giresunsedefotel.com Open in urlscan Pro
78.135.65.20 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=t...
Submission: On October 20 via automatic, source openphish (October 20th 2020, 1:15:43 am UTC)

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 7 countries across 11 domains to perform 28 HTTP transactions. The main IP is 78.135.65.20, located in Turkey and belongs to PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR. The main domain is giresunsedefotel.com.

This is the only time giresunsedefotel.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Regions Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	78.135.65.20 78.135.65.20	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
5	205.255.100.240 205.255.100.240	19905 (NEUSTAR-AS6) (NEUSTAR-AS6)
1	205.255.100.241 205.255.100.241	10801 (REGIONS-A...) (REGIONS-ASN-1)
5	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
2 5	52.208.235.219 52.208.235.219	16509 (AMAZON-02) (AMAZON-02)
1	15.236.9.100 15.236.9.100	16509 (AMAZON-02) (AMAZON-02)
1	2.16.186.82 2.16.186.82	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
28	15

1 78.135.65.20 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)
PTR: rcp01.hosting.sh.com.tr

giresunsedefotel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 205.255.100.240 (United States)

ASN19905 (NEUSTAR-AS6, US)
PTR: login.regions.com

login.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.255.100.241 (United States)

ASN10801 (REGIONS-ASN-1, US)
PTR: onlinebanking.regions.com

onlinebanking.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.208.240 (United States)

ASN13335 (CLOUDFLARENET, US)

znebdjzidehxpwsol-regions.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.208.235.219 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-235-219.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.9.100 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

metrics.regions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.82 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-82.deploy.static.akamaitechnologies.com

fast.regions.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.117.28.86 (United States) 2 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	regions.com login.regions.com onlinebanking.regions.com metrics.regions.com	219 KB
6	demdex.net 2 redirects dpm.demdex.net fast.regions.demdex.net	5 KB
5	ensighten.com nexus.ensighten.com	65 KB
3	google-analytics.com www.google-analytics.com	18 KB
2	everesttech.net 2 redirects cm.everesttech.net	748 B
2	qualtrics.com znebdjzidehxpwsol-regions.siteintercept.qualtrics.com siteintercept.qualtrics.com	17 KB
1	google.de www.google.de	106 B
1	google.com www.google.com	106 B
1	doubleclick.net stats.g.doubleclick.net	90 B
1	googletagmanager.com www.googletagmanager.com	37 KB
1	giresunsedefotel.com giresunsedefotel.com	3 KB
28	11

	Domain	Requested by
5	dpm.demdex.net	2 redirects giresunsedefotel.com
5	nexus.ensighten.com	giresunsedefotel.com nexus.ensighten.com
5	login.regions.com	giresunsedefotel.com login.regions.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	cm.everesttech.net	2 redirects
1	fast.regions.demdex.net	giresunsedefotel.com
1	metrics.regions.com	giresunsedefotel.com
1	siteintercept.qualtrics.com	znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
1	www.google.de
1	www.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	znebdjzidehxpwsol-regions.siteintercept.qualtrics.com	nexus.ensighten.com
1	www.googletagmanager.com	nexus.ensighten.com
1	onlinebanking.regions.com	giresunsedefotel.com
1	giresunsedefotel.com
28	15

This site contains no links.

Subject Issuer	Validity	Valid
login.regions.com Sectigo RSA Extended Validation Secure Server CA	`2020-04-22` - `2021-04-22`	a year	crt.sh
onlinebanking.regions.com Sectigo RSA Extended Validation Secure Server CA	`2020-04-22` - `2021-04-22`	a year	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2018-10-08` - `2021-01-06`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-09-22` - `2020-12-15`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh

This page contains 2 frames:

Primary Page: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Frame ID: 45E88659758AF4DD43AED872D850F441
Requests: 27 HTTP requests in this frame

Frame: http://fast.regions.demdex.net/dest5.html?d_nsid=undefined
Frame ID: 420BE91B9BD59C54B8C4CB9D527CFE95
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

28
Requests

61 %
HTTPS

40 %
IPv6

11
Domains

15
Subdomains

15
IPs

7
Countries

364 kB
Transfer

1124 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 22

http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924

Request Chain 26

http://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414 HTTP 302
https://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X446JwAABlamXS3- HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X446JwAABlamXS3-

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set action.php Show response
giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/ 8 KB
3 KB 279ms
187ms Document
text/html 78.135.65.20
SH

General

Check archive.org

Show headers Download Go to

Full URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: HTTP/1.1
Server: 78.135.65.20 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS: rcp01.hosting.sh.com.tr
Software: LiteSpeed /
Resource Hash: 76db26474f1c86e01017673b074ae36aa0d75a1d19a4a4e89e437da1e66b31d2

Request headers

Host: giresunsedefotel.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection: Keep-Alive
Set-Cookie: PHPSESSID=896npetggr7uqnsqi7vvs7egc2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 2336
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent,User-Agent
Date: Tue, 20 Oct 2020 01:15:16 GMT
Server: LiteSpeed

GET
H/1.1 200
OK com-regions.min.css
login.regions.com//Themes/RegionsBootstrap/ 243 KB
49 KB 600ms
156ms Stylesheet
text/css 205.255.100.240
NEUSTAR-AS6

General

Check archive.org

Show headers Download Go to

Full URL

https://login.regions.com//Themes/RegionsBootstrap/com-regions.min.css

Requested by

Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.240 , United States, ASN19905 (NEUSTAR-AS6, US),

Reverse DNS

Software

Resource Hash

9562f0b0d20b48deb112d1c7e183b5fddd4d5bfaf45ddb7e3e93cafa0289d7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 19 Oct 2020 04:55:40 GMT
Via: NS-CACHE-11
Last-Modified: Thu, 17 Sep 2020 00:12:08 GMT
Server
Age: 73178
ETag: "1D68C872E57FC00"
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: no-cache
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 49398
Expires: Tue, 20 Oct 2020 04:55:40 GMT

GET
H/1.1 200
OK com-regions.min.js Show response
login.regions.com//Scripts/RegionsBootstrap/ 265 KB
93 KB 607ms
163ms Script
text/javascript 205.255.100.240
NEUSTAR-AS6

General

Check archive.org

Show headers Download Go to

Full URL

https://login.regions.com//Scripts/RegionsBootstrap/com-regions.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.240 , United States, ASN19905 (NEUSTAR-AS6, US),

Reverse DNS

Software

Resource Hash

7e40f1ed6603371cc5b77ae7234e41aa317be5ed443188a37a999e97af56aede

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 20 Oct 2020 01:15:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Sep 2020 00:12:08 GMT
Server
ETag: "1D68C872E57FC00"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, no-cache="Set-Cookie"
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Expires: Wed, 21 Oct 2020 01:15:17 GMT

GET
H/1.1 200
OK regions-logo-no-r.svg
login.regions.com//Themes/RegionsBootstrap/Images/ 5 KB
3 KB 598ms
155ms Image
image/svg+xml 205.255.100.240
NEUSTAR-AS6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.regions.com//Themes/RegionsBootstrap/Images/regions-logo-no-r.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.240 , United States, ASN19905 (NEUSTAR-AS6, US),

Reverse DNS

Software

Resource Hash

912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cteonnt-Length: 5627
Date: Mon, 19 Oct 2020 05:55:29 GMT
Via: NS-CACHE-11
Last-Modified: Thu, 17 Sep 2020 00:12:08 GMT
Server
Age: 69589
ETag: "1D68C872E57FC00"
Strict-Transport-Security: max-age=157680000
Content-Type: image/svg+xml
Cache-Control: no-cache
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 2317
Expires: Tue, 20 Oct 2020 05:55:30 GMT

GET
H/1.1 200
OK equal-housing-lender.svg
login.regions.com//Themes/RegionsBootstrap/Images/ 4 KB
2 KB 608ms
165ms Image
image/svg+xml 205.255.100.240
NEUSTAR-AS6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.regions.com//Themes/RegionsBootstrap/Images/equal-housing-lender.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.240 , United States, ASN19905 (NEUSTAR-AS6, US),

Reverse DNS

Software

Resource Hash

e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cteonnt-Length: 3790
Date: Tue, 20 Oct 2020 01:15:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Sep 2020 00:12:08 GMT
Server
ETag: "1D68C872E57FC00"
Strict-Transport-Security: max-age=157680000
Content-Type: image/svg+xml
Cache-Control: public, no-cache="Set-Cookie"
Accept-Ranges: bytes
Content-Length: 1671
Expires: Wed, 21 Oct 2020 01:15:17 GMT

GET
H/1.1 200
OK member-fdic.svg
login.regions.com//Themes/RegionsBootstrap/Images/ 6 KB
3 KB 609ms
167ms Image
image/svg+xml 205.255.100.240
NEUSTAR-AS6

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.regions.com//Themes/RegionsBootstrap/Images/member-fdic.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.240 , United States, ASN19905 (NEUSTAR-AS6, US),

Reverse DNS

Software

Resource Hash

8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cteonnt-Length: 6001
Date: Tue, 20 Oct 2020 01:15:17 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Sep 2020 00:12:08 GMT
Server
ETag: "1D68C872E57FC00"
Strict-Transport-Security: max-age=157680000
Content-Type: image/svg+xml
Cache-Control: public, no-cache="Set-Cookie"
Accept-Ranges: bytes
Content-Length: 2658
Expires: Wed, 21 Oct 2020 01:15:17 GMT

GET
H/1.1 200
OK global-overlays.js Show response
onlinebanking.regions.com/custom/Assets/Scripts/ 202 KB
68 KB 611ms
161ms Script
application/javascript 205.255.100.241
REGIONS-ASN-1

General

Check archive.org

Show headers Download Go to

Full URL

https://onlinebanking.regions.com/custom/Assets/Scripts/global-overlays.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

205.255.100.241 , United States, ASN10801 (REGIONS-ASN-1, US),

Reverse DNS

onlinebanking.regions.com

Software

Microsoft-IIS/10.0 /

Resource Hash

4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cteonnt-Length: 207078
Date: Tue, 20 Oct 2020 01:15:17 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Sep 2019 13:58:42 GMT
Server: Microsoft-IIS/10.0
ETag: "01597dadf67d51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/regions/regions-olb/ 29 KB
9 KB 180ms
57ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Requested by: Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0284cbd99e83b978e2686bbd7f8aeeac32fa57214303ff6bc953415b2d282f78

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 20 Oct 2020 01:15:17 GMT
content-encoding: gzip
last-modified: Thu, 01 Oct 2020 06:12:40 GMT
server: nginx
etag: W/"5f757358-72c0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET source-sans-pro-700-webfont.woff
login.regions.com//Themes/RegionsBootstrap/fonts/ 0
0

GET source-sans-pro-regular-webfont.woff
login.regions.com//Themes/RegionsBootstrap/fonts/ 0
0

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/regions/regions-olb/ 279 B
516 B 111ms
86ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/regions/regions-olb/serverComponent.php?r=0.5220801418074619&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/regions/regions-olb/code/&publishedOn=Thu%20Oct%2001%2006:12:39%20GMT%202020&ClientID=1202&PageID=http%3A%2F%2Fgiresunsedefotel.com%2Flogs%2F201610%2F.dl%2Fsmart%2Fengine%2Fverification__%2Findexx.php%2FID%2F1%2Faction.php%3Ftemplate%3DInitiate%26valid%3Dtrue%26session%3D6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7718b1406ee9b1ca22aeaed294ae6416af5411ee9c3ba97dc7092cad30ac868b

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 20 Oct 2020 01:15:18 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 279
Expires: Tue, 20 Oct 2020 01:15:17 GMT

GET
H/1.1 200
OK aaed6ca3a40617bbda790c79347c4690.js Show response
nexus.ensighten.com/regions/regions-olb/code/ 162 KB
56 KB 59ms
59ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/regions/regions-olb/code/aaed6ca3a40617bbda790c79347c4690.js?conditionId0=423026
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a8d84cf15c4f9000bf6cb2b90158126965f8aeba625274241c172b26ff10c4d2

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 20 Oct 2020 01:15:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 06:08:04 GMT
Server: nginx
ETag: W/"5f757244-2898c"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 204
No Content e.gif
nexus.ensighten.com/error/ 0
193 B 55ms
55ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/error/e.gif?msg=Cannot%20read%20property%20%27resolve%27%20of%20undefined&lnn=-1&fn=&cid=1202&client=regions&publishPath=regions-olb&rid=-1&did=-1&errorName=TypeError
Requested by: Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 20 Oct 2020 01:15:18 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Tue, 20 Oct 2020 01:15:17 GMT

GET
H/1.1 204
No Content e.gif
nexus.ensighten.com/error/ 0
193 B 116ms
91ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/error/e.gif?msg=Cannot%20read%20property%20%27RCIF%27%20of%20undefined&lnn=-1&fn=&cid=1202&client=regions&publishPath=regions-olb&rid=3100402&did=595352&errorName=TypeError
Requested by: Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 20 Oct 2020 01:15:18 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Tue, 20 Oct 2020 01:15:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-108294743-4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/regions/regions-olb/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

556759f99ac7b77f3bcf1a7727022eee53b35c6f7dbbc8f9ae4757bb8304ff5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 20 Oct 2020 01:15:18 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37896
x-xss-protection: 0
last-modified: Tue, 20 Oct 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 20 Oct 2020 01:15:18 GMT

GET
H2 200 / Show response
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 54 KB
16 KB 182ms
69ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=http%3A%2F%2Fgiresunsedefotel.com%2Flogs%2F201610%2F.dl%2Fsmart%2Fengine%2Fverification__%2Findexx.php%2FID%2F1%2Faction.php%3Ftemplate%3DInitiate%26valid%3Dtrue%26session%3D6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c&t=1603156518708

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/regions/regions-olb/code/aaed6ca3a40617bbda790c79347c4690.js?conditionId0=423026

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

771151f2b2c470cce74d21f580b2b1daf178f9932eeaee79e2e94b2428b53e99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 20 Oct 2020 01:15:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 340777
cf-polished: origSize=56140
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 05e52c3fc30000d90dae08f000000001
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"db4c-tzehEgVeDb/IMbA+u9T9XcsnIZU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 5e4ee312df57d90d-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-108294743-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 5153
date: Mon, 19 Oct 2020 23:49:25 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Tue, 20 Oct 2020 01:49:25 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
68 B 13ms
13ms XHR
text/plain 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&a=648545671&t=pageview&_s=1&dl=http%3A%2F%2Fgiresunsedefotel.com%2Flogs%2F201610%2F.dl%2Fsmart%2Fengine%2Fverification__%2Findexx.php%2FID%2F1%2Faction.php%3Ftemplate%3DInitiate%26valid%3Dtrue%26session%3D6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c&ul=en-us&de=UTF-8&dt=Regions%20Online%20Banking%20-%20Log%20In&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=182999799&gjid=62984543&cid=954419106.1603156519&tid=UA-108294743-4&_gid=1576081125.1603156519&_r=1&gtm=2ou9u1&z=1335527946

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 20 Oct 2020 01:15:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: http://giresunsedefotel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
6ms Image
image/gif 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j86&a=648545671&t=timing&_s=2&dl=http%3A%2F%2Fgiresunsedefotel.com%2Flogs%2F201610%2F.dl%2Fsmart%2Fengine%2Fverification__%2Findexx.php%2FID%2F1%2Faction.php%3Ftemplate%3DInitiate%26valid%3Dtrue%26session%3D6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c&ul=en-us&de=UTF-8&dt=Regions%20Online%20Banking%20-%20Log%20In&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2073&pdt=0&dns=67&rrt=0&srt=188&tcp=24&dit=1670&clt=1670&_gst=2107&_gbt=2122&_cst=2102&_cbt=2102&_u=IEBAAUABAAAAAC~&jid=&gjid=&cid=954419106.1603156519&tid=UA-108294743-4&_gid=1576081125.1603156519&z=467212169

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 19 Oct 2020 09:03:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 58329
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-108294743-4&cid=954419106.1603156519&jid=182999799&gjid=62984543&_gid=1576081125.1603156519&_u=IEBAAUAAAAAAAC~&z=1415060410

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 20 Oct 2020 01:15:18 GMT
status: 200
content-type: text/plain
access-control-allow-origin: http://giresunsedefotel.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
106 B 18ms
17ms Image
image/gif 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-108294743-4&cid=954419106.1603156519&jid=182999799&_u=IEBAAUAAAAAAAC~&z=997974489

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Oct 2020 01:15:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
106 B 19ms
18ms Image
image/gif 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-108294743-4&cid=954419106.1603156519&jid=182999799&_u=IEBAAUAAAAAAAC~&z=997974489

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 20 Oct 2020 01:15:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
972 B 165ms
164ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_ebdjZIDEhxPwsol&Q_CLIENTVERSION=1.36.1&Q_CLIENTTYPE=web

Requested by

Host: znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
URL: https://znebdjzidehxpwsol-regions.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_ebdjZIDEhxPwsol&Q_LOC=http%3A%2F%2Fgiresunsedefotel.com%2Flogs%2F201610%2F.dl%2Fsmart%2Fengine%2Fverification__%2Findexx.php%2FID%2F1%2Faction.php%3Ftemplate%3DInitiate%26valid%3Dtrue%26session%3D6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c&t=1603156518708

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 20 Oct 2020 01:15:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: http://giresunsedefotel.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 5e4ee3137fcbd90d-AMS
vary: Accept-Encoding
cf-request-id: 05e52c40280000d90da937b000000001

GET
H/1.1

200
OK

rd
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924

110 B
746 B

63ms
63ms

XHR
application/json

52.208.235.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924
Protocol: HTTP/1.1
Server: 52.208.235.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-235-219.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v084-0226cd28d.edge-irl1.demdex.com 5.78.2.20201014153347 0ms (+1ms)
Pragma: no-cache
X-Error: 172
X-TID: s3c2GynMQeE=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://giresunsedefotel.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 110
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Access-Control-Allow-Origin: http://giresunsedefotel.com
X-TID: jdOTRBwRQdQ=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&ts=1603156518924
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK id
metrics.regions.com/ 48 B
899 B 156ms
88ms XHR
application/x-javascript 15.236.9.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.regions.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&ts=1603156519117

Requested by

Protocol

HTTP/1.1

Server

15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 20 Oct 2020 01:15:19 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b84d8c678-jmp5j
vary: Origin
x-c: master-1397.I728fb3.M0-462
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://giresunsedefotel.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK id
dpm.demdex.net/ 3 KB
2 KB 65ms
65ms XHR
application/json 52.208.235.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=DB9639725BD2FC5B0A495C65%40AdobeOrg&d_nsid=0&d_mid=26596800184309691000773238218632242859&ts=1603156519276
Requested by: Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: HTTP/1.1
Server: 52.208.235.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-235-219.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v084-0dc2ff2a3.edge-irl1.demdex.com 5.78.2.20201014153347 2ms (+1ms)
Pragma: no-cache
Content-Encoding: gzip
X-TID: rw6eHYvZS5c=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://giresunsedefotel.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1190
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK dest5.html
fast.regions.demdex.net/ Frame 420B 0
0 115ms
73ms Document
text/html 2.16.186.82
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.regions.demdex.net/dest5.html?d_nsid=undefined
Requested by: Host: giresunsedefotel.com
URL: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Protocol: HTTP/1.1
Server: 2.16.186.82 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a2-16-186-82.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Host: fast.regions.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 20 Oct 2020 01:15:19 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414
https://cm.everesttech.net/cm/dd?d_uuid=32348918259236550090195528400182601414
https://dpm.demdex.net/ibs:dpid=411&dpuuid=X446JwAABlamXS3-
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X446JwAABlamXS3-

42 B
915 B

61ms
61ms

Image
image/gif

52.208.235.219
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X446JwAABlamXS3-

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.208.235.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-235-219.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://giresunsedefotel.com/logs/201610/.dl/smart/engine/verification__/indexx.php/ID/1/action.php?template=Initiate&valid=true&session=6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c-6a732279f51d93af6fb638ec48aad16c
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v084-04b8abf70.edge-irl1.demdex.com 5.78.2.20201014153347 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 3pPPoMbYTAI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 8WUEzQq9RtI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=X446JwAABlamXS3-
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.regions.com
URL: https://login.regions.com//Themes/RegionsBootstrap/fonts/source-sans-pro-700-webfont.woff

Domain: login.regions.com
URL: https://login.regions.com//Themes/RegionsBootstrap/fonts/source-sans-pro-regular-webfont.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Regions Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.giresunsedefotel.com/	1970-01-20 06:50:28	Name: AMCV_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1585540135%7CMCMID%7C26596800184309691000773238218632242859%7CMCAID%7CNONE%7CMCOPTOUT-1603163719s%7CNONE%7CMCAAMLH-1603761319%7C6%7CMCAAMB-1603761319%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-18563%7CvVersion%7C4.4.0
.giresunsedefotel.com/	1970-01-19 13:19:18	Name: s_ds_s Value: First%20Visit
.giresunsedefotel.com/	1970-01-20 15:36:04	Name: s_ds Value: 1603156519350
.giresunsedefotel.com/	1970-01-19 14:02:28	Name: s_nr Value: 1603156519349-New
.giresunsedefotel.com/	1970-01-19 13:19:16	Name: _gat_gtag_UA_108294743_4 Value: 1
.giresunsedefotel.com/	1969-12-31 23:59:59	Name: s_ppv Value: olb%257Clogs%257C%2C100%2C100%2C1200
giresunsedefotel.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 896npetggr7uqnsqi7vvs7egc2
.giresunsedefotel.com/	1969-12-31 23:59:59	Name: s_cm Value: Typed%2FBookmarkedTyped%2FBookmarkedundefined
.giresunsedefotel.com/	1970-01-19 13:19:18	Name: s_dl Value: 1
.giresunsedefotel.com/	1970-01-19 22:04:52	Name: s_lang Value: en
.giresunsedefotel.com/	1970-01-20 06:50:28	Name: _ga Value: GA1.2.954419106.1603156519
.giresunsedefotel.com/	1969-12-31 23:59:59	Name: AMCVS_DB9639725BD2FC5B0A495C65%40AdobeOrg Value: 1
.giresunsedefotel.com/	1969-12-31 23:59:59	Name: s_tp Value: 1200
.giresunsedefotel.com/	1970-01-19 13:19:18	Name: gpv_pn Value: olb%7Clogs%7C
.giresunsedefotel.com/	1970-01-19 13:20:42	Name: _gid Value: GA1.2.1576081125.1603156519

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.everesttech.net
dpm.demdex.net
fast.regions.demdex.net
giresunsedefotel.com
login.regions.com
metrics.regions.com
nexus.ensighten.com
onlinebanking.regions.com
siteintercept.qualtrics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
znebdjzidehxpwsol-regions.siteintercept.qualtrics.com
login.regions.com
104.17.208.240
15.236.9.100
18.195.42.228
2.16.186.82
205.255.100.240
205.255.100.241
2a00:1450:4001:806::2008
2a00:1450:4001:808::200e
2a00:1450:4001:818::2003
2a00:1450:4001:819::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c04::9a
52.208.235.219
66.117.28.86
78.135.65.20
0284cbd99e83b978e2686bbd7f8aeeac32fa57214303ff6bc953415b2d282f78
4b70df8131a18cd31f6abe166cae5a6a9d446b8fa4dbc5a6fd67ad5c92fb9413
556759f99ac7b77f3bcf1a7727022eee53b35c6f7dbbc8f9ae4757bb8304ff5e
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
76db26474f1c86e01017673b074ae36aa0d75a1d19a4a4e89e437da1e66b31d2
771151f2b2c470cce74d21f580b2b1daf178f9932eeaee79e2e94b2428b53e99
7718b1406ee9b1ca22aeaed294ae6416af5411ee9c3ba97dc7092cad30ac868b
7e40f1ed6603371cc5b77ae7234e41aa317be5ed443188a37a999e97af56aede
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8b69a3707a2ef4a748dd6c9923a1fa17d1ed5d32eee6e60240540217cf30b324
912f72af9fe61099bc2452960df7b72ee662d5c3e6188ab246767de1fe367913
9562f0b0d20b48deb112d1c7e183b5fddd4d5bfaf45ddb7e3e93cafa0289d7d2
a8d84cf15c4f9000bf6cb2b90158126965f8aeba625274241c172b26ff10c4d2
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bc94279e093f25720c2867e7a08dbfaaa140636f11eab5ac4e204a93a3751e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

giresunsedefotel.com Open in urlscan Pro 78.135.65.20 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

28 Requests

61 %HTTPS

40 %IPv6

11 Domains

15 Subdomains

15 IPs

7 Countries

364 kBTransfer

1124 kBSize

15 Cookies

0 Outgoing links

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

15 Cookies

giresunsedefotel.com Open in urlscan Pro
78.135.65.20 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

61 %
HTTPS

40 %
IPv6

11
Domains

15
Subdomains

15
IPs

7
Countries

364 kB
Transfer

1124 kB
Size

15
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!