diabatelegacypublishing.org Open in urlscan Pro
190.114.255.122 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Submission: On January 11 via automatic, source openphish (January 11th 2022, 3:02:34 am UTC) — Scanned from DE

Summary HTTP 64 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 17 IPs in 8 countries across 13 domains to perform 64 HTTP transactions. The main IP is 190.114.255.122, located in Curicó, Chile and belongs to ZAM LTDA., CL. The main domain is diabatelegacypublishing.org.

This is the only time diabatelegacypublishing.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Regions Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	190.114.255.122 190.114.255.122	52368 (ZAM LTDA.) (ZAM LTDA.)
3	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
8	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
12	205.255.100.241 205.255.100.241	10801 (REGIONS-A...) (REGIONS-ASN-1)
9	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	185.32.241.65 185.32.241.65	30286 (THM) (THM)
2 5	52.19.220.6 52.19.220.6	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE)
1	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
1	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7b60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.101.78.80 95.101.78.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	54.75.68.230 54.75.68.230	16509 (AMAZON-02) (AMAZON-02)
64	17

4 190.114.255.122 (Curicó, Chile)

ASN52368 (ZAM LTDA., CL)
PTR: los.cp.org

diabatelegacypublishing.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

smetrics.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 205.255.100.241 (United States)

ASN10801 (REGIONS-ASN-1, US)

onlinebanking.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 185.32.241.65 (United States)

ASN30286 (THM, US)

tm.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.19.220.6 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-220-6.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (United States)

ASN30286 (THM, US)

3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7b60 (United States)

ASN13335 (CLOUDFLARENET, US)

www.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.78.80 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-78-80.deploy.static.akamaitechnologies.com

fast.regions.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.75.68.230 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-68-230.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	regions.com smetrics.regions.com — Cisco Umbrella Rank: 67433 onlinebanking.regions.com — Cisco Umbrella Rank: 103887 tm.regions.com — Cisco Umbrella Rank: 67267 metrics.regions.com	327 KB
9	qualtrics.com siteintercept.qualtrics.com — Cisco Umbrella Rank: 955 znebdjzidehxpwsol-regions.siteintercept.qualtrics.com — Cisco Umbrella Rank: 132432	62 KB
8	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2314	64 KB
6	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 184 fast.regions.demdex.net	8 KB
4	diabatelegacypublishing.org diabatelegacypublishing.org	157 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	40 KB
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 776	772 B
2	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 2895 3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net	15 KB
1	cloudflare.com www.cloudflare.com — Cisco Umbrella Rank: 6910	444 B
1	google.se www.google.se — Cisco Umbrella Rank: 22577	501 B
1	google.com www.google.com — Cisco Umbrella Rank: 8	501 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 78	449 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	36 KB
64	13

	Domain	Requested by
13	tm.regions.com	diabatelegacypublishing.org tm.regions.com
12	onlinebanking.regions.com	diabatelegacypublishing.org onlinebanking.regions.com
8	nexus.ensighten.com	diabatelegacypublishing.org nexus.ensighten.com
7	siteintercept.qualtrics.com	diabatelegacypublishing.org znebdjzidehxpwsol-regions.siteintercept.qualtrics.com siteintercept.qualtrics.com
5	dpm.demdex.net	2 redirects nexus.ensighten.com
4	diabatelegacypublishing.org	diabatelegacypublishing.org
3	www.google-analytics.com	diabatelegacypublishing.org www.google-analytics.com www.googletagmanager.com
2	cm.everesttech.net	2 redirects
2	znebdjzidehxpwsol-regions.siteintercept.qualtrics.com	diabatelegacypublishing.org nexus.ensighten.com
1	fast.regions.demdex.net	nexus.ensighten.com
1	www.cloudflare.com	nexus.ensighten.com
1	metrics.regions.com	nexus.ensighten.com
1	www.google.se
1	www.google.com
1	3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net
1	h.online-metrix.net	tm.regions.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	diabatelegacypublishing.org
1	smetrics.regions.com	diabatelegacypublishing.org
64	19

This site contains links to these domains. Also see Links.

Domain
www.regions.com
onlinebanking.regions.com
www.opinionlab.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
smetrics.regions.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-08` - `2022-07-09`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-10-12`	a year	crt.sh
onlinebanking.regions.com Sectigo RSA Extended Validation Secure Server CA	`2021-03-26` - `2022-03-26`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-24` - `2022-09-24`	a year	crt.sh
tm.regions.com Sectigo RSA Organization Validation Secure Server CA	`2021-05-03` - `2022-05-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-12-28` - `2023-01-23`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-07-30` - `2022-08-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google.se GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
www.cloudflare.com Cloudflare Inc ECC CA-3	`2021-09-18` - `2022-09-17`	a year	crt.sh

This page contains 6 frames:

Primary Page: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Frame ID: BE5F59F988869CAA84E03BA3BDB7FA53
Requests: 49 HTTP requests in this frame

Frame: https://tm.regions.com/fp/check.js;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jb=363b2624607165773d4e6964757a2e6a796f3f46636c7d7a246873607f3f496a726d6d6f26687b6237436a78656f6d2730323935
Frame ID: D893BC39F72FAD05E2D6D32F02D1A738
Requests: 10 HTTP requests in this frame

Frame: https://tm.regions.com/fp/ls_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74
Frame ID: 7CCC6547937A0A6B50518F76A8B50991
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74
Frame ID: 2ECD8397E5FA74DA00E7ED9737C7B2CA
Requests: 1 HTTP requests in this frame

Frame: https://tm.regions.com/fp/top_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74
Frame ID: 8EABE3FFE6D274BA40C28E02C0E159AC
Requests: 1 HTTP requests in this frame

Frame: http://fast.regions.demdex.net/dest5.html?d_nsid=undefined
Frame ID: DFCAA977FA312283209EE3C7C06FD9B2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Account Verification - Regions Online Banking

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

64
Requests

77 %
HTTPS

35 %
IPv6

13
Domains

19
Subdomains

17
IPs

8
Countries

710 kB
Transfer

2174 kB
Size

14
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.regions.com/personal-banking

Search URL Search Domain Scan URL

URL: https://www.regions.com/help/online-banking-help/login-and-security#userid
Title: Forgot Online ID.

Search URL Search Domain Scan URL

URL: https://onlinebanking.regions.com/SignIn
Title: Cancel

Search URL Search Domain Scan URL

URL: https://www.regions.com/
Title: Done

Search URL Search Domain Scan URL

URL: https://www.regions.com/contact.rf
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.regions.com/personal_banking/service_agreement.rf
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: http://www.regions.com/about_regions/privacy_pledge.rf
Title: Privacy Pledge

Search URL Search Domain Scan URL

URL: http://www.regions.com/about_regions/privacy_security.rf
Title: Security

Search URL Search Domain Scan URL

URL: https://www.regions.com/about_regions/online_privacy_notice_to_customers.rf#ads
Title: Online Tracking and Advertising

Search URL Search Domain Scan URL

URL: https://www.regions.com/about_regions/regions_accessible_banking.rf
Title: Accessible Banking

Search URL Search Domain Scan URL

URL: http://www.opinionlab.com/company/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511

Request Chain 60

http://cm.everesttech.net/cm/dd?d_uuid=25252184729916875571942705726437533167 HTTP 301
https://cm.everesttech.net/cm/dd?d_uuid=25252184729916875571942705726437533167 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YdzzRgAAAHxS_wQf HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YdzzRgAAAHxS_wQf

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request account_verify.php Show response
diabatelegacypublishing.org/secure/ 41 KB
41 KB 497ms
272ms Document
text/html 190.114.255.122
ZAM LTDA.

General

Check archive.org

Show headers Download Go to

Full URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 190.114.255.122 Curicó, Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS: los.cp.org
Software: Apache /
Resource Hash: ac34e8f6341afbfcd4142b5b4c595e5c7363cab158439bf6c4d053b28e447c13

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 11 Jan 2022 03:02:27 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 60ms
17ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 81
date: Tue, 11 Jan 2022 03:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 11 Jan 2022 05:01:06 GMT

GET
H2 200 s05863887553074 Show response
smetrics.regions.com/b/ss/regionsbankprod/10/JS-2.20.0/ 4 KB
4 KB 149ms
49ms Script
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.regions.com/b/ss/regionsbankprod/10/JS-2.20.0/s05863887553074?AQB=1&ndh=1&pf=1&callback=s_c_il[0].doPostbacks&et=1&t=5%2F1%2F2021%2010%3A13%3A38%205%20480&d.&nsid=0&jsonv=1&.d&mid=82133347415663284794423271278987424596&aamlh=6&ce=UTF-8&ns=regions&cdp=2&pageName=olb%7Ccustomerservice%7Cforgottenpassword&g=https%3A%2F%2Fonlinebanking.regions.com%2Fcustomerservice%2Fforgottenpassword&r=https%3A%2F%2Flogin.regions.com%2F&cc=USD&ch=customerservice&server=onlinebanking.regions.com&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=D%3Dv1&v1=olb&h1=D%3Dv1&c2=D%3Dv2&v2=forgottenpassword&h2=D%3Dch&c3=D%3DpageName&v3=D%3DpageName&h3=forgottenpassword&c4=D%3Dg&v4=D%3Dg&c6=D%3Dv6&v6=en&c7=D%3Dv7&v7=tablet%20layout%7C996x640&c8=D%3Dv8&v8=olb%7Ccustomerservice%7Cforgottenpassword&c9=D%3Dv9&v9=71%7C71&v10=https%3A%2F%2Fonlinebanking.regions.com%2Fcustomerservice%2Fforgottenpassword&v12=D%3Dmid&v15=Repeat&v16=Less%20than%201%20day&v17=year%3D2021%20%7C%20month%3DFebruary%20%7C%20date%3D5%20%7C%20day%3DFriday%20%7C%20time%3D12%3A13%20PM&v18=anonymous&c19=D%3DpageName&c23=D%3Dv10&v68=1.3.13%7CJS-2.20.0%7CVI-4.4.0%7C20200327&c75=D%3Dv68&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=996&bh=640&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&AQE=1

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

cf4790673b69db71dd64615e5b8c71b34ed17078131a4e745689b7ae29623c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-aam-tid: 9l8sxbWfSoY=
date: Tue, 11 Jan 2022 03:02:27 GMT
x-content-type-options: nosniff
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
vary: *
content-length: 3667
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v026-0a13d5aae.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Wed, 12 Jan 2022 03:02:27 GMT
server: jag
xserver: anedge-cdfbd77b-9kwfz
etag: 3525889293761642496-4619824728745902615
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 10 Jan 2022 03:02:27 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 71ms
28ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-108294743-4

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1e56c66dff0fc2c9372309a3f93b549338293266d614feae5dae10bcfec9c8f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36293
x-xss-protection: 0
expires: Tue, 11 Jan 2022 03:02:28 GMT

GET
H2 200 d6e7433c8cee728f806e4548723eaa72.js Show response
nexus.ensighten.com/regions/regions-olb/code/ 6 KB
2 KB 18ms
17ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/regions/regions-olb/code/d6e7433c8cee728f806e4548723eaa72.js?conditionId0=4887354
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c648a93e59a730df58f46a3e08a61d07e662b5c41a8a0548685959e82b44654b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: gzip
last-modified: Thu, 01 Oct 2020 06:12:40 GMT
server: nginx
etag: W/"5f757358-191e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 4bb5ebf6ea0df905baf9a2c7c36a57b4.js Show response
nexus.ensighten.com/regions/regions-olb/code/ 24 B
247 B 34ms
32ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/regions/regions-olb/code/4bb5ebf6ea0df905baf9a2c7c36a57b4.js?conditionId0=423026
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Tue, 11 Jan 2022 03:02:27 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/regions/regions-olb/ 392 B
535 B 59ms
22ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/regions/regions-olb/serverComponent.php?r=20220697.0465592&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Thu%20Feb%2004%2022:10:38%20GMT%202021&ClientID=1202&PageID=https%3A%2F%2Fonlinebanking.regions.com%2Fcustomerservice%2Fforgottenpassword
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 05204d3752f4d0c46f651a1acc60cc90ba19eb987c48eaa6a3e4d78c05af00ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:27 GMT
cache-control: no-cache, no-store
server: nginx
content-type: text/javascript
content-length: 392
expires: Tue, 11 Jan 2022 03:02:26 GMT

GET
H/1.1 200
OK com-regions.min.css
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/ 250 KB
50 KB 654ms
116ms Stylesheet
text/css 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/com-regions.min.css

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

90fd3145f79df19b0e5691e14cd85769112a3c5ac2e7de0feb4233bd371740c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:40 GMT
Server: Microsoft-IIS/10.0
ETag: "01299fbd7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 50424
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK combined.css.70a36cb073e780ad0284606c65b305d2af230cd8674a1e6b12dbc3b84d819427.css
onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/ 0
0 656ms
118ms Stylesheet
text/html 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.70a36cb073e780ad0284606c65b305d2af230cd8674a1e6b12dbc3b84d819427.css
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H/1.1 200
OK combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css
onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/ 2 KB
2 KB 655ms
117ms Stylesheet
text/css 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/Themes/Desktop/Shared/fiserv.ps.customerservice/combined.css.d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0.css

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:27:28 GMT
Server: Microsoft-IIS/10.0
ETag: "5875655ad9fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1001
X-XSS-Protection: 1; mode=block

GET
H2 200 14.0be54f606feb3e6f39d7.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
901 B 157ms
64ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/14.0be54f606feb3e6f39d7.chunk.js?Q_CLIENTVERSION=1.43.0&Q_CLIENTTYPE=web

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dba1713f38201760a1bcdeaebbf721b61be1a85040b814acfd3a3df6309e6e99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 35994
cf-polished: origSize=2639
cf-ray: 6cbae8083b2e1e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 12
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 03 Feb 2021 18:32:44 GMT
server: cloudflare
etag: W/"a4f-177692b08e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.0d728ed933821183c279.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 26 KB
7 KB 147ms
54ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.0d728ed933821183c279.chunk.js?Q_CLIENTVERSION=1.43.0&Q_CLIENTTYPE=web

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14a382935bc81b55623ebfbf902ad4beba14b551a9733457e14b482f5be8bd05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 35994
cf-polished: origSize=27274
cf-ray: 6cbae8083b311e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 03 Feb 2021 18:32:44 GMT
server: cloudflare
etag: W/"6a8a-177692b08e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H/1.1 200
OK regions-logo-no-r.svg
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/ 5 KB
3 KB 450ms
231ms Image
image/svg+xml 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/regions-logo-no-r.svg

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cteonnt-Length: 5627
Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:40 GMT
Server: Microsoft-IIS/10.0
ETag: "01299fbd7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 2317
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK tags.js Show response
tm.regions.com/fp/ 79 KB
10 KB 95ms
24ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

47a3e1b9b01c7c46d804b83550dbb683d502ee9ba3b4132f64a4fe4b7b6629a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK equal-housing-lender.svg
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/ 4 KB
2 KB 120ms
119ms Image
image/svg+xml 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/equal-housing-lender.svg

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cteonnt-Length: 3790
Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:40 GMT
Server: Microsoft-IIS/10.0
ETag: "01299fbd7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 1671
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK member-fdic.svg
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/ 6 KB
3 KB 235ms
235ms Image
image/svg+xml 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Images/member-fdic.svg

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cteonnt-Length: 6001
Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:40 GMT
Server: Microsoft-IIS/10.0
ETag: "01299fbd7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 2658
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
diabatelegacypublishing.org/secure/vendor/ 85 KB
85 KB 283ms
283ms Script
application/javascript 190.114.255.122
ZAM LTDA.

General

Check archive.org

Show headers Download Go to

Full URL: http://diabatelegacypublishing.org/secure/vendor/jquery-3.2.1.min.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 190.114.255.122 Curicó, Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS: los.cp.org
Software: Apache /
Resource Hash: 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:28 GMT
Last-Modified: Tue, 03 Nov 2020 11:44:10 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 86663

GET
H/1.1 200
OK jquery.mask.js Show response
diabatelegacypublishing.org/secure/dist/ 23 KB
23 KB 383ms
219ms Script
application/javascript 190.114.255.122
ZAM LTDA.

General

Check archive.org

Show headers Download Go to

Full URL: http://diabatelegacypublishing.org/secure/dist/jquery.mask.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 190.114.255.122 Curicó, Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS: los.cp.org
Software: Apache /
Resource Hash: c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Last-Modified: Tue, 03 Nov 2020 11:44:06 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 23177

GET
H/1.1 200
OK jquery.mask.min.js Show response
diabatelegacypublishing.org/secure/dist/ 8 KB
8 KB 434ms
222ms Script
application/javascript 190.114.255.122
ZAM LTDA.

General

Check archive.org

Show headers Download Go to

Full URL: http://diabatelegacypublishing.org/secure/dist/jquery.mask.min.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 190.114.255.122 Curicó, Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS: los.cp.org
Software: Apache /
Resource Hash: 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Last-Modified: Tue, 03 Nov 2020 11:44:06 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8327

GET
H/1.1 200
OK com-regions.min.js Show response
onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/ 214 KB
81 KB 123ms
121ms Script
text/javascript 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/Scripts/Desktop/Core/SkipAutoRegistration/com-regions.min.js

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e90b89678fd0fa8c4aba6856cf77591e041e7c8c9d6bd81620d35aeff0f97861

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:37 GMT
Server: Microsoft-IIS/10.0
ETag: "62e92afad7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Cache-Control: no-cache
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js Show response
onlinebanking.regions.com/scripts/desktop/responsivecore/ 0
0 120ms
118ms Script
text/html 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.regions.com/scripts/desktop/responsivecore/combined.js.d31ccf80790164ef1375ddf026932b00a2ce4cbfb145bc7c42c1e1cfeb4b2de4.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H/1.1 200
OK combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js Show response
onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/ 0
0 351ms
119ms Script
text/html 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL: https://onlinebanking.regions.com/scripts/desktop/fiserv.ps.customerservice/combined.js.a1ddf1c9d3aa64f28684121167277ea13f7de3f5272f5cdf024b357c48ed3d5b.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H/1.1 200
OK jquery.glob.en-us.js Show response
onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/ 282 B
821 B 351ms
117ms Script
text/javascript 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/jquery.glob.en-us.js

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

29db6b777bc43ce1de3fb92c31a98d263b8c5b2ac510bf64a336fb0b667be352

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:37 GMT
Server: Microsoft-IIS/10.0
ETag: "d54b2dfad7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 267
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fiserv.ps.initculture.en-us.js Show response
onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/ 74 B
742 B 350ms
117ms Script
text/javascript 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/scripts/desktop/core/skipautoregistration/fiserv.ps.initculture.en-us.js

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f09f5374367e34f0b7ef5c39837fc1cf528af2e84fc5413dfaabda7d31c17b59

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 17:17:37 GMT
Server: Microsoft-IIS/10.0
ETag: "62e92afad7fcd71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 188
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK global-overlays.js Show response
onlinebanking.regions.com/custom/Assets/Scripts/ 202 KB
68 KB 466ms
116ms Script
application/javascript 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Cteonnt-Length: 207078
Date: Tue, 11 Jan 2022 03:02:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Sep 2019 13:58:42 GMT
Server: Microsoft-IIS/10.0
ETag: "01597dadf67d51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/regions/regions-olb/ 29 KB
9 KB 20ms
18ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a8bb5c67018c1992e72b1ba33443d9bb404dfb21720066313d008953e7ac429b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: gzip
last-modified: Tue, 30 Nov 2021 21:26:12 GMT
server: nginx
etag: W/"61a696f4-7252"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300

GET
H2 200 / Show response
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
3 KB 93ms
58ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fonlinebanking.regions.com%2Fcustomerservice%2Fforgottenpassword&t=1612548818666

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44f3f5b9776f61ca54f616bc0d13dce4385a36794b2e4fbd270dc68bb7658f23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501580
cf-polished: origSize=8435
cf-ray: 6cbae80e2bdd1e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-I+SWkoCHUNb383P5iAa4y2KLnRw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 91 KB
28 KB 61ms
60ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.43.0&Q_CLIENTTYPE=web

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

8efac7087552def0e358b8896dbbe43b7ffe2d961746cdc4aea60f7eed3e1384

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 35996
cf-polished: origSize=94176
cf-ray: 6cbae80deb8d1e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 03 Feb 2021 18:32:44 GMT
server: cloudflare
x-powered-by: Express
etag: W/"16fe0-177692b08e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 LinkModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
951 B 51ms
50ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/LinkModule.js?Q_CLIENTVERSION=1.43.0&Q_CLIENTTYPE=web

Requested by

Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34183
cf-polished: origSize=2587
cf-ray: 6cbae80deb8e1e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Wed, 03 Feb 2021 18:32:44 GMT
server: cloudflare
x-powered-by: Express
etag: W/"a1b-177692b08e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET source-sans-pro-700-webfont.woff
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/ 0
0

GET source-sans-pro-regular-webfont.woff
onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/ 0
0

GET
H2 200 12.8327016048e927965e51.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 55 KB
17 KB 50ms
49ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=diabatelegacypublishing.org

Requested by

Host: znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
URL: https://znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=https%3A%2F%2Fonlinebanking.regions.com%2Fcustomerservice%2Fforgottenpassword&t=1612548818666

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 439732
cf-polished: origSize=57365
cf-ray: 6cbae81118ad1e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 5
vary: Accept-Encoding
last-modified: Tue, 14 Dec 2021 22:49:08 GMT
server: cloudflare
x-powered-by: Express
etag: W/"e015-17dbb229ea0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/regions/regions-olb/ 279 B
516 B 35ms
18ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/regions/regions-olb/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Tue%20Nov%2030%2021:26:12%20GMT%202021&ClientID=1202&PageID=http%3A%2F%2Fdiabatelegacypublishing.org%2Fsecure%2Faccount_verify.php%3Fsessionid%3Df2c250789c7bff4275ba71cf0c523adf
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6c57583483251f987ac253670ead9f93752e9bdc53e722b062d9997d308a829f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 279
Expires: Tue, 11 Jan 2022 03:02:28 GMT

GET
H/1.1 200
OK 38ff9a60d8efb6e2f9e7175b10aa8d1f.js Show response
nexus.ensighten.com/regions/regions-olb/code/ 150 KB
51 KB 32ms
31ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 07572d93843235aaea2bc63e8e65272315f4012a6a810e6567fa07b7816ba414

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Nov 2021 21:26:12 GMT
Server: nginx
ETag: W/"61a696f4-25906"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 3 KB
1 KB 136ms
136ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8327016048e927965e51.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web&Q_BRANDID=diabatelegacypublishing.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202b4d6b7b2aca5c13eb4821dd6dbdcf5bceccc52c5e425457bbcdf63406aca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jan 2022 03:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 6
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: http://diabatelegacypublishing.org
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: aab2177d4c651b8a
cf-ray: 6cbae81179261e6d-AMS

GET
H/1.1 204
No Content e.gif
nexus.ensighten.com/error/ 0
193 B 17ms
17ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/error/e.gif?msg=Cannot%20read%20properties%20of%20undefined%20(reading%20%27resolve%27)&lnn=-1&fn=&cid=1202&client=regions&publishPath=regions-olb&rid=-1&did=-1&errorName=TypeError
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Tue, 11 Jan 2022 03:02:28 GMT

GET
H/1.1 204
No Content e.gif
nexus.ensighten.com/error/ 0
193 B 32ms
16ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/error/e.gif?msg=Cannot%20read%20properties%20of%20undefined%20(reading%20%27RCIF%27)&lnn=-1&fn=&cid=1202&client=regions&publishPath=regions-olb&rid=3100402&did=595352&errorName=TypeError
Requested by: Host: diabatelegacypublishing.org
URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Tue, 11 Jan 2022 03:02:28 GMT

GET
H/1.1 200
OK check.js;CIS3SID=698EFDB58659A915048147979623C050 Show response
tm.regions.com/fp/ Frame D893 408 KB
73 KB 31ms
31ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/check.js;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jb=363b2624607165773d4e6964757a2e6a796f3f46636c7d7a246873607f3f496a726d6d6f26687b6237436a78656f6d2730323935

Requested by

Host: tm.regions.com
URL: https://tm.regions.com/fp/tags.js?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c33cad32b0a9715133e8c207d24f3d5356e4ce764f1c13ff80ea1c7ce24061c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 72f7ae9a8e59ae74
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
tm.regions.com/fp/ Frame D893 81 B
475 B 64ms
21ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
tm.regions.com/fp/ Frame D893 81 B
475 B 67ms
22ms Image
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 7 KB
3 KB 48ms
48ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=http%3A%2F%2Fdiabatelegacypublishing.org%2Fsecure%2Faccount_verify.php%3Fsessionid%3Df2c250789c7bff4275ba71cf0c523adf&t=1641870149457

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44f3f5b9776f61ca54f616bc0d13dce4385a36794b2e4fbd270dc68bb7658f23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 501581
cf-polished: origSize=8435
cf-ray: 6cbae8122a401e6d-AMS
edge-control: max-age=604800
x-envoy-upstream-service-time: 4
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"20f3-I+SWkoCHUNb383P5iAa4y2KLnRw"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
214 B 37ms
36ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=104636211&t=pageview&_s=1&dl=http%3A%2F%2Fdiabatelegacypublishing.org%2Fsecure%2Faccount_verify.php%3Fsessionid%3Df2c250789c7bff4275ba71cf0c523adf&ul=en-us&de=UTF-8&dt=Account%20Verification%20-%20Regions%20Online%20Banking&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAUABEAAAAC~&jid=310346054&gjid=2016195288&cid=573434132.1641870149&tid=UA-108294743-4&_gid=1031990687.1641870149&_r=1&gtm=2ou150&z=1455396910

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 03:02:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://diabatelegacypublishing.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-108294743-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 83
date: Tue, 11 Jan 2022 03:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 11 Jan 2022 05:01:06 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 3 KB
1021 B 151ms
150ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202b4d6b7b2aca5c13eb4821dd6dbdcf5bceccc52c5e425457bbcdf63406aca3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jan 2022 03:02:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-envoy-upstream-service-time: 8
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: http://diabatelegacypublishing.org
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
trace-id: 42a9de46e254146c
cf-ray: 6cbae8128abf1e6d-AMS

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511

110 B
733 B

42ms
42ms

XHR
application/json

52.19.220.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511
Protocol: HTTP/1.1
Server: 52.19.220.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-220-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v026-0935a458a.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-Error: 172
X-TID: 3F9Oww5OTt0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://diabatelegacypublishing.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 124
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v026-04dc941eb.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Access-Control-Allow-Origin: http://diabatelegacypublishing.org
X-TID: ZClHlCYoRrI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1641870149511
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
449 B 73ms
23ms XHR
text/plain 2a00:1450:400c:c08::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-108294743-4&cid=573434132.1641870149&jid=310346054&gjid=2016195288&_gid=1031990687.1641870149&_u=aEBAAUAAEAAAAC~&z=436824801

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

08f3d7de7aea50ee4f77098ffd4ecce4d803a35b21285f45e6b72e3a497d7122

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 11 Jan 2022 03:02:29 GMT
content-type: text/plain
access-control-allow-origin: http://diabatelegacypublishing.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
tm.regions.com/fp/ Frame D893 81 B
542 B 66ms
21ms XHR
image/png 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png

Requested by

Host: tm.regions.com
URL: https://tm.regions.com/fp/check.js;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jb=363b2624607165773d4e6964757a2e6a796f3f46636c7d7a246873607f3f496a726d6d6f26687b6237436a78656f6d2730323935

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 3uc6h1j9/72f7ae9a8e59ae74vc4gk3ofabao1vldnavjjby3
Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Last-Modified: Tue, 11 Jan 2022 03:02:29 GMT
Server: Apache
Etag: be41c571b2c04ff98306cdebabfb6782
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: http://diabatelegacypublishing.org
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Sun, 10 Jan 2027 03:02:29 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=698EFDB58659A915048147979623C050 Show response
tm.regions.com/fp/ Frame 7CCC 83 KB
13 KB 25ms
24ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/ls_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

edae9e203589ee6b9a488fbfad30e59fce4afb70aae71e0f6d23d3173a12c904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
tm.regions.com/fp/ Frame D893 0
387 B 23ms
22ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jb=3134266e7963376661603068336139363363363e3c643c3b333461366f3b33666233393939356d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=698EFDB58659A915048147979623C050 Show response
h.online-metrix.net/fp/ Frame 2ECD 96 KB
15 KB 85ms
23ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

cccb3fa98205a27b3fd008fb252936399750f8c1dd13054eff46db2c6712491f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
tm.regions.com/fp/ Frame D893 0
387 B 22ms
22ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jd=373a26246064643f333a2660666a35346e3631693a3a3831616737343331336066606369663b30626f35333b3d313e246864746c3732303338333a3938

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK top_fp.html;CIS3SID=698EFDB58659A915048147979623C050 Show response
tm.regions.com/fp/ Frame 8EAB 82 KB
12 KB 25ms
25ms Document
text/html 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/top_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

1b67ebb7fd1be0f9d34485d12aaf76b2c89cbf7561fff544d612bfb0a0cb0d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
tm.regions.com/fp/ Frame D893 0
218 B 23ms
23ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&ja=303237312c24693f30247a3730246e3d3b36323a72333a323224616437333c32307a313830322e7372793f3a72322e6672703d3326333c32302e3138303224313c3032263b3038322e3336323a2e3b3030322c3b3632382c3b32323a26322432246f743f6b3a32306160636e63353f646e66666c3367693a363331363d323c603963376b266f663d3e2671696e3f3a36246e683f62767e722531412f32442d324c646b6b68637c676e676763697b7a77626e6979686b6667246f706d2f304e71676175706f27384461616365756c7c5f7c6570636c7b26726a7225314c716f71736b6f6469662d334e663069383738353a3b633568646c3632353568613539636c30613f3831696664246470376a7e767027334b25304e25384666636b606976676e65656b61737275606c63736a616e6d2e6d786d273a4424726c3f39247a6a3d35386c323a69613c62616c686739333160373132356b673066336864603a643e266a62373b3b3736353461336033323630356e64316a633e39633e3b333d35303565323f2460716f3f4c636e77702660736037496a7a6d6f6725303a3b3d246a716f7f3d4e616e7f78246079607d3f416a726d67672c6c68613d3e26767264374576692f304e576c696e6d7d6c2c6f617668783d3638303964336938606d613230653469613f3430323838616639353f34323b6c663c373a3a31363b663c676163323e646131346b66606e3d303b33313339346b247a3f706e756d696c5766666171625464696e7167217266776d6b6e5d77636e666777795f6f6f6e6b695d726e617b6f705464616e736f217264756d696c556b666760675d6161786d6863745c666b6c716d217a6c776d636c5773776b63697e6b67675e6461667367297066756563645d7b6a6d616b756b746f5c66636c796523786c7f676b6455706d636e726c637367785c66636c796523786c7f676b64557464615d726c637367785c66636c796523786c7f676b6455666d74636e767054646b6e7367217a6c776f69645f717c6d5d7e6b6775657054646b6e7367217a6c776f69645f686b7c635664636e73672c6772313d60373b30366a313839313233663c353431336169363f34313a366f33306e656936606c333639356724676e556137756560676657676a474625303a3b2c38273032284d7a6764454c27323a45512d323a322c3a2f3038416a706f6f6377672b5767624d4c273a304d4c51462f303847512732323b2c3a2732322845706766474625303a4f512d3032454c514627383245512538303326302f3232496270676f6b776d2b5d6768496976576f624961742f32325d6f604f4e434c474e4f5d636c7376616463676c5f6b72706b73712d31402732324f5a5e5d626e6564645d6569646d63722f314a273032455a5e5d696d6c6d725562776e666f725d626b6e6e5d646e6f637e2739402530304f58565766666f637e556064676c66253148273832455a5455667069675564677a7e6a2d31402732324f5a5e5d736a616e657057746f78767f7867576e6d66253148273832455a5455746770747f726755696d657270677371636d645d6272746925314a25383047525e5d7c677a7675706f5d696d6d72726f7371616f645f706d7e612d31402732324f5a5e5d7467787e75706d5f6c696e7e6f7057636c6b736d7e7065726961253942273a305d454041435657475a565f766f7a7e7772675f6c696e7c65785f636463716776706d706b692739402530304f585657735847402f39402d303249485055726b70616e6c6f6c5d7b686b6467785561676f726b6c672f31482732324f4f535d6d6c6f6d67647e5d616c6667785d7f6b64762531422f32324745595f6468655d7a676c666570556f63726d63702f33402d323a4f475955717c636c6661706e5d6e67726b766b746b7e65792531482f30384d47515f766f7a7e7772675f6c6c6d69742f33402f38324747515d746772767f70655d66666f637c5f66696c6f6b702d31402732324547595d7467787e75706d5f62616e6c5564646d63762531482738324f475355746770747f726755626364645d646c6d6b76556e696c656b72273b422f3232454f51577467707467725d6b70726379556f6062656974273948273a3255474245465d696d6c6d725562776e666f725d6c666d69762731422738325d4742454c55636d6570786571796f665776677a7477786755637376632f33402d323a5747484d4e57616d6f70706f717967645d746f78767d726f5f677e69273b40273030554f404d4e5f616f6770706d73796566557e6770767770655d6f7669332531422f32325f4548474e55696d6572706773716f665576657a747f726757733974612f39402d3032554540414b5e5d5747424d4c5d6b6f6770706f79716d665d76657a7e7778675f71337e63273b422f32325d4f404f4e5d616f6f7a706f7173676455746770747f72675579317c615d717265682739402530305d45404f4c556467687f655770676c64677867785d696c666525314a253830554f4845445d66677076625d7e677876757865273b422f32325d4f40434b565d57474845465d6467707e685d7c65727477786f273b40273030554f404d4e5f66726b775d6a756c66677879273b40273030554f404d4e5f6e6f79655d6b6f647467727e273b40273030554f40414b545d574f4245445f666f716f5561676c766778762f3148273232574f4245445f67756e7e635d6c70637531342c65665d683f3068303739636b62343832323936303735616f6138633767353e663a3f623234346e3c373d32366726756d6e7c3f496c746f6c273a30436e61242c756f6e703f496c7e6766273232497869712d323a4f726f644544273032456c6d6b64672661636e3d33&jb=333733246673374f6f7869666c632d324c352c3a2f30382a556b6e666575792732324e5e253038313a2e322f39402d303255696c3c362f314227323a78343c292f32324b7a7264675567624963762f304637333d2e313e2538302a414256454e273043273832666b6b67253830456d63616f2b2f38324b6a706d6d672f304c3b372c3024343431322437332f38325b636463726b2f304c3733352e3936

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:29 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net/fp/ Frame D893 81 B
438 B 89ms
22ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 73ms
29ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108294743-4&cid=573434132.1641870149&jid=310346054&_u=aEBAAUAAEAAAAC~&z=957089206

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 03:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.se/ads/ 42 B
501 B 74ms
29ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.se/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108294743-4&cid=573434132.1641870149&jid=310346054&_u=aEBAAUAAEAAAAC~&z=957089206

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jan 2022 03:02:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK id Show response
metrics.regions.com/ 48 B
902 B 95ms
26ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1641870149918

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026

Protocol

HTTP/1.1

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

76e8393ff4e9a08854bba2a77841ffca2111bdc8082291a28b3f9bf1d937dd72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jan 2022 03:02:30 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdfbd77b-csz7z
vary: Origin
x-c: main-1585.I7afc85.M0-540
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://diabatelegacypublishing.org
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1 204
No Content clear.png Show response
tm.regions.com/fp/ Frame 7CCC 0
387 B 23ms
22ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jf=3134266e796037343233336e343a39656b38323e6b33696335353031336468363964306c313130

Requested by

Host: tm.regions.com
URL: https://tm.regions.com/fp/ls_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tm.regions.com/fp/ls_fp.html;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:29 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 41ms
41ms XHR
application/json 52.19.220.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=31003949554473543441366931048450745730&ts=1641870150023
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026
Protocol: HTTP/1.1
Server: 52.19.220.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-220-6.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 98058af86bf4c6f0aa50806b065159810f5fd4fec7f12299ee65334b4ed9ca04

Request headers

Referer: http://diabatelegacypublishing.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v026-0d3bb21a7.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-TID: xR281TWST4E=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://diabatelegacypublishing.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1270
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 trace Show response
www.cloudflare.com/cdn-cgi/ 302 B
444 B 120ms
35ms XHR
text/plain 2606:4700::6810:7b60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cloudflare.com/cdn-cgi/trace

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7b60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c25674b148625d440d4038927d5c7cd9401fb7b899e1cbf42cbf0e5145ce5753

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 11 Jan 2022 03:02:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
content-type: text/plain
access-control-allow-origin: *
cache-control: no-cache
cf-ray: 6cbae8168dd771d4-LHR
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK dest5.html Show response
fast.regions.demdex.net/ Frame DFCA 7 KB
3 KB 195ms
23ms Document
text/html 95.101.78.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.regions.demdex.net/dest5.html?d_nsid=undefined
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/38ff9a60d8efb6e2f9e7175b10aa8d1f.js?conditionId0=423026
Protocol: HTTP/1.1
Server: 95.101.78.80 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-78-80.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 11 Jan 2022 03:02:30 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=25252184729916875571942705726437533167
https://cm.everesttech.net/cm/dd?d_uuid=25252184729916875571942705726437533167
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YdzzRgAAAHxS_wQf
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YdzzRgAAAHxS_wQf

42 B
945 B

41ms
41ms

Image
image/gif

52.19.220.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YdzzRgAAAHxS_wQf

Protocol

HTTP/1.1

Server

52.19.220.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-220-6.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v026-0a13d5aae.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Xe84z0uwS6A=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v026-0c3dcc544.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: /zcGmVuKSbo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YdzzRgAAAHxS_wQf
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204
No Content clear.png Show response
tm.regions.com/fp/ Frame D893 0
387 B 22ms
22ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear.png?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jac=1&je=333537242c756f6072766355657a7c65786e6366556b783f3033372c3b333e2c3233352431313a267d696f377d676a7076615f6b64766f706e636c556d6666732c706f37646d2e60637673763779286e657465662238392e3a302e2879766976777122382861626372656964672075266b75666237616935603b65346f3432336361616936643a613d633333383b3b34313636603f613933373b3668346630646e343a3c3a323b3a646734643a316c61643a343f39

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jan 2022 03:02:30 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear3.png;CIS3SID=698EFDB58659A915048147979623C050 Show response
tm.regions.com/fp/ Frame D893 0
219 B 65ms
22ms Script
text/javascript 185.32.241.65
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://tm.regions.com/fp/clear3.png;CIS3SID=698EFDB58659A915048147979623C050?org_id=3uc6h1j9&session_id=vc4gk3ofabao1vldnavjjby3&nonce=72f7ae9a8e59ae74&jac=1&je=null

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

185.32.241.65 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://diabatelegacypublishing.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Tue, 11 Jan 2022 03:02:33 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: onlinebanking.regions.com
URL: https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff

Domain: onlinebanking.regions.com
URL: https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Regions Bank (Banking)

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tm.regions.com/	1970-01-21 19:16:30	Name: thx_guid Value: d441c589770d4817878c7e9ffa2b6944
.diabatelegacypublishing.org/	1970-01-20 17:35:42	Name: _ga Value: GA1.2.573434132.1641870149
.diabatelegacypublishing.org/	1970-01-20 00:05:56	Name: _gid Value: GA1.2.1031990687.1641870149
.diabatelegacypublishing.org/	1970-01-20 00:04:30	Name: _gat_gtag_UA_108294743_4 Value: 1
diabatelegacypublishing.org/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: http%3A%2F%2Fdiabatelegacypublishing.org%2Fsecure%2Faccount_verify.php%3Fsessionid%3Df2c250789c7bff4275ba71cf0c523adf~1641870149480
.diabatelegacypublishing.org/	1969-12-31 23:59:59	Name: AMCVS_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1
.diabatelegacypublishing.org/	1970-01-20 00:04:31	Name: gpv_pn Value: olb%7Csecure%7Caccount_verify
.diabatelegacypublishing.org/	1969-12-31 23:59:59	Name: s_ips Value: 1200
.diabatelegacypublishing.org/	1969-12-31 23:59:59	Name: s_tp Value: 1543
.diabatelegacypublishing.org/	1969-12-31 23:59:59	Name: s_ppv Value: olb%257Csecure%257Caccount_verify%2C78%2C78%2C1200%2C1%2C1
.everesttech.net/	1970-01-20 08:50:06	Name: everest_g_v2 Value: g_surferid~YdzzRgAAAHxS_wQf
.demdex.net/	1970-01-20 04:23:42	Name: demdex Value: 20116591850409353280082717971242159967
.dpm.demdex.net/	1970-01-20 04:23:42	Name: dpm Value: 20116591850409353280082717971242159967
.diabatelegacypublishing.org/	1970-01-20 17:35:42	Name: AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1585540135%7CMCMID%7C31003949554473543441366931048450745730%7CMCAID%7CNONE%7CMCOPTOUT-1641877350s%7CNONE%7CMCAAMLH-1642474950%7C6%7CMCAAMB-1642474950%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19011%7CvVersion%7C4.4.0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf Message: Access to font at 'https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff' from origin 'http://diabatelegacypublishing.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-700-webfont.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://diabatelegacypublishing.org/secure/account_verify.php?sessionid=f2c250789c7bff4275ba71cf0c523adf Message: Access to font at 'https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff' from origin 'http://diabatelegacypublishing.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://onlinebanking.regions.com/Assets/Themes/Desktop/Shared/ResponsiveCore/Fonts/source-sans-pro-regular-webfont.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3uc6h1j9kexyopvedev7dgcqlipaudbotmzugflm72f7ae9a8e59ae74am1.e.aa.online-metrix.net
cm.everesttech.net
diabatelegacypublishing.org
dpm.demdex.net
fast.regions.demdex.net
h.online-metrix.net
metrics.regions.com
nexus.ensighten.com
onlinebanking.regions.com
siteintercept.qualtrics.com
smetrics.regions.com
stats.g.doubleclick.net
tm.regions.com
www.cloudflare.com
www.google-analytics.com
www.google.com
www.google.se
www.googletagmanager.com
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
onlinebanking.regions.com
104.17.208.240
15.188.95.229
18.195.42.228
185.32.241.65
190.114.255.122
205.255.100.241
2606:4700::6810:7b60
2a00:1450:4001:812::2003
2a00:1450:4001:827::2004
2a00:1450:4001:828::200e
2a00:1450:4001:831::2008
2a00:1450:400c:c08::9c
52.19.220.6
54.75.68.230
91.235.132.130
91.235.134.131
95.101.78.80
05204d3752f4d0c46f651a1acc60cc90ba19eb987c48eaa6a3e4d78c05af00ea
07572d93843235aaea2bc63e8e65272315f4012a6a810e6567fa07b7816ba414
08f3d7de7aea50ee4f77098ffd4ecce4d803a35b21285f45e6b72e3a497d7122
14a382935bc81b55623ebfbf902ad4beba14b551a9733457e14b482f5be8bd05
1b67ebb7fd1be0f9d34485d12aaf76b2c89cbf7561fff544d612bfb0a0cb0d81
1e56c66dff0fc2c9372309a3f93b549338293266d614feae5dae10bcfec9c8f2
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
202b4d6b7b2aca5c13eb4821dd6dbdcf5bceccc52c5e425457bbcdf63406aca3
29db6b777bc43ce1de3fb92c31a98d263b8c5b2ac510bf64a336fb0b667be352
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
44f3f5b9776f61ca54f616bc0d13dce4385a36794b2e4fbd270dc68bb7658f23
47a3e1b9b01c7c46d804b83550dbb683d502ee9ba3b4132f64a4fe4b7b6629a1
4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413
4d4fe612fa43bdcfc05db6234a824a87d806a83ab61a9f8f05dff12c2b253c95
6c57583483251f987ac253670ead9f93752e9bdc53e722b062d9997d308a829f
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
76e8393ff4e9a08854bba2a77841ffca2111bdc8082291a28b3f9bf1d937dd72
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
878227787bfdfdc233209277b711325be189981949e62797f2b8413f1931c261
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
8efac7087552def0e358b8896dbbe43b7ffe2d961746cdc4aea60f7eed3e1384
90fd3145f79df19b0e5691e14cd85769112a3c5ac2e7de0feb4233bd371740c5
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98058af86bf4c6f0aa50806b065159810f5fd4fec7f12299ee65334b4ed9ca04
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
a8bb5c67018c1992e72b1ba33443d9bb404dfb21720066313d008953e7ac429b
ac34e8f6341afbfcd4142b5b4c595e5c7363cab158439bf6c4d053b28e447c13
c25674b148625d440d4038927d5c7cd9401fb7b899e1cbf42cbf0e5145ce5753
c33cad32b0a9715133e8c207d24f3d5356e4ce764f1c13ff80ea1c7ce24061c4
c648a93e59a730df58f46a3e08a61d07e662b5c41a8a0548685959e82b44654b
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
cccb3fa98205a27b3fd008fb252936399750f8c1dd13054eff46db2c6712491f
cf4790673b69db71dd64615e5b8c71b34ed17078131a4e745689b7ae29623c61
d29a50bbb70d0c0a23215edec79ea1cd7aec5528974e270207f957109a0963d0
dba1713f38201760a1bcdeaebbf721b61be1a85040b814acfd3a3df6309e6e99
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e
e90b89678fd0fa8c4aba6856cf77591e041e7c8c9d6bd81620d35aeff0f97861
edae9e203589ee6b9a488fbfad30e59fce4afb70aae71e0f6d23d3173a12c904
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09f5374367e34f0b7ef5c39837fc1cf528af2e84fc5413dfaabda7d31c17b59

diabatelegacypublishing.org Open in urlscan Pro 190.114.255.122 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

64 Requests

77 %HTTPS

35 %IPv6

13 Domains

19 Subdomains

17 IPs

8 Countries

710 kBTransfer

2174 kBSize

14 Cookies

11 Outgoing links

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

diabatelegacypublishing.org Open in urlscan Pro
190.114.255.122 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

77 %
HTTPS

35 %
IPv6

13
Domains

19
Subdomains

17
IPs

8
Countries

710 kB
Transfer

2174 kB
Size

14
Cookies

64 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!