Report - guacari.com.co/sc/NOVASCOT/63a3c/

Report Overview

Submitted URL
guacari.com.co/sc/NOVASCOT/63a3c/
IP
162.241.60.19
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-05-04 14:26:11
Access
public
Website Title
Sign in | Scotiabank
Final URL
guacari.com.co/sc/NOVASCOT/63a3c/
Tags
scotiabank financial phishing
urlquery detections
Phishing - Scotiabank

Detections

urlquery
13
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-03	328 B	2.0 kB	23.38.202.187
somniture.scotiabank.com	112065	1996-04-09	2012-11-14	2023-12-01	614 B	719 B	63.140.62.17
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	338 B	942 B	54.230.218.11
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	unknown	2021-08-01	2023-09-13	2024-01-15	554 B	21 kB	52.210.155.25
assets	597867	unknown	2015-06-13	2020-07-15	417 B	0 B	0.0.0.0
guacari.com.co	unknown	2017-10-23	2019-05-03	2022-10-29	5.8 kB	111 kB	162.241.60.19
dmtags.scotiabank.com	238686	1996-04-09	2019-04-29	2023-12-01	2.6 kB	110 kB	104.66.122.200
dlslhpkfqfglo.cloudfront.net	unknown	2008-04-25	2023-08-30	2024-04-09	2.4 kB	826 kB	143.204.42.77

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	assets	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	unknown	3.2 kB	2024-05-01	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen176 Hash 85d571a1d0b6748e09ced05d6bf9b146 89347e5a4fec83823f9dc2f0c6d7ea3772b05654 37c7d9a153646791579f135946bda00f7a8c0d38bc537bbcc2244d2fa613b10e Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js	35 kB	2023-09-20	2024-05-17
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 09:29:32 Last Seen2024-05-17 23:56:48 Times Seen1548 Hash 208eb534ea01036a4fca64e6715ccf3f 90c85649634ff5a627023668b2e10fa01cf30315 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js	3.3 kB	2023-09-20	2024-05-17
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 09:29:32 Last Seen2024-05-17 23:56:48 Times Seen1311 Hash f1e098a5dd836ea5fc9726c429c8d71d 9b9371eb2d68b1e71063cf9f848baa07347511ca bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8 Loading...

	guacari.com.co/sc/NOVASCOT/63a3c/	169 B	2024-05-01	2024-05-09
Pretty URL guacari.com.co/sc/NOVASCOT/63a3c/ IP 162.241.60.19 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen176 Hash c6688024f007698831b2e4744a7ab707 f278b1dea5459c97e08465f66d1f8406716a75be 16b62b7805d97f47aed8b3c4f8bb3c8234bed8bfbbb7e88481035630a52cfa45 Loading...

	guacari.com.co/sc/NOVASCOT/63a3c/	8.0 kB	2024-05-01	2024-05-09
Pretty URL guacari.com.co/sc/NOVASCOT/63a3c/ IP 162.241.60.19 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen176 Hash 4b04be71901ffe5eeadf24da47a35b15 b2b4d4068246bd8d384807a57d2bd5a54eb85ef0 9eaaa8ff1906895e150fc5fbe39933a1b07b45602e242300cbbaccbdd052436f Loading...

	guacari.com.co/sc/NOVASCOT/63a3c/	114 B	2024-05-01	2024-05-09
Pretty URL guacari.com.co/sc/NOVASCOT/63a3c/ IP 162.241.60.19 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen163 Hash fd115c7b909727a3bc64ffcdcc4e1465 6846c005ef292456943403516b0b170672bd81fb 5fec99d156d4af2c4a5fb238b23cb3abe3e0f9fd8cdfffc2f0855b2604a7724d Loading...

	guacari.com.co/sc/NOVASCOT/63a3c/	25 kB	2024-05-01	2024-05-09
Pretty URL guacari.com.co/sc/NOVASCOT/63a3c/ IP 162.241.60.19 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen163 Hash 32915e03f94b3dde36966fa16f09ebb4 e187cdb275e429d696c5a794497db069a8e48426 dac0f6c4f22c620c1a1cf58dcdbcf64e78c57299da355be6aeccb8aaaf6b8977 Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js	259 kB	2024-05-01	2024-05-09
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen352 Hash e5954bafa35e730bc024902bc607bd1f c9e02b8d41693266321ccf5df2f195600a700487 432bdcaeac556841bbcae2c2573562ecdd13161fe8fc121fa4e5dc18ec37e707 Loading...

	dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js	2.4 MB	2024-05-01	2024-05-09
Pretty URL dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js IP 143.204.42.77 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen171 Hash bc2e301ef03e451c268cc3fb283d0113 85fc788f55abd4ce09ae2f15969ec74a67027209 e24b45cf0914dc90c1a41f163118d8baf221ae51ca9c855d7da6071f15661ed6 Loading...

	dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js	5.1 kB	2024-05-01	2024-05-09
Pretty URL dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js IP 143.204.42.77 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen167 Hash 557b54e8deceb5ce8edbf8676c5a3cf0 4ca2d0e27c87536c561f4b50ac92c8f181450a24 416d9db2d794e184d13131d8fb84940dc4727c158281734eae4120a8637e96d0 Loading...

	dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js	21 kB	2023-10-31	2024-05-09
Pretty URL dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 04:12:59 Last Seen2024-05-09 08:50:56 Times Seen6808 Hash cf426cd1788c8356ee58c7abf14c38be 609b5a8f0b4c7b5d3d955152a76db699d0eb5382 6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16 Loading...

HTTP Transactions (27)

URL IP Response Size

guacari.com.co/resource-loader.js

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/resource-loader.js
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /resource-loader.js HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/styles.ef875488df3637535e09.css

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/styles.ef875488df3637535e09.css
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /styles.ef875488df3637535e09.css HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/runtime.28b2f6d6a26212c51af2.js

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/runtime.28b2f6d6a26212c51af2.js
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /runtime.28b2f6d6a26212c51af2.js HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/main.cafb241d85447b367d0c.chunk.js

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/main.cafb241d85447b367d0c.chunk.js
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /main.cafb241d85447b367d0c.chunk.js HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/assets/8fd30bd010d9e2c7677ec339685f958b.woff

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/assets/8fd30bd010d9e2c7677ec339685f958b.woff
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/assets/50805f331bb1b697aafb6f0c28b09212.woff2

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/assets/50805f331bb1b697aafb6f0c28b09212.woff2
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/50805f331bb1b697aafb6f0c28b09212.woff2 HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/assets/8fd30bd010d9e2c7677ec339685f958b.woff

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/assets/8fd30bd010d9e2c7677ec339685f958b.woff
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

104.66.122.200

200 OK

68 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32757)
Size
68 kB (67765 bytes)
Hash
e5954bafa35e730bc024902bc607bd1f
c9e02b8d41693266321ccf5df2f195600a700487
432bdcaeac556841bbcae2c2573562ecdd13161fe8fc121fa4e5dc18ec37e707

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438e0-3f579"
Last-Modified: Mon, 08 Apr 2024 18:35:12 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 773864d7-2485-4256-5a57-f15ba41a0207
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 67765
Date: Sat, 04 May 2024 14:25:44 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js

104.66.122.200

200 OK

13 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32730)
Size
13 kB (12687 bytes)
Hash
208eb534ea01036a4fca64e6715ccf3f
90c85649634ff5a627023668b2e10fa01cf30315
6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-8996"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e61856c7-d650-42dc-532c-9003683bddfd
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 12687
Date: Sat, 04 May 2024 14:25:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

guacari.com.co/favicon.ico

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/favicon.ico
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:45 GMT
server: Apache
X-Firefox-Spdy: h2

guacari.com.co/assets/50805f331bb1b697aafb6f0c28b09212.woff2

162.241.60.19

500 Internal Server Error

668 B

URL GET HTTP/2
guacari.com.co/assets/50805f331bb1b697aafb6f0c28b09212.woff2
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type
HTML document, ASCII text
Size
668 B (668 bytes)
Hash
dd0588c52a56b99d7371484e1676467b
3dc2a3ca7c0d4b9ce8d4bc11c24a124097fcfaf7
201e2efcb1dfaa30a4a35b2bd3158ed80db0376ce0a13ddfe6a3e05decbe7901

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/50805f331bb1b697aafb6f0c28b09212.woff2 HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/sc/NOVASCOT/63a3c/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
content-length: 668
content-type: text/html; charset=iso-8859-1
date: Sat, 04 May 2024 14:25:45 GMT
server: Apache
X-Firefox-Spdy: h2

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js

104.66.122.200

200 OK

1.6 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (3138)
Size
1.6 kB (1597 bytes)
Hash
f1e098a5dd836ea5fc9726c429c8d71d
9b9371eb2d68b1e71063cf9f848baa07347511ca
bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-cd4"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 566d5112-7b3e-4a90-4e42-51eb2dd04904
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 1597
Date: Sat, 04 May 2024 14:25:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js

143.204.42.77

200 OK

808 kB

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
IP
143.204.42.77:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
808 kB (808088 bytes)
Hash
7a3c78d56b5a4af7adf826ea11db480d
208b4b898a117ecbc419bfd1eacf357ee220d95e
4d57d1414e66f144068891145f082f2dc05c4f72198a9a7ea2948deffd2f3f44

HTTP Headers

GET /cdn/ca/jquery-3.6.1.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://guacari.com.co/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Fri, 03 May 2024 17:39:44 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: fZ1tk8LycBI2ecMcDjauteXsNsS3PEl2FJehLhuPu2Cm2Y89ngyUNQ==
age: 74761
X-Firefox-Spdy: h2

ocsp.entrust.net/

23.38.202.187

1.6 kB

URL
ocsp.entrust.net/
IP
23.38.202.187:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
44b439ca015f0ada1e2d4be3d45107ff
4beae40896f983d56bb19034c3a1f9a819d07a4b
518fd38ac0564fe78468e8d0155664a97c0db4e5bd24c1f429b7a8c96bc50fa9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "518FD38AC0564FE78468E8D0155664A97C0DB4E5BD24C1F429B7A8C96BC50FA9"
Last-Modified: Sat, 04 May 2024 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1074
Expires: Sat, 04 May 2024 14:43:39 GMT
Date: Sat, 04 May 2024 14:25:45 GMT
Connection: keep-alive

dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

104.66.122.200

200 OK

1.7 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JSON text data
Size
1.7 kB (1663 bytes)
Hash
a5c83dd0c55b426a3c30b19e3a9995a0
59b982ba2cb9efd68339d546486096e553ea4b20
de125b3c6b2e6c0d7aafdca50a9d0324506829b4497bc099c167fc7d1c2fe806

HTTP Headers

GET /aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://guacari.com.co
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
ETag: "6556797d-129c"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: fda2f9ff-ddcc-4b49-703d-6e138a16069a
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Date: Sat, 04 May 2024 14:25:45 GMT
Content-Length: 1663
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: _abck=A908D63CC4E6FC85BB347E9B009B7C0C~-1~YAAQFloDF82BxymPAQAAQyX/QwuqIzmPig5gbx3P6zc7QAz7MMSf0+BjaORm/dPEbqlIUcZji/j6TMV+mNKTk7MGsy0f9xv8oYY3Wzclux/taLPD0FwJ57hRox5O4LwUMh7MFD9MHknmDvEO07FfYQeQoiA4cAfiO/+hE5N22peNmV7OlmRb/PZhKhO3BQZPGtYyZflec+/zaVK+K2KZhRzIbkzQ9dFOjoH4ZulSv1nU32o54WOdXeqPkcxWdi7VL3r4KS5kHEl2W3pxLVLdc2xyrUW34S/zUfBXnfPIXnqGQhIJtUDiXvgEOffgTzjXPsI59+yRCRzjv8grtBoe8v8nK/hxrxm+cpQ6YVVZU/rrnTEhDVQG3plKA6yQmPSFN1AOB5z6rhcsE4A=~-1~-1~-1; Domain=.scotiabank.com; Path=/; Expires=Sun, 04 May 2025 14:25:45 GMT; Max-Age=31536000; Secure
ak_bmsc=41819A6F33BD6F7015EEAB5FE5A3EB8C~000000000000000000000000000000~YAAQFloDF86BxymPAQAAQyX/QxeI26l1cFqLvsZgm9uFe8ubXLgj9CcbGpKI+9y1Cy3+XZH8prO/s8a8a5524J+JzEKDw/dXfIfpK1OXhp8KQlrs6/uc/7L2cooEN9xZBBIVVDgjbmmB2pwMB+a81DoBPGxevIokI8TCTiTxN2bTx5yT8/acdhX6ZnbH4cfFnQYEVejP3M9Kh4OKoHzzRis4ejH13hzvKvwemg7A2VxZTVozF40L6u5p/v5EA68vGuzVo/1aI4p5H12e+0zpHqKf5xUEafK0cXA9MZqeh5zY4wNPjDqc1zoxD8rZY00BbbPpR1h4kF0mw5M1udr1Ee/PtXyl2xTKzaCWpJbPZmK1wqBHYMxmI/RqGM7y77awV2fE; Domain=.scotiabank.com; Path=/; Expires=Sat, 04 May 2024 16:25:45 GMT; Max-Age=7200; HttpOnly
bm_sz=04F653597EAB8A334D91F78715E4DD0B~YAAQFloDF8+BxymPAQAAQyX/QxdnBHhwRcArKDvB4+T5cn7i+OA9xYNCRhWnxkOFx1wrasoym+l90K1IIScxKdpgzWkWMlzjAmMZS3KBqtG6dJaLU7vKFuTjHcRJxX/gAoulpg8Gp74Fwir9RoS7yWATwuywOaWGbfu5G/rbblCkwR9dgZ4DpTgWnjukBURRaIdaMVxWNNX0tTtHP14a7vdTOuhQW+qPxmHfG/5S703wtlXJ0da3AKz0MtvtoP4epjmG4nQ9tP6teFnGAo1iuwGIgMuqCJMCxDokul31YNloNidyTBZFnm+2qXN97z6zR2W3ijv4vS++SmToZzvF4+61wfScJKAJk8CGvpzUhIg=~3355714~3686705; Domain=.scotiabank.com; Path=/; Expires=Sat, 04 May 2024 18:25:45 GMT; Max-Age=14400

somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=85254749360895596790909631882256008275&ts=1714832745260

63.140.62.17

200 OK

48 B

URL GET HTTP/2
somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=85254749360895596790909631882256008275&ts=1714832745260
IP
63.140.62.17:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectsomniture.scotiabank.com
FingerprintF2:96:F0:FC:08:90:5F:AC:1D:FE:74:A6:47:5F:DC:1E:0E:61:D7:1E
ValidityMon, 21 Aug 2023 20:22:41 GMT - Sat, 21 Sep 2024 20:22:40 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
49460138e6ee1963179156ab7aca1334
c2eefa192e2bb76940131bbd218015caa8fee1b4
495e3c04b89825ccfe922a3021e042e1e067b6d8b4064a1fe71737270defa849

HTTP Headers

GET /id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=85254749360895596790909631882256008275&ts=1714832745260 HTTP/1.1
Host: somniture.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://guacari.com.co
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://guacari.com.co
access-control-allow-credentials: true
date: Sat, 04 May 2024 14:25:45 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C85254749360895596790909631882256008275; Path=/; Domain=scotiabank.com; Max-Age=63072000; Expires=Mon, 04 May 2026 14:25:25 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d9dfa21bc3fa6ec2882460b95172c141
26b7da8a968b2f7e1a04212f80e9e179dfe18425
d173c5f9ed616b97555a4214e1d61a9cf570b926a6bbbd6de3e098c2de9fb777

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 14:25:46 GMT
Last-Modified: Sat, 04 May 2024 14:05:27 GMT
Server: ECAcc (amb/6A94)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: TMcz_N_V1U5lHtSRMTxHAa7jesLfGEEDTFbfJJPHWDgIzWmT1y6FQA==
Age: 1219

dlslhpkfqfglo.cloudfront.net/cdn/cd/l

143.204.42.77

200 OK

88 B

URL POST HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/l
IP
143.204.42.77:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
88 B (88 bytes)
Hash
d0f59d88c0a76606b7f8980a61d84a8c
31d5e4f5b22e28b3a492a9640aa0a28a1fdc56e1
9e5423d494cfbe6ad533606c08d599d8ac0d5305f0d0698259c805199c155a73

HTTP Headers

POST /cdn/cd/l HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 963
Origin: https://guacari.com.co
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
content-length: 88
date: Sat, 04 May 2024 14:25:47 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://guacari.com.co
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: H7d3baedEMSJW9fnEpmiJt-L7praQfGVsVvqM82SnXfSE_EmtyMSqw==
X-Firefox-Spdy: h2

csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html

52.210.155.25

200 OK

20 kB

URL GET HTTP/2
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
IP
52.210.155.25:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.memcyco.com
FingerprintDC:2A:FA:45:92:DC:C8:0C:1D:66:96:34:6A:FC:E1:4F:09:ED:40:3E
ValiditySun, 25 Feb 2024 00:00:00 GMT - Tue, 25 Mar 2025 23:59:59 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 kB (20361 bytes)
Hash
91ae991605838268495f54ccc21fb6ce
e6b242cd7245434e4ca3d714b972e6508cbadbc5
3751927ca7b0268a4c2b20dafebde04f8e0c6c67e9a9531e4002a2c1eef5df9f

HTTP Headers

GET /cdn/cd/csframe.html HTTP/1.1
Host: csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://guacari.com.co/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 14:25:46 GMT
content-type: text/html; charset=UTF-8
set-cookie: AWSALB=RZ5nyar6bPmmNKmIWL03SKAEbRQIMspi6hX4LrTJG0z8QByX08h8xUIWJZR5tB3g78tHfo2Hlhlu5dW8MFTjl72XgAaHVZYm/opk/km9LAttIYBdKVMK1H2nPL4f; Expires=Sat, 11 May 2024 14:25:46 GMT; Path=/
AWSALBCORS=RZ5nyar6bPmmNKmIWL03SKAEbRQIMspi6hX4LrTJG0z8QByX08h8xUIWJZR5tB3g78tHfo2Hlhlu5dW8MFTjl72XgAaHVZYm/opk/km9LAttIYBdKVMK1H2nPL4f; Expires=Sat, 11 May 2024 14:25:46 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.3
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
content-encoding: gzip
X-Firefox-Spdy: h2

assets/images/%20.jpg

0.0.0.0

0 B

URL GET
assets/images/%20.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/%20.jpg HTTP/1.1
Host: assets
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf

143.204.42.77

200 OK

7.9 kB

URL POST HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf
IP
143.204.42.77:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7872), with no line terminators
Size
7.9 kB (7872 bytes)
Hash
fd42fc7f14ad7296642ad7ca7497ca8b
e27aba0ced7649e440af1bbe4bd7ce2e62cf5751
40df8bb20e1b4e4945315bbf02795d6463a4dc8753b2f1e0f750d9e70533ee23

HTTP Headers

POST /cdn/cd/gwf HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 913
Origin: https://guacari.com.co
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
date: Sat, 04 May 2024 14:25:46 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://guacari.com.co
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kgq_WpEQZCa3N9d5kgofDRWrCW9EU3rMpV5Kra9PiWuEsZjQ3aXpMg==
X-Firefox-Spdy: h2

guacari.com.co/sc/NOVASCOT/63a3c/

162.241.60.19

200 OK

102 kB

URL User Request GET HTTP/2
guacari.com.co/sc/NOVASCOT/63a3c/
IP
162.241.60.19:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerLet's Encrypt
Subjectguacari.com.co
Fingerprint35:C0:E1:01:4B:BC:93:2C:1B:B6:66:87:7F:9E:6D:92:DD:63:88:8B
ValidityMon, 04 Mar 2024 16:19:47 GMT - Sun, 02 Jun 2024 16:19:46 GMT

File type

Size
102 kB (101816 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /sc/NOVASCOT/63a3c/ HTTP/1.1
Host: guacari.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sat, 04 May 2024 13:55:52 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
date: Sat, 04 May 2024 14:25:44 GMT
server: Apache
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

143.204.42.77

200 OK

5.1 kB

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
IP
143.204.42.77:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5813), with no line terminators
Size
5.1 kB (5145 bytes)
Hash
def0fdfb38fb2897aca04aff080f055a
0eb9d645aa872829da00a9941f279289e34ec39d
2696bfd4fef5072d4dfbfa735d123e69470e1116cea8f739b155df4e7a8750d2

HTTP Headers

GET /cdn/ca/mutha-scotia-wrapper.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://guacari.com.co/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Fri, 03 May 2024 17:39:44 GMT
server: nginx/1.18.0 (Ubuntu)
set-cookie: aphishCookie-1714757984020-SCOTIA=0; Max-Age=60; Expires=Fri, 03 May 2024 17:40:44 GMT; SameSite=None; Path=/; Secure
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: faCE7XfO1n_NkoenDI0uMSHd7-MaUWzlnJvUuda4FCOyfajI9pOzXg==
age: 74760
X-Firefox-Spdy: h2

dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js

104.66.122.200

200 OK

21 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (21066)
Size
21 kB (21067 bytes)
Hash
cf426cd1788c8356ee58c7abf14c38be
609b5a8f0b4c7b5d3d955152a76db699d0eb5382
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

HTTP Headers

GET /aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "6556797d-524b"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e8ed5c2b-47b3-46ef-7fd0-80e5a726ad83
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 6793
Date: Sat, 04 May 2024 14:25:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80

143.204.42.77

200 OK

767 B

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80
IP
143.204.42.77:443
ASN
#16509 AMAZON-02

Requested by
https://guacari.com.co/sc/NOVASCOT/63a3c/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (775), with no line terminators
Size
767 B (767 bytes)
Hash
52300238c7aa600c8f27d6c23f8f3f6f
ce6b1815177d77af4d326b993531e07a66de478e
d3373a03cdc388b5c74279490bd3eb5c1020575bb7aa59bb4e310580d58d5c40

HTTP Headers

GET /cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80 HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://guacari.com.co
DNT: 1
Connection: keep-alive
Referer: https://guacari.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json
date: Fri, 03 May 2024 17:39:45 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://guacari.com.co
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yFZZFE1rqPZNypqRhX-_UTqtzsxzzPnRUuIPZ_tb06QWPZ3nNfjV0g==
age: 74760
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL