| dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js | 104.66.122.200 | 200 OK | 68 kB |
URL GET HTTP/1.1dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js IP104.66.122.200:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectapps.scotiabank.com Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88 ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32757) Hashe5954bafa35e730bc024902bc607bd1f c9e02b8d41693266321ccf5df2f195600a700487 432bdcaeac556841bbcae2c2573562ecdd13161fe8fc121fa4e5dc18ec37e707
GET /launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438e0-3f579"
Last-Modified: Mon, 08 Apr 2024 18:35:12 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 773864d7-2485-4256-5a57-f15ba41a0207
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 67765
Date: Thu, 02 May 2024 03:58:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
|
|
| dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js | 104.66.122.200 | 200 OK | 13 kB |
URL GET HTTP/1.1dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js IP104.66.122.200:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectapps.scotiabank.com Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88 ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT
File typeJavaScript source, ASCII text, with very long lines (32730) Hash208eb534ea01036a4fca64e6715ccf3f 90c85649634ff5a627023668b2e10fa01cf30315 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf
GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-8996"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e61856c7-d650-42dc-532c-9003683bddfd
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 12687
Date: Thu, 02 May 2024 03:58:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
|
|
| forestofirmino.com.br.oliveiramidias.com/runtime.28b2f6d6a26212c51af2.js | 192.185.210.203 | 200 OK | 2.4 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/runtime.28b2f6d6a26212c51af2.js IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashb4154664d86eb78e9f8b747d71c7bd73 c2f49bf94fdecd156cab874fb6b895a80a0c64c8 b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /runtime.28b2f6d6a26212c51af2.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/resource-loader.js | 192.185.210.203 | 200 OK | 2.4 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/resource-loader.js IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashb4154664d86eb78e9f8b747d71c7bd73 c2f49bf94fdecd156cab874fb6b895a80a0c64c8 b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /resource-loader.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/styles.ef875488df3637535e09.css | 192.185.210.203 | 200 OK | 2.4 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/styles.ef875488df3637535e09.css IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashb4154664d86eb78e9f8b747d71c7bd73 c2f49bf94fdecd156cab874fb6b895a80a0c64c8 b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /styles.ef875488df3637535e09.css HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB | 192.185.210.203 | 200 OK | 2.4 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashb4154664d86eb78e9f8b747d71c7bd73 c2f49bf94fdecd156cab874fb6b895a80a0c64c8 b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/main.cafb241d85447b367d0c.chunk.js | 192.185.210.203 | 200 OK | 2.4 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/main.cafb241d85447b367d0c.chunk.js IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with CRLF, LF line terminators Hashb4154664d86eb78e9f8b747d71c7bd73 c2f49bf94fdecd156cab874fb6b895a80a0c64c8 b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /main.cafb241d85447b367d0c.chunk.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js | 104.66.122.200 | 200 OK | 1.6 kB |
URL GET HTTP/1.1dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js IP104.66.122.200:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectapps.scotiabank.com Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88 ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT
File typeJavaScript source, ASCII text, with very long lines (3138) Hashf1e098a5dd836ea5fc9726c429c8d71d 9b9371eb2d68b1e71063cf9f848baa07347511ca bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8
GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-cd4"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 566d5112-7b3e-4a90-4e42-51eb2dd04904
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 1597
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
|
|
| dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js | 104.66.122.200 | 200 OK | 6.8 kB |
URL GET HTTP/1.1dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js IP104.66.122.200:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectapps.scotiabank.com Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88 ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT
File typeJavaScript source, ASCII text, with very long lines (21066) Hashcf426cd1788c8356ee58c7abf14c38be 609b5a8f0b4c7b5d3d955152a76db699d0eb5382 6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
GET /aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "6556797d-524b"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e8ed5c2b-47b3-46ef-7fd0-80e5a726ad83
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 6793
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
|
|
| ocsp.entrust.net/ | 23.38.202.187 | | 1.6 kB |
IP23.38.202.187:0
Hash468b75e516c8017796ba595adce163ce 75f99f367359dc88494caf8f43653449706a74e2 1bb4ab7c210e8c2dc1470d8867df70dbc117949129cfb07bafc803aa63ccc643
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1BB4AB7C210E8C2DC1470D8867DF70DBC117949129CFB07BAFC803AA63CCC643"
Last-Modified: Wed, 01 May 2024 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3247
Expires: Thu, 02 May 2024 04:52:18 GMT
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive
|
|
| somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008 | 63.140.62.222 | 200 OK | 48 B |
URL GET HTTP/2somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008 IP63.140.62.222:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectsomniture.scotiabank.com FingerprintF2:96:F0:FC:08:90:5F:AC:1D:FE:74:A6:47:5F:DC:1E:0E:61:D7:1E ValidityMon, 21 Aug 2023 20:22:41 GMT - Sat, 21 Sep 2024 20:22:40 GMT
Hash5fc00b3dbfb08ed1bc49fea85245dded 84c7d7b9a09ea1c69a579ab5a38d25d7320ac485 6bfd6906f7aaa75fca538757c60f31537964b2cd20d11ab862065c33cb6092ca
GET /id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008 HTTP/1.1
Host: somniture.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
date: Thu, 02 May 2024 03:58:11 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C70019215549212350378212627684248976524; Path=/; Domain=scotiabank.com; Max-Age=63072000; Expires=Sat, 02 May 2026 03:58:58 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json | 104.66.122.200 | 200 OK | 1.7 kB |
URL GET HTTP/1.1dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json IP104.66.122.200:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerEntrust, Inc. Subjectapps.scotiabank.com Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88 ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT
Hasha5c83dd0c55b426a3c30b19e3a9995a0 59b982ba2cb9efd68339d546486096e553ea4b20 de125b3c6b2e6c0d7aafdca50a9d0324506829b4497bc099c167fc7d1c2fe806
GET /aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
ETag: "6556797d-129c"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 5ac7ac41-a648-4a57-727a-36649ed0c07b
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Date: Thu, 02 May 2024 03:58:11 GMT
Content-Length: 1663
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: _abck=6CAD48CEF5FAA18BBA6D3622788515C5~-1~YAAQFloDF738pymPAQAAT91zNwug7USHqDRkGWn61Ik+ElolN8/UXubILFw0XwMk5wk31jgQWcNvH8y0SvxrS8scL0mpzkVPFfIicoPvdBsgQFQrmaxirVwbDuPNc1ceqbBs1EJywP6fZW+QYOeAYxZd81nPzwxUDBDZvew28qofBo0/Vi+nrL38qlAuAxWI7T3RMMHzmCHAjk6ym6x1m0VBAfl248FrPlS5az0gF/wi6WHtZOBRCaOU4YtR6v7JPFxvjZubw4NKEd6N3a82GE4UPceg5BIWowDqSA/r5gmcAixCKXoB/9hj7gAlxS/qQPGKo19GkBlMXT3NeAgyocUhSzLNHsvZJVx0pcWZlsdotkQKpdra26/1YhsgpB55jwAUFRM0C8qnFWQ=~-1~-1~-1; Domain=.scotiabank.com; Path=/; Expires=Fri, 02 May 2025 03:58:11 GMT; Max-Age=31536000; Secure
ak_bmsc=AE8846AD846F12E522F94B5953865DF0~000000000000000000000000000000~YAAQFloDF778pymPAQAAT91zNxeyWTXUcKkSnbFWkKRp/ah0V5wgX+/v6ubpRN1L9arcPflSvBF1PbYyj+pkW8uKBYlpkRsDS81o1H+jnrSMViZxQT9Wikqul29qQnmZSh1mNZYeO02a9Wh+O/bhjVx9+V0nT4ayetsR+2mvyz/NHJevMqF/SbjiZH2WnDUH+EM3dg1vWNIr1Nuc3pntomaRaWW++kYfHlWQDPGRTfuSCIob9fDtTymR66ajUZ30iOL8Kd/wcqL+h7IqI2V8rc5Tl0CkYxrEeE8kL4G/FE/DaLrcxwEm0cP8QCTKs9vmkyupsLqN6ykELf07Eet1pPen1jSWBsXSssZi7rPX12tyCuwDS9vRDg65Md2oX6GNOxCF; Domain=.scotiabank.com; Path=/; Expires=Thu, 02 May 2024 05:58:11 GMT; Max-Age=7200; HttpOnly
bm_sz=48D14CA44C949CBE1C493272A918C68D~YAAQFloDF7/8pymPAQAAT91zNxe2W7ykBnvpCJfGQJmUhk1nfOMsUQj2y5O9KZxM8KbkYXXj4eCwq6TffOabVvrFQ6zF4qn5X5UXJqhQ1xOPZyd3RmbIKTTnppST1+eoo/xiY1W9PDPonpxahRl7X9Zi9ctstTzkZpmzBQZ+NRaBJtxBN51JrIQKDBxA7GJwG5H8WAm3H9NdzgeNA3b/Q/Gg7YOHiaOh+xX+X4R9r9vsFSLj41/9lRhThfGBo7r3AULQXQ3GreGRlI+Zqfv03oMleHfxXs/3P/UZNYcsZ7/QHXgo7Po3OGAf05N87DXKV/Rtu27O7Wpp8rKP/G78LyNKMPRxqLDOvPkh5y/7yLg=~3621682~4272708; Domain=.scotiabank.com; Path=/; Expires=Thu, 02 May 2024 07:58:11 GMT; Max-Age=14400
|
|
| forestofirmino.com.br.oliveiramidias.com/assets/50805f331bb1b697aafb6f0c28b09212.woff2 | 192.185.210.203 | 200 OK | 7.9 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/assets/50805f331bb1b697aafb6f0c28b09212.woff2 IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
Hashaae504e08adb0856e940067315a6c995 1aa93ece1255ef29febd76cf3825503b1465a32b be8feab4b1471f918febae33a2781f0a649fb95ec5d96d74d1d57cfff9e7285e
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /assets/50805f331bb1b697aafb6f0c28b09212.woff2 HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CvVersion%7C5.5.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ | 192.185.210.203 | 200 OK | 32 kB |
URL User Request GET HTTP/2forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typegzip compressed data, from Unix Hashcb7674288c30e47a334240c2a64efc3e 933663e8aedcd8e070012a854e1a715c9b1552e5 6f9810b7725f8fca607aecf28b4aa4cd1e3852e24db7505d1b3935e76f1e3fee
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank | OpenPhish | phishing | Scotiabank |
GET /s/NOVASCOT/8b787/ HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Wed, 01 May 2024 21:28:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| ocsp.r2m03.amazontrust.com/ | 143.204.53.97 | | 471 B |
URL ocsp.r2m03.amazontrust.com/ IP143.204.53.97:0
Hash7902208fd374daa2c26b8961029847e7 57113462435952b24b7d151f11d7a3dc91b03202 ee544cb145e6b65e08279244da92dd384b54449b3fbc6edef3ec21159538685c
POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 03:58:11 GMT
Last-Modified: Thu, 02 May 2024 03:09:17 GMT
Server: ECAcc (amb/6B61)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: F6TpYkOFooyRvQScrHnk9GCUSLKhT9weN15IEA4xaPnEbTdFDmAXOw==
Age: 2934
|
|
| forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff | 192.185.210.203 | 200 OK | 17 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
Hash8c5fd8340c0c11315656927c9ccbb009 77f4a088e0363c267d0c906e7839133706b4276a 5b9dc470d5d9a77dee7a1fce6deb847470955d9d56f8b219e46adea0eb158703
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CMCAID%7CNONE%7CMCOPTOUT-1714629491s%7CNONE%7CvVersion%7C5.5.0; AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff | 192.185.210.203 | 200 OK | 10 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
Hashb73e7ac4075c79768ac02618d2ab0d8d a8955301305c292bed17a6444c21ce1c5afaa7e1 9ac0abccaca0c158b700f436c188d7bc0f635e0073f40a868f422225369ab4c9
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html | 54.155.128.249 | 200 OK | 2.6 kB |
URL GET HTTP/2csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html IP54.155.128.249:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.memcyco.com FingerprintDC:2A:FA:45:92:DC:C8:0C:1D:66:96:34:6A:FC:E1:4F:09:ED:40:3E ValiditySun, 25 Feb 2024 00:00:00 GMT - Tue, 25 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (2876), with no line terminators Hash0d5c8d9c1cf625be880f87d6f071d845 4890153d870cd9694b8068932509376013fff605 46f092fc499a2cb8358e39972167fa44134a99a9d38ea1fe9fabc10711216c9c
GET /cdn/cd/csframe.html HTTP/1.1
Host: csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 02 May 2024 03:58:11 GMT
content-type: text/html; charset=UTF-8
set-cookie: AWSALB=ZARJTTiK7oPghOrKIHtl4JcF4DfxgfLXY1w5+Ict6y3NGM8qZFyh3njvsHrEincqHaof/30J1iWBOs9qn7mH9uxZHh2K5izvnD+/uS85lzOwqfqt0bo+JBI4jYl5; Expires=Thu, 09 May 2024 03:58:11 GMT; Path=/
AWSALBCORS=ZARJTTiK7oPghOrKIHtl4JcF4DfxgfLXY1w5+Ict6y3NGM8qZFyh3njvsHrEincqHaof/30J1iWBOs9qn7mH9uxZHh2K5izvnD+/uS85lzOwqfqt0bo+JBI4jYl5; Expires=Thu, 09 May 2024 03:58:11 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.3
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| assets/images/%20.jpg | 0.0.0.0 | | 0 B |
IP0.0.0.0:0
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/%20.jpg HTTP/1.1
Host: assets
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| forestofirmino.com.br.oliveiramidias.com/favicon.ico | 192.185.210.203 | 200 OK | 5.5 kB |
URL GET HTTP/2forestofirmino.com.br.oliveiramidias.com/favicon.ico IP192.185.210.203:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerLet's Encrypt Subjectforestofirmino.com.br FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23 ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT
File typeHTML document, ASCII text, with very long lines (5908), with no line terminators Hashe94b04f8d8b96303868b41a6686173e3 fb4dc77f9737482cb05838076ff050258e06933a c3d4189ba35f2312bc0a4347a64906a75cab430bd12c45227caab74660f63df0
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Scotiabank |
GET /favicon.ico HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CMCAID%7CNONE%7CMCOPTOUT-1714629491s%7CNONE%7CvVersion%7C5.5.0; AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80 | 143.204.42.72 | 200 OK | 767 B |
URL GET HTTP/2dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80 IP143.204.42.72:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (775), with no line terminators Hash52300238c7aa600c8f27d6c23f8f3f6f ce6b1815177d77af4d326b993531e07a66de478e d3373a03cdc388b5c74279490bd3eb5c1020575bb7aa59bb4e310580d58d5c40
GET /cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80 HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
date: Wed, 01 May 2024 18:32:58 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: juYa2kWs3VdBN9nzjjlnJPgQ0GeeAmSoJj7WhdfzJLR1VOkMYTu7_g==
age: 33913
X-Firefox-Spdy: h2
|
|
| dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js | 143.204.42.72 | 200 OK | 5.1 kB |
URL GET HTTP/2dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js IP143.204.42.72:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (5813), with no line terminators Hashdef0fdfb38fb2897aca04aff080f055a 0eb9d645aa872829da00a9941f279289e34ec39d 2696bfd4fef5072d4dfbfa735d123e69470e1116cea8f739b155df4e7a8750d2
GET /cdn/ca/mutha-scotia-wrapper.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 01 May 2024 18:32:56 GMT
server: nginx/1.18.0 (Ubuntu)
set-cookie: aphishCookie-1714588376933-SCOTIA=0; Max-Age=60; Expires=Wed, 01 May 2024 18:33:56 GMT; SameSite=None; Path=/; Secure
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V6lJJO5SESmo9o_zo8ZKRiWukUswzNKDh31y9leqsmEIaicFhJHXWg==
age: 33914
X-Firefox-Spdy: h2
|
|
| dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js | 143.204.42.72 | 200 OK | 2.4 MB |
URL GET HTTP/2dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js IP143.204.42.72:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
Size2.4 MB (2448888 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn/ca/jquery-3.6.1.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 01 May 2024 18:32:57 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: McXXzlaBPXqD5FV7fpJmyjN82wL5ycTCxQ4XWgO0oQENmTZkOPgUVg==
age: 33914
X-Firefox-Spdy: h2
|
|
| dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf | 143.204.42.72 | 200 OK | 7.9 kB |
URL POST HTTP/2dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf IP143.204.42.72:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeASCII text, with very long lines (7872), with no line terminators Hash029e4b681d2e9d564ad998979ac2aeed f0d97b26add5a73012c11c35927d9e1e16018650 ead7a6360eeff86aa8e2bb37d9fe24ae0008199aed385ac68cdf5b5e94da280e
POST /cdn/cd/gwf HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 989
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
date: Thu, 02 May 2024 03:58:12 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uPOS4RFORjlvQA_dOcMYmjabpV8fxQxexrVamDEXGAxXdG_Q6oJ9bQ==
X-Firefox-Spdy: h2
|
|
| dlslhpkfqfglo.cloudfront.net/cdn/cd/l | 143.204.42.72 | 200 OK | 88 B |
URL POST HTTP/2dlslhpkfqfglo.cloudfront.net/cdn/cd/l IP143.204.42.72:443
Requested byhttps://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ CertificateIssuerAmazon Subject*.cloudfront.net FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52 ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hashcf041a9f74dba4e718adf19515dfac7d e2b43054b03e6953364ac8c13b6ad3e3e62e4692 2251ad298b3375e435842a1570579fdb0997f71d3235c5cb010d67f5cc7fd1ea
POST /cdn/cd/l HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 997
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
content-length: 88
date: Thu, 02 May 2024 03:58:12 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zA5lzcg9MQQ5Q86JamfZLVR01oUfM25bIzpo1sTdRLsQmfXxxteY_Q==
X-Firefox-Spdy: h2
|
|