi5MWR5gbmclMjBm7BxmMGElMjBtsBwUbLAcVGluJTIwfgAvM0a8HAFTYXQlMjDEADIlMjDHADAwY2E6AM1hc3NpcyUyQ3VybC55HVMlMjUyRaIBAQwAP2NvbYEdFgFDHRItQR0ULaEAfzJDaW1hZ2VrABYQLeAdgGVkaWElMkZJOgC1cyUyRldlYlNpdGUQAAOiAFEtbG9nb6cAoHBuZyUzRnJldmkhIDAlM0QJIAC3AT8iOiJjHQUuMzOSCR80sANOMDM4MiMDHzIjDwyBZmFjZWJvb2uuA_AAdHIvP2lkPTQ5OTEwODUzJBT_AjcxNCZldj1QYWdlVmlldyZkRh9KY3JsPSZpZvgfKHRzrwNDMjImczUgEHNHIPYYMjQmdj0yLjkuODMmcj1zdGFibGUmZWM9MCZvPTMwJmZicD1mYi4xoxkADgHXLjEzODQ4NzIyNzkmaQ4EgzE4MjYmY29vegB_cnFtPUdFVIsFDT4yMDIDES8xNdsBTZ8yOTA4MDI0OTK2EyEGbgcfLzIODA-DCAwPfQj_qEBzc2N0nQgPhQgIHya0HB4fMeUEABg1ThgPdw48jzE1NjE5NzA0SxEIBwIUCvQkDwQD__9ID5kLAAkEAwyZCw_lHDIUNQsDD6cOCAcLAw8NFwQP_if_uw8MFxYfNrICABg3LRQMsgIPSw4xFDJDJQ-bCgwCXBEBmQoPsCr_-Q8LFAAvNzP9EEwFqyoPsgIrD3ELDA8oH__HHjkAEC83NLMCTAQjHx8xIQsTDxYIBA-yAv-8DxcIFh85sgIAGDgjHw8XCEEFHh8PhyoIQHQudGUcH7B0di90cmFjaz9hY-kyED0gCAGfEvMAZW52PWpzLXdlYiZ0YWdfWS3xBj01LjYuMl9jYWQ0YTM3JmJ1eWVyX5sW_wFfaWQ9NTk5NSZyZWZlcmVyrSdJYGNvaG9ydHIABbQUDygyJg-bEg8eNZEPKDIz2wkP3yc8nzI0MjIyNjg4OIcMCA-_Af8aHTQ1Bgq_AQyDAw9MDjIFxQEP6QgILWFk1TBAZGRtL4oD8AJ2aXR5L3NyYz05MTAwNTc2OxoXcj1wdjtjYXSQGZAwO2RjX2xhdD0IAGByZGlkPTuoA_AJZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF08Db_FT07dGZ1YT07bnBhPTtvcmQ9MT82MDkwMjkzOTU1Njc3LjYwNw8DDT8xMjgPAw0PoBI7nzI0NTA5NjcxNqQVCA9JAaMAKyUiZW7DNTAzNjFLGw-ZAlICUAEfOH8cCCFidBQGATEOIGVuuDcAPwIRLxM48Qk_aW5wdXQ9JTdCJTIyZ2xvYmFsSWQlMjINOBEyyjhAMDAwLQkACwUAABMAQDAwNDItAGAyQyUyMmOZAjdpdmVAAAUcAFBwbGFjZXYADx0AASlnb3UAVTQ0OTExOgAwc2VzUhoHOAD1FTRhYmYzMmRhLTA0Y2MtNGJjNC05MDFmLTc3OTVjNjcyZDI2ZT8AcnBhcmVudFCCOidlckcABiMADx0ACQCSHA81AAFvY29tbW9uGgABcGhlYXJ0YmUCHABGASExJR0BMHVybHEAAGM5HTL1GxMuTxsAogEP7RsWD245AQBjAAFvALBmaW5nZXJwcmludBQAAXcAAAkADB0AUVByb3ZphjkArAABIgBGMiU3RDcEMnhociUfCh85HzN6IgAQM4AfBeQqslhIUl9NQU5BR0VSQQACJC8PFzknrzM2OTgzMzcwNDJpHwcP6gL__0QOCxQP6gJVD6MOCA_qAgRAZ2V0cFoiMHM_Z7AeAEoFD8wDEA7WDCgzMaMaD8wDP8A1MTA5OTgwMTl9XX0
IP 63.34.68.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /privacy/v1/b/r.rnc?n=3&c=1202&i=6ntev9&p=regions-prod&s=16471&d=8BV7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNTcUAPAmY2xpZW50SWQiOjEyMDIsInB1Ymxpc2hQYXRoIjoicmVnaW9ucy1wcm9kIiwiaW5zdGFuY2UvAPE0IjZudGV2OSIsInBhY2tldCI6MSwibW9kZSI6Im9ic2VydmUiLCJjb29raWVzIjp7fSwiZW52aXJvbm1lbnQiOiJSZVwAIiBQXADyBnJlcXVlc3RzIjpbeyJkZXN0aW5hdMAA80RodHRwczovL3d3dy5nb29nbGUuY29tL3BhZ2VhZC8xcC11c2VyLWxpc3QvOTU5NTgxODA2Lz9yYW5kb209MTY2MzYxNjIzMTg5NyZjdj05JmZzdBcAITQwAQCxJm51bT0xJmJnPWYBAPAPJmd1aWQ9T04mdV9oPTEwMjQmdV93PTEyODAmdV9hEwAgMDIKAAUUADFjZD0lALBoaXM9MSZ1X3R6PSsA8QNqYXZhPWZhbHNlJnVfbnBsdWcXAPAobm1pbWU9MCZndG09Mm9hOWUwJnNlbmRiPTEmZGF0YT1ldmVudCUzRGd0YWcuY29uZmlnJmZybTwAMXJsPQ4BkCUzQSUyRiUyRhQBA6YBABUB8AElMkZsb2NhdG9yJTJGbWxvBgDyIW9ydGdhZ2UtbG9hbi1vZmZpY2VyLWNocmlzLXRpbGxleS1hdGxhbnRhJnRpYmE9QQ0AQyUyME06APAEJTIwTGVuZGVyJTIwJTdDJTIwQz4AQSUyMFRAAAUXAAPTAfAFJmFzeW5jPTEmZm10PTMmaXNfdnQPAAOSAfECMjc5MTMyMjk2OSZyZXNwPUfTAfARbUtUeWJRaENzTyZybXRfdGxkPTAmaXByPXkiLCJ0eXBYAqBpbWciLCJzdGFybwITNtkBQDIwNjZdAgDEAgoUAFNzb3VyYzkA8ABfRE9NQXR0ck1vZGlmaWXPAuFzdGF0dXMiOiJhbGxvdxMAYHJlYXNvboUCMF0sIo0BZFBhdHRlchIAAGQCciI6W10sImluAM8yNDMyNDk1MTU4fSy3AhAvbm-2Av_QHzG2ApCfMDg4NzkyMzc3tgIHAmkF9AZhZHMuZy5kb3VibGVjbGljay5uZXTEAuN2aWV3dGhyb3VnaGNvbnAGD4MFHQSaBQ-DBQUPIwQDD5kFXhBpuwUAEQQPngWwAN0GtjIxMjEyMzcyNjguIgdAJmhuPVEGAvwBAFAGBcsFEnLMBQAGABY0kQVvc2NyaXB0lAUATzE5MDGUBQA1OCwilAWpYXBwZW5kQ2hpbIwFMGxvYRAAD4kFHa8zMzEwMjg0MDU20wL__0ofMtMCDDFtdXS0ChJPAAsyckNMGwMCZggP2gItD60FCPABMjA4MzkyMThwLnJmaWh1YrsD9AwvY2EuaHRtbD92ZXI9OSZyYj00NjEyMSZjYT0vAG8mY3VzdDFSCg4_JnBlJAAOD3YKKPYIcGY9JnJhPTYyNzY5ODg0NzkyNDAyOTNmBFBpZnJhbU4MDPoJTjE3NzWTASc3OWYEs2luc2VydEJlZm9yQgAPjQEqrzQzOTE3ODY1NDVnBAcEXgEPjQHfHzeNAQwPIANCBZMBDyADCArVBgTACAk6Do8xMDEzNTM2NDsOAk85MDQmOw7_cp8xOTE0MTQwNDQ7DjYfOUEEAAAUAAWnCD9pbWc7DkOvMTcxMDEyNjUwOUsEBwe4Ag87DgQPtwL_vA88DhYfOfIQACg5N_gGD7cCRa8zMDg0OTM1NTMztwIHAkAMDzwOIA_OAh0APQ4AnAUPPQ7_vx04Sgg3MTAw3wIPPQ47jzU1NzExNzI4iwUJD9QC__8wHjEeCwrUAg8eC0IE2wIfMaEWCA_bAkUcOTQLAq8FEzlvGQBMEv8NMyZsYWJlbD1GMGtRQ0lXSWdxWUJFSmF0cGVNRJAZAA8NFIYGABUPqhmcDwwUB49ndG1fZWU9MRUUAJJnY3A9MSZjdF_fG6RfcHJlc2VudD0xLxQHvA8PsxkCPzE5MeIFARcy4gUMDgMfQUsRMK80Njc5Mzg1MTUxvAgH4XB4bC5xY2NlcnR0ZXN0SRHwCXBpeGVsP3I9OTc2OTY4OTQxO2ZwYW49MAcA9gA9UDAtMTEwMjE0NTQ3My1MFfAHODQwO3BiYz07bnM9MDtjZT0xO3FqcwYA9x12PWQxODE3MWU1LTIwMjIwOTEzMTA1OTEyO3JlZj07Y209O2dkcHI9MDtkPdsbkztkc3Q9MDtldLwc_wA2MjMyMDMxO3R6bz0wO3UaHEpQO29nbD3jEfMGbGUuZW5fVVMlMkNzaXRlX25hbWUu9xtwQmFuayUyQ6wb_wIuYXJ0aWNsZSUyQ1RpdGxlLlUcL1IlMkNkZXAWUGlvbi5MWR5gbmclMjBm7BxmMGElMjBtsBwUbLAcVGluJTIwfgAvM0a8HAFTYXQlMjDEADIlMjDHADAwY2E6AM1hc3NpcyUyQ3VybC55HVMlMjUyRaIBAQwAP2NvbYEdFgFDHRItQR0ULaEAfzJDaW1hZ2VrABYQLeAdgGVkaWElMkZJOgC1cyUyRldlYlNpdGUQAAOiAFEtbG9nb6cAoHBuZyUzRnJldmkhIDAlM0QJIAC3AT8iOiJjHQUuMzOSCR80sANOMDM4MiMDHzIjDwyBZmFjZWJvb2uuA_AAdHIvP2lkPTQ5OTEwODUzJBT_AjcxNCZldj1QYWdlVmlldyZkRh9KY3JsPSZpZvgfKHRzrwNDMjImczUgEHNHIPYYMjQmdj0yLjkuODMmcj1zdGFibGUmZWM9MCZvPTMwJmZicD1mYi4xoxkADgHXLjEzODQ4NzIyNzkmaQ4EgzE4MjYmY29vegB_cnFtPUdFVIsFDT4yMDIDES8xNdsBTZ8yOTA4MDI0OTK2EyEGbgcfLzIODA-DCAwPfQj_qEBzc2N0nQgPhQgIHya0HB4fMeUEABg1ThgPdw48jzE1NjE5NzA0SxEIBwIUCvQkDwQD__9ID5kLAAkEAwyZCw_lHDIUNQsDD6cOCAcLAw8NFwQP_if_uw8MFxYfNrICABg3LRQMsgIPSw4xFDJDJQ-bCgwCXBEBmQoPsCr_-Q8LFAAvNzP9EEwFqyoPsgIrD3ELDA8oH__HHjkAEC83NLMCTAQjHx8xIQsTDxYIBA-yAv-8DxcIFh85sgIAGDgjHw8XCEEFHh8PhyoIQHQudGUcH7B0di90cmFjaz9hY-kyED0gCAGfEvMAZW52PWpzLXdlYiZ0YWdfWS3xBj01LjYuMl9jYWQ0YTM3JmJ1eWVyX5sW_wFfaWQ9NTk5NSZyZWZlcmVyrSdJYGNvaG9ydHIABbQUDygyJg-bEg8eNZEPKDIz2wkP3yc8nzI0MjIyNjg4OIcMCA-_Af8aHTQ1Bgq_AQyDAw9MDjIFxQEP6QgILWFk1TBAZGRtL4oD8AJ2aXR5L3NyYz05MTAwNTc2OxoXcj1wdjtjYXSQGZAwO2RjX2xhdD0IAGByZGlkPTuoA_AJZm9yX2NoaWxkX2RpcmVjdGVkX3RyZWF08Db_FT07dGZ1YT07bnBhPTtvcmQ9MT82MDkwMjkzOTU1Njc3LjYwNw8DDT8xMjgPAw0PoBI7nzI0NTA5NjcxNqQVCA9JAaMAKyUiZW7DNTAzNjFLGw-ZAlICUAEfOH8cCCFidBQGATEOIGVuuDcAPwIRLxM48Qk_aW5wdXQ9JTdCJTIyZ2xvYmFsSWQlMjINOBEyyjhAMDAwLQkACwUAABMAQDAwNDItAGAyQyUyMmOZAjdpdmVAAAUcAFBwbGFjZXYADx0AASlnb3UAVTQ0OTExOgAwc2VzUhoHOAD1FTRhYmYzMmRhLTA0Y2MtNGJjNC05MDFmLTc3OTVjNjcyZDI2ZT8AcnBhcmVudFCCOidlckcABiMADx0ACQCSHA81AAFvY29tbW9uGgABcGhlYXJ0YmUCHABGASExJR0BMHVybHEAAGM5HTL1GxMuTxsAogEP7RsWD245AQBjAAFvALBmaW5nZXJwcmludBQAAXcAAAkADB0AUVByb3ZphjkArAABIgBGMiU3RDcEMnhociUfCh85HzN6IgAQM4AfBeQqslhIUl9NQU5BR0VSQQACJC8PFzknrzM2OTgzMzcwNDJpHwcP6gL__0QOCxQP6gJVD6MOCA_qAgRAZ2V0cFoiMHM_Z7AeAEoFD8wDEA7WDCgzMaMaD8wDP8A1MTA5OTgwMTl9XX0 HTTP/1.1
Host: data.privacy.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 19 Sep 2022 19:37:33 GMT
expires: Mon, 19 Sep 2022 19:37:32 GMT
cache-control: no-cache, no-store
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.20.1.9-release_5536/lpChatV3.min.js?version=10.20.1.9-release_5536
178.249.97.98200 OK 31 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.20.1.9-release_5536/lpChatV3.min.js?version=10.20.1.9-release_5536
IP 178.249.97.98:0
File type ASCII text, with very long lines (32002)
Hash 495e842b15e519d6c0ff0d2a498697ce
638497a9991110470f2a4b67df478e4bb58d1cfc
f734a710b7de2ebb3ad622acdeb956dfb463cf4b5edba966edcda754440650b1
GET /le_unified_window/10.20.1.9-release_5536/lpChatV3.min.js?version=10.20.1.9-release_5536 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:33 GMT
content-type: application/javascript
last-modified: Wed, 31 Aug 2022 14:50:35 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 19 Sep 2023 19:37:33 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwww.regions.com&site=60208595&env=prod
178.249.97.98200 OK 16 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwww.regions.com&site=60208595&env=prod
IP 178.249.97.98:0
Hash 1fda1b62e206b8da633c7f18864c5c6b
7ab9b6237195bc0d14faf9943bc22c9e32c315f7
281763ba2b9eeff2d5570203a4126a867eaffc0b5ab6a2254fb9617a956686b7
GET /le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=https%3A%2F%2Fwww.regions.com&site=60208595&env=prod HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:33 GMT
content-type: text/html
last-modified: Mon, 08 Aug 2022 03:15:58 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 19 Sep 2023 19:37:33 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
lpcdn.lpsnmedia.net/le_unified_window/10.20.1.9-release_5536/ui-framework.js?version=10.20.1.9-release_5536
178.249.97.98200 OK 331 kB URL HTTP/2 lpcdn.lpsnmedia.net/le_unified_window/10.20.1.9-release_5536/ui-framework.js?version=10.20.1.9-release_5536
IP 178.249.97.98:0
File type ASCII text, with very long lines (33498)
Size 331 kB (331440 bytes)
Hash 81cd1bb5bbc67290cd515d0aa32b96a8
7929d3fdd880ca6378fef49d52fba5bec149f430
6c417cf4ca0352417b9f63e5a4474ccb98e072fd51a3bf0b5aa88aa190dc5126
GET /le_unified_window/10.20.1.9-release_5536/ui-framework.js?version=10.20.1.9-release_5536 HTTP/1.1
Host: lpcdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:33 GMT
content-type: application/javascript
last-modified: Wed, 31 Aug 2022 14:50:35 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 19 Sep 2023 19:37:33 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
104.17.208.240200 OK 1.7 kB URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
IP 104.17.208.240:0
File type ASCII text, with very long lines (2767), with no line terminators
Hash 08ada054c296a9902f416e261b4ee841
9084edfcfd7783927a6fe4fad22fe7777b11fcb4
25f2b8e13b408f45a9f6b1feb1991e6efb23f8e5fe761394560f1d960cfacc3d
GET /dxjsmodule/FeedbackLinkModule.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript
cf-ray: 74d4c6cb0deefab8-OSL
access-control-allow-origin: *
age: 572636
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"de0-18333011708"
last-modified: Mon, 12 Sep 2022 18:40:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=3552
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_2tbnXZsYSY6ZeF7&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 4.0 kB URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_2tbnXZsYSY6ZeF7&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4755), with no line terminators
Hash bb3d680ed65669ef58adb06153967e22
9987f7bbe5145235e5e9f59f7f2df064c6bce5e7
4130c9349cab6d68f610888ab28ae57782bda342a83ccb221a3ce36c0debb9eb
POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_2tbnXZsYSY6ZeF7&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 135
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/json
cf-ray: 74d4c6c97cbcfab8-OSL
access-control-allow-origin: https://www.regions.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 8ca32446a6ccf34e
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/1.646b5a7aa96ac3ade1d5.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/1.646b5a7aa96ac3ade1d5.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions
IP 104.17.208.240:0
GET /dxjsmodule/1.646b5a7aa96ac3ade1d5.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=regions HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript
cf-ray: 74d4c6cafdebfab8-OSL
access-control-allow-origin: *
age: 582154
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"7380-18333011708"
last-modified: Mon, 12 Sep 2022 18:40:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=29568
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
nexus.ensighten.com/regions/regions-prod/code/d0926462b4b934495d1ca90e04ce7977.js?conditionId0=423026
54.230.111.14200 OK 0 B URL HTTP/2 nexus.ensighten.com/regions/regions-prod/code/d0926462b4b934495d1ca90e04ce7977.js?conditionId0=423026
IP 54.230.111.14:0
GET /regions/regions-prod/code/d0926462b4b934495d1ca90e04ce7977.js?conditionId0=423026 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 19 Sep 2022 16:09:12 GMT
x-amz-replication-status: PENDING
last-modified: Mon, 19 Sep 2022 16:07:06 GMT
etag: W/"8c4fd186b8e2c9bda992a34762b4986c"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: HqfDr7Q1rE4L0B5sGZ_NUDheybZt4G84
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iierzqUSRMjpr5t2EbdJt0pxwHQEtSF8-Y3fQMNwnYgAoLXHsVb5qQ==
age: 12499
X-Firefox-Spdy: h2
www.cloudflare.com/cdn-cgi/trace
104.16.123.96200 OK 0 B URL HTTP/2 www.cloudflare.com/cdn-cgi/trace
IP 104.16.123.96:0
GET /cdn-cgi/trace HTTP/1.1
Host: www.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 74d4c6ca1ac5b524-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
www.regionsmortgage.com/christilley
205.255.102.40302 Found : Moved Temporarily 0 B URL HTTP/1.1 www.regionsmortgage.com/christilley
IP 205.255.102.40:0
GET /christilley HTTP/1.1
Host: www.regionsmortgage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found : Moved Temporarily
Location: https://www.regions.com/MLO/christilley
Connection: close
Cache-Control: no-cache
Pragma: no-cache
nexus.ensighten.com/regions/regions-prod/Bootstrap.js
54.230.111.14200 OK 0 B URL HTTP/2 nexus.ensighten.com/regions/regions-prod/Bootstrap.js
IP 54.230.111.14:0
GET /regions/regions-prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Mon, 19 Sep 2022 16:09:11 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 19 Sep 2022 16:07:06 GMT
etag: W/"bd4cc1f165d8268b3ef42410d5eef180"
x-amz-server-side-encryption: AES256
cache-control: max-age=300
x-amz-version-id: pkWvcHky0GFZCd50wglhuUODckz_uh37
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: J5ItZzdMRY03z5gxo1GHBaD2uawrvwtyi5kgiAqgRgBDNV3_t_VSGw==
age: 12500
X-Firefox-Spdy: h2
nexus.ensighten.com/regions/regions-prod/code/24da58b897a83ac8dd6122091a6386c7.js?conditionId0=365287
54.230.111.14200 OK 0 B URL HTTP/2 nexus.ensighten.com/regions/regions-prod/code/24da58b897a83ac8dd6122091a6386c7.js?conditionId0=365287
IP 54.230.111.14:0
GET /regions/regions-prod/code/24da58b897a83ac8dd6122091a6386c7.js?conditionId0=365287 HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
date: Fri, 16 Sep 2022 01:12:48 GMT
x-amz-replication-status: COMPLETED
last-modified: Thu, 29 Jul 2021 14:26:53 GMT
etag: W/"9ed4a4cfac4d3c7c1bfeb172d00660a5"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: BEVKDIy25SUFzQ.PZ9GYTiV2LlHnMgZ9
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: n39xlGaB5vQdl9Z_h3mAHqrvFOQ0-VB36izfWKckNB4GnDuNdym0zA==
age: 325483
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/499108531775714?v=2.9.83&r=stable
157.240.200.14200 OK 0 B URL HTTP/2 connect.facebook.net/signals/config/499108531775714?v=2.9.83&r=stable
IP 157.240.200.14:0
GET /signals/config/499108531775714?v=2.9.83&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: mfXvfWF0Hs4W1/14w/M6eWeY6tgzMRNtW788uC/Rabja7QiT8zzmLcY44sfSWKw0xnH+nHtVSYSnBloMBbE43w==
x-fb-trip-id: 1679558926
date: Mon, 19 Sep 2022 19:37:31 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
insight.adsrvr.org/track/up?adv=pkkjyal&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=xzxny28&upv=1.1.0
35.71.131.137200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=pkkjyal&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=xzxny28&upv=1.1.0
IP 35.71.131.137:0
GET /track/up?adv=pkkjyal&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=xzxny28&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
insight.adsrvr.org/track/up?adv=u4lrxod&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=3e7kzj5&upv=1.1.0
35.71.131.137200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=u4lrxod&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=3e7kzj5&upv=1.1.0
IP 35.71.131.137:0
GET /track/up?adv=u4lrxod&ref=https%3A%2F%2Fwww.regions.com%2Flocator%2Fmlo%2Fmortgage-loan-officer-chris-tilley-atlanta&upid=3e7kzj5&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
partners.tremorhub.com/sync?UIRF=5134455419232942500&r=4fagLXqxgKGs
44.210.187.134200 OK 0 B URL HTTP/2 partners.tremorhub.com/sync?UIRF=5134455419232942500&r=4fagLXqxgKGs
IP 44.210.187.134:0
GET /sync?UIRF=5134455419232942500&r=4fagLXqxgKGs HTTP/1.1
Host: partners.tremorhub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://20839218p.rfihub.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: image/gif
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/60208595/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 0 B URL HTTP/2 lptag.liveperson.net/lptag/api/account/60208595/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
GET /lptag/api/account/60208595/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: HIT
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9ZSfygjz9UlZlBP&Version=32&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_9ZSfygjz9UlZlBP&Version=32&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=SI_9ZSfygjz9UlZlBP&Version=32&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/json
cf-ray: 74d4c6cb3e05fab8-OSL
access-control-allow-origin: *
age: 427263
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Wed, 08 Sep 2032 05:15:56 GMT
last-modified: Sun, 11 Sep 2022 05:15:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
216.58.207.206200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.207.206:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Mon, 19 Sep 2022 19:37:31 GMT
date: Mon, 19 Sep 2022 19:37:31 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=DOAMbx791W0; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=A7gAJN1xtAM; Domain=.youtube.com; Expires=Sat, 18-Mar-2023 19:37:31 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+307; expires=Wed, 18-Sep-2024 19:37:31 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/dxjsmodule/11.6d774a6a642c7cb91435.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=www.regions.com
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/dxjsmodule/11.6d774a6a642c7cb91435.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=www.regions.com
IP 104.17.208.240:0
GET /dxjsmodule/11.6d774a6a642c7cb91435.chunk.js?Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web&Q_BRANDID=www.regions.com HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/javascript
cf-ray: 74d4c6c8ac22fab8-OSL
access-control-allow-origin: *
age: 582423
cache-control: public, max-age=604800, s-maxage=604800
etag: W/"f79a-18333011708"
last-modified: Mon, 12 Sep 2022 18:40:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify
cf-polished: origSize=63386
edge-control: max-age=604800
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_d6XJAZtXw3FDrIp&Version=8&Q_InterceptID=SI_9ZSfygjz9UlZlBP&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
104.17.208.240200 OK 0 B URL HTTP/2 siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_d6XJAZtXw3FDrIp&Version=8&Q_InterceptID=SI_9ZSfygjz9UlZlBP&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web
IP 104.17.208.240:0
GET /WRSiteInterceptEngine/Asset.php?Module=CR_d6XJAZtXw3FDrIp&Version=8&Q_InterceptID=SI_9ZSfygjz9UlZlBP&Q_ORIGIN=https://www.regions.com&Q_CLIENTVERSION=1.77.0&Q_CLIENTTYPE=web HTTP/1.1
Host: siteintercept.qualtrics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.regions.com
Connection: keep-alive
Referer: https://www.regions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 19 Sep 2022 19:37:32 GMT
content-type: application/json
cf-ray: 74d4c6cb3e07fab8-OSL
access-control-allow-origin: *
age: 546961
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
expires: Wed, 08 Sep 2032 05:15:56 GMT
last-modified: Sun, 11 Sep 2022 05:15:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: HIT
access-control-allow-credentials: false
edge-control: max-age=604800
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
servershortname:
x-content-type-options: nosniff
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
www.regionsmortgage.com/christilley
205.255.102.40301 Moved permanently 0 B URL HTTP/1.1 www.regionsmortgage.com/christilley
IP 205.255.102.40:0
GET /christilley HTTP/1.1
Host: www.regionsmortgage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved permanently
Location: https://www.regionsmortgage.com/christilley
Connection: close
Cache-Control: no-cache
Pragma: no-cache