Report - forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/

Report Overview

Submitted URL
forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
IP
192.185.210.203
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-05-02 03:58:36
Access
public
Website Title
Sign in | Scotiabank
Final URL
forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Tags
scotiabank financial phishing
urlquery detections
Phishing - Scotiabank

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
somniture.scotiabank.com	112065	1996-04-09	2012-11-14	2023-12-01	666 B	745 B	63.140.62.222
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-01	338 B	942 B	143.204.53.97
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	unknown	2021-08-01	2023-09-13	2024-01-15	582 B	3.3 kB	54.155.128.249
assets	597867	unknown	2015-06-13	2020-07-15	443 B	0 B	0.0.0.0
dlslhpkfqfglo.cloudfront.net	unknown	2008-04-25	2023-08-30	2024-04-09	2.6 kB	2.5 MB	143.204.42.72
dmtags.scotiabank.com	238686	1996-04-09	2019-04-29	2023-12-01	2.7 kB	96 kB	104.66.122.200
forestofirmino.com.br.oliveiramidias.com	unknown	unknown	No data	No data	5.9 kB	87 kB	192.185.210.203
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2024-05-01	328 B	2.0 kB	23.38.202.187

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-01	medium	forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/	Scotiabank

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	assets	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/	169 B	2024-05-01	2024-05-09
Pretty URL forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ IP 192.185.210.203 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen176 Hash c6688024f007698831b2e4744a7ab707 f278b1dea5459c97e08465f66d1f8406716a75be 16b62b7805d97f47aed8b3c4f8bb3c8234bed8bfbbb7e88481035630a52cfa45 Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js	35 kB	2023-09-20	2024-05-16
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 09:29:32 Last Seen2024-05-16 21:05:58 Times Seen1540 Hash 208eb534ea01036a4fca64e6715ccf3f 90c85649634ff5a627023668b2e10fa01cf30315 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf Loading...

	forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/	8.0 kB	2024-05-01	2024-05-09
Pretty URL forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ IP 192.185.210.203 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen176 Hash 4b04be71901ffe5eeadf24da47a35b15 b2b4d4068246bd8d384807a57d2bd5a54eb85ef0 9eaaa8ff1906895e150fc5fbe39933a1b07b45602e242300cbbaccbdd052436f Loading...

	dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js	21 kB	2023-10-31	2024-05-09
Pretty URL dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-31 04:12:59 Last Seen2024-05-09 08:50:56 Times Seen6808 Hash cf426cd1788c8356ee58c7abf14c38be 609b5a8f0b4c7b5d3d955152a76db699d0eb5382 6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16 Loading...

	dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js	2.4 MB	2024-05-01	2024-05-09
Pretty URL dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js IP 143.204.42.72 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen171 Hash bc2e301ef03e451c268cc3fb283d0113 85fc788f55abd4ce09ae2f15969ec74a67027209 e24b45cf0914dc90c1a41f163118d8baf221ae51ca9c855d7da6071f15661ed6 Loading...

	forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/	114 B	2024-05-01	2024-05-09
Pretty URL forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ IP 192.185.210.203 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen163 Hash fd115c7b909727a3bc64ffcdcc4e1465 6846c005ef292456943403516b0b170672bd81fb 5fec99d156d4af2c4a5fb238b23cb3abe3e0f9fd8cdfffc2f0855b2604a7724d Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js	259 kB	2024-05-01	2024-05-09
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen352 Hash e5954bafa35e730bc024902bc607bd1f c9e02b8d41693266321ccf5df2f195600a700487 432bdcaeac556841bbcae2c2573562ecdd13161fe8fc121fa4e5dc18ec37e707 Loading...

	unknown	3.2 kB	2024-05-01	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:16 Last Seen2024-05-09 08:50:56 Times Seen176 Hash 85d571a1d0b6748e09ced05d6bf9b146 89347e5a4fec83823f9dc2f0c6d7ea3772b05654 37c7d9a153646791579f135946bda00f7a8c0d38bc537bbcc2244d2fa613b10e Loading...

	forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/	25 kB	2024-05-01	2024-05-09
Pretty URL forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/ IP 192.185.210.203 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen163 Hash 32915e03f94b3dde36966fa16f09ebb4 e187cdb275e429d696c5a794497db069a8e48426 dac0f6c4f22c620c1a1cf58dcdbcf64e78c57299da355be6aeccb8aaaf6b8977 Loading...

	dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js	5.1 kB	2024-05-01	2024-05-09
Pretty URL dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js IP 143.204.42.72 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 03:41:17 Last Seen2024-05-09 08:50:56 Times Seen167 Hash 557b54e8deceb5ce8edbf8676c5a3cf0 4ca2d0e27c87536c561f4b50ac92c8f181450a24 416d9db2d794e184d13131d8fb84940dc4727c158281734eae4120a8637e96d0 Loading...

	dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js	3.3 kB	2023-09-20	2024-05-16
Pretty URL dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js IP 104.66.122.200 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-20 09:29:32 Last Seen2024-05-16 21:05:58 Times Seen1303 Hash f1e098a5dd836ea5fc9726c429c8d71d 9b9371eb2d68b1e71063cf9f848baa07347511ca bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8 Loading...

HTTP Transactions (25)

URL IP Response Size

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

104.66.122.200

200 OK

68 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32757)
Size
68 kB (67765 bytes)
Hash
e5954bafa35e730bc024902bc607bd1f
c9e02b8d41693266321ccf5df2f195600a700487
432bdcaeac556841bbcae2c2573562ecdd13161fe8fc121fa4e5dc18ec37e707

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438e0-3f579"
Last-Modified: Mon, 08 Apr 2024 18:35:12 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 773864d7-2485-4256-5a57-f15ba41a0207
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 67765
Date: Thu, 02 May 2024 03:58:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js

104.66.122.200

200 OK

13 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32730)
Size
13 kB (12687 bytes)
Hash
208eb534ea01036a4fca64e6715ccf3f
90c85649634ff5a627023668b2e10fa01cf30315
6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-8996"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e61856c7-d650-42dc-532c-9003683bddfd
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 12687
Date: Thu, 02 May 2024 03:58:10 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

forestofirmino.com.br.oliveiramidias.com/runtime.28b2f6d6a26212c51af2.js

192.185.210.203

200 OK

2.4 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/runtime.28b2f6d6a26212c51af2.js
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2392 bytes)
Hash
b4154664d86eb78e9f8b747d71c7bd73
c2f49bf94fdecd156cab874fb6b895a80a0c64c8
b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /runtime.28b2f6d6a26212c51af2.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/resource-loader.js

192.185.210.203

200 OK

2.4 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/resource-loader.js
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2392 bytes)
Hash
b4154664d86eb78e9f8b747d71c7bd73
c2f49bf94fdecd156cab874fb6b895a80a0c64c8
b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /resource-loader.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/styles.ef875488df3637535e09.css

192.185.210.203

200 OK

2.4 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/styles.ef875488df3637535e09.css
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2392 bytes)
Hash
b4154664d86eb78e9f8b747d71c7bd73
c2f49bf94fdecd156cab874fb6b895a80a0c64c8
b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /styles.ef875488df3637535e09.css HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB

192.185.210.203

200 OK

2.4 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2392 bytes)
Hash
b4154664d86eb78e9f8b747d71c7bd73
c2f49bf94fdecd156cab874fb6b895a80a0c64c8
b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /jeHWnQ/AxRc8Z/Z7Oz/mjbZgY/uk/N15VDLbauruEN7/BS8eYThxBg/Tkk/aJwh5KWcB HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/main.cafb241d85447b367d0c.chunk.js

192.185.210.203

200 OK

2.4 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/main.cafb241d85447b367d0c.chunk.js
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
2.4 kB (2392 bytes)
Hash
b4154664d86eb78e9f8b747d71c7bd73
c2f49bf94fdecd156cab874fb6b895a80a0c64c8
b40c50626511fa2e66eec63b8559ce07c50b2fb586b6428f8a369ac57c173301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /main.cafb241d85447b367d0c.chunk.js HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js

104.66.122.200

200 OK

1.6 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (3138)
Size
1.6 kB (1597 bytes)
Hash
f1e098a5dd836ea5fc9726c429c8d71d
9b9371eb2d68b1e71063cf9f848baa07347511ca
bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8

HTTP Headers

GET /launch/novaweb/27c34d6e7144/094054a424e3/e9f01630ebd7/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "661438ab-cd4"
Last-Modified: Mon, 08 Apr 2024 18:34:19 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 566d5112-7b3e-4a90-4e42-51eb2dd04904
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 1597
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js

104.66.122.200

200 OK

6.8 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JavaScript source, ASCII text, with very long lines (21066)
Size
6.8 kB (6793 bytes)
Hash
cf426cd1788c8356ee58c7abf14c38be
609b5a8f0b4c7b5d3d955152a76db699d0eb5382
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

HTTP Headers

GET /aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "6556797d-524b"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: e8ed5c2b-47b3-46ef-7fd0-80e5a726ad83
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 6793
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

ocsp.entrust.net/

23.38.202.187

1.6 kB

URL
ocsp.entrust.net/
IP
23.38.202.187:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
468b75e516c8017796ba595adce163ce
75f99f367359dc88494caf8f43653449706a74e2
1bb4ab7c210e8c2dc1470d8867df70dbc117949129cfb07bafc803aa63ccc643

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1BB4AB7C210E8C2DC1470D8867DF70DBC117949129CFB07BAFC803AA63CCC643"
Last-Modified: Wed, 01 May 2024 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3247
Expires: Thu, 02 May 2024 04:52:18 GMT
Date: Thu, 02 May 2024 03:58:11 GMT
Connection: keep-alive

somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008

63.140.62.222

200 OK

48 B

URL GET HTTP/2
somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008
IP
63.140.62.222:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectsomniture.scotiabank.com
FingerprintF2:96:F0:FC:08:90:5F:AC:1D:FE:74:A6:47:5F:DC:1E:0E:61:D7:1E
ValidityMon, 21 Aug 2023 20:22:41 GMT - Sat, 21 Sep 2024 20:22:40 GMT

File type
JSON text data
Size
48 B (48 bytes)
Hash
5fc00b3dbfb08ed1bc49fea85245dded
84c7d7b9a09ea1c69a579ab5a38d25d7320ac485
6bfd6906f7aaa75fca538757c60f31537964b2cd20d11ab862065c33cb6092ca

HTTP Headers

GET /id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=70019215549212350378212627684248976524&ts=1714622291008 HTTP/1.1
Host: somniture.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
date: Thu, 02 May 2024 03:58:11 GMT
p3p: CP="This is not a P3P policy"
server: jag
set-cookie: s_ecid=MCMID%7C70019215549212350378212627684248976524; Path=/; Domain=scotiabank.com; Max-Age=63072000; Expires=Sat, 02 May 2026 03:58:58 GMT; SameSite=Lax;
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 48
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

104.66.122.200

200 OK

1.7 kB

URL GET HTTP/1.1
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
IP
104.66.122.200:443
ASN
#16625 AKAMAI-AS

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerEntrust, Inc.
Subjectapps.scotiabank.com
Fingerprint0D:54:C6:33:4D:69:83:6F:15:A0:C6:B0:AC:82:4E:7C:14:D1:D8:88
ValidityTue, 21 Nov 2023 14:23:22 GMT - Sat, 21 Dec 2024 14:23:21 GMT

File type
JSON text data
Size
1.7 kB (1663 bytes)
Hash
a5c83dd0c55b426a3c30b19e3a9995a0
59b982ba2cb9efd68339d546486096e553ea4b20
de125b3c6b2e6c0d7aafdca50a9d0324506829b4497bc099c167fc7d1c2fe806

HTTP Headers

GET /aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json HTTP/1.1
Host: dmtags.scotiabank.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
ETag: "6556797d-129c"
Last-Modified: Thu, 16 Nov 2023 20:20:13 GMT
Server: nginx/1.23.3
X-Vcap-Request-Id: 5ac7ac41-a648-4a57-727a-36649ed0c07b
X-Xss-Protection: 1; mode=block
Content-Encoding: gzip
Date: Thu, 02 May 2024 03:58:11 GMT
Content-Length: 1663
Connection: keep-alive
Access-Control-Allow-Origin: https://scotiabank.com
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
X-Frame-Options: SAMEORIGIN
Cache-Control: private
Vary: Accept-Encoding, origin
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Set-Cookie: _abck=6CAD48CEF5FAA18BBA6D3622788515C5~-1~YAAQFloDF738pymPAQAAT91zNwug7USHqDRkGWn61Ik+ElolN8/UXubILFw0XwMk5wk31jgQWcNvH8y0SvxrS8scL0mpzkVPFfIicoPvdBsgQFQrmaxirVwbDuPNc1ceqbBs1EJywP6fZW+QYOeAYxZd81nPzwxUDBDZvew28qofBo0/Vi+nrL38qlAuAxWI7T3RMMHzmCHAjk6ym6x1m0VBAfl248FrPlS5az0gF/wi6WHtZOBRCaOU4YtR6v7JPFxvjZubw4NKEd6N3a82GE4UPceg5BIWowDqSA/r5gmcAixCKXoB/9hj7gAlxS/qQPGKo19GkBlMXT3NeAgyocUhSzLNHsvZJVx0pcWZlsdotkQKpdra26/1YhsgpB55jwAUFRM0C8qnFWQ=~-1~-1~-1; Domain=.scotiabank.com; Path=/; Expires=Fri, 02 May 2025 03:58:11 GMT; Max-Age=31536000; Secure
ak_bmsc=AE8846AD846F12E522F94B5953865DF0~000000000000000000000000000000~YAAQFloDF778pymPAQAAT91zNxeyWTXUcKkSnbFWkKRp/ah0V5wgX+/v6ubpRN1L9arcPflSvBF1PbYyj+pkW8uKBYlpkRsDS81o1H+jnrSMViZxQT9Wikqul29qQnmZSh1mNZYeO02a9Wh+O/bhjVx9+V0nT4ayetsR+2mvyz/NHJevMqF/SbjiZH2WnDUH+EM3dg1vWNIr1Nuc3pntomaRaWW++kYfHlWQDPGRTfuSCIob9fDtTymR66ajUZ30iOL8Kd/wcqL+h7IqI2V8rc5Tl0CkYxrEeE8kL4G/FE/DaLrcxwEm0cP8QCTKs9vmkyupsLqN6ykELf07Eet1pPen1jSWBsXSssZi7rPX12tyCuwDS9vRDg65Md2oX6GNOxCF; Domain=.scotiabank.com; Path=/; Expires=Thu, 02 May 2024 05:58:11 GMT; Max-Age=7200; HttpOnly
bm_sz=48D14CA44C949CBE1C493272A918C68D~YAAQFloDF7/8pymPAQAAT91zNxe2W7ykBnvpCJfGQJmUhk1nfOMsUQj2y5O9KZxM8KbkYXXj4eCwq6TffOabVvrFQ6zF4qn5X5UXJqhQ1xOPZyd3RmbIKTTnppST1+eoo/xiY1W9PDPonpxahRl7X9Zi9ctstTzkZpmzBQZ+NRaBJtxBN51JrIQKDBxA7GJwG5H8WAm3H9NdzgeNA3b/Q/Gg7YOHiaOh+xX+X4R9r9vsFSLj41/9lRhThfGBo7r3AULQXQ3GreGRlI+Zqfv03oMleHfxXs/3P/UZNYcsZ7/QHXgo7Po3OGAf05N87DXKV/Rtu27O7Wpp8rKP/G78LyNKMPRxqLDOvPkh5y/7yLg=~3621682~4272708; Domain=.scotiabank.com; Path=/; Expires=Thu, 02 May 2024 07:58:11 GMT; Max-Age=14400

forestofirmino.com.br.oliveiramidias.com/assets/50805f331bb1b697aafb6f0c28b09212.woff2

192.185.210.203

200 OK

7.9 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/assets/50805f331bb1b697aafb6f0c28b09212.woff2
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
data
Size
7.9 kB (7856 bytes)
Hash
aae504e08adb0856e940067315a6c995
1aa93ece1255ef29febd76cf3825503b1465a32b
be8feab4b1471f918febae33a2781f0a649fb95ec5d96d74d1d57cfff9e7285e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/50805f331bb1b697aafb6f0c28b09212.woff2 HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CvVersion%7C5.5.0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/

192.185.210.203

200 OK

32 kB

URL User Request GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
gzip compressed data, from Unix
Size
32 kB (32546 bytes)
Hash
cb7674288c30e47a334240c2a64efc3e
933663e8aedcd8e070012a854e1a715c9b1552e5
6f9810b7725f8fca607aecf28b4aa4cd1e3852e24db7505d1b3935e76f1e3fee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank
OpenPhish	phishing	Scotiabank

HTTP Headers

GET /s/NOVASCOT/8b787/ HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 01 May 2024 21:28:03 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7902208fd374daa2c26b8961029847e7
57113462435952b24b7d151f11d7a3dc91b03202
ee544cb145e6b65e08279244da92dd384b54449b3fbc6edef3ec21159538685c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 03:58:11 GMT
Last-Modified: Thu, 02 May 2024 03:09:17 GMT
Server: ECAcc (amb/6B61)
X-Cache: Miss from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: F6TpYkOFooyRvQScrHnk9GCUSLKhT9weN15IEA4xaPnEbTdFDmAXOw==
Age: 2934

forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff

192.185.210.203

200 OK

17 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
data
Size
17 kB (17041 bytes)
Hash
8c5fd8340c0c11315656927c9ccbb009
77f4a088e0363c267d0c906e7839133706b4276a
5b9dc470d5d9a77dee7a1fce6deb847470955d9d56f8b219e46adea0eb158703

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CMCAID%7CNONE%7CMCOPTOUT-1714629491s%7CNONE%7CvVersion%7C5.5.0; AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2

forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff

192.185.210.203

200 OK

10 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/assets/8fd30bd010d9e2c7677ec339685f958b.woff
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
data
Size
10 kB (10366 bytes)
Hash
b73e7ac4075c79768ac02618d2ab0d8d
a8955301305c292bed17a6444c21ce1c5afaa7e1
9ac0abccaca0c158b700f436c188d7bc0f635e0073f40a868f422225369ab4c9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /assets/8fd30bd010d9e2c7677ec339685f958b.woff HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:10 GMT
server: Apache
X-Firefox-Spdy: h2

csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html

54.155.128.249

200 OK

2.6 kB

URL GET HTTP/2
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
IP
54.155.128.249:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.memcyco.com
FingerprintDC:2A:FA:45:92:DC:C8:0C:1D:66:96:34:6A:FC:E1:4F:09:ED:40:3E
ValiditySun, 25 Feb 2024 00:00:00 GMT - Tue, 25 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2876), with no line terminators
Size
2.6 kB (2579 bytes)
Hash
0d5c8d9c1cf625be880f87d6f071d845
4890153d870cd9694b8068932509376013fff605
46f092fc499a2cb8358e39972167fa44134a99a9d38ea1fe9fabc10711216c9c

HTTP Headers

GET /cdn/cd/csframe.html HTTP/1.1
Host: csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 03:58:11 GMT
content-type: text/html; charset=UTF-8
set-cookie: AWSALB=ZARJTTiK7oPghOrKIHtl4JcF4DfxgfLXY1w5+Ict6y3NGM8qZFyh3njvsHrEincqHaof/30J1iWBOs9qn7mH9uxZHh2K5izvnD+/uS85lzOwqfqt0bo+JBI4jYl5; Expires=Thu, 09 May 2024 03:58:11 GMT; Path=/
AWSALBCORS=ZARJTTiK7oPghOrKIHtl4JcF4DfxgfLXY1w5+Ict6y3NGM8qZFyh3njvsHrEincqHaof/30J1iWBOs9qn7mH9uxZHh2K5izvnD+/uS85lzOwqfqt0bo+JBI4jYl5; Expires=Thu, 09 May 2024 03:58:11 GMT; Path=/; SameSite=None; Secure
server: nginx/1.23.3
access-control-allow-credentials: true
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
content-encoding: gzip
X-Firefox-Spdy: h2

assets/images/%20.jpg

0.0.0.0

0 B

URL GET
assets/images/%20.jpg
IP
0.0.0.0:0
ASN
#0

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/%20.jpg HTTP/1.1
Host: assets
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

forestofirmino.com.br.oliveiramidias.com/favicon.ico

192.185.210.203

200 OK

5.5 kB

URL GET HTTP/2
forestofirmino.com.br.oliveiramidias.com/favicon.ico
IP
192.185.210.203:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerLet's Encrypt
Subjectforestofirmino.com.br
FingerprintAF:F8:4A:7F:4A:70:B4:66:E8:44:25:68:DB:C7:48:31:90:D9:53:23
ValidityThu, 21 Mar 2024 11:13:21 GMT - Wed, 19 Jun 2024 11:13:20 GMT

File type
HTML document, ASCII text, with very long lines (5908), with no line terminators
Size
5.5 kB (5464 bytes)
Hash
e94b04f8d8b96303868b41a6686173e3
fb4dc77f9737482cb05838076ff050258e06933a
c3d4189ba35f2312bc0a4347a64906a75cab430bd12c45227caab74660f63df0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Scotiabank

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: forestofirmino.com.br.oliveiramidias.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Cookie: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg=179643557%7CMCIDTS%7C19846%7CMCMID%7C70019215549212350378212627684248976524%7CMCAID%7CNONE%7CMCOPTOUT-1714629491s%7CNONE%7CvVersion%7C5.5.0; AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 2392
content-type: text/html; charset=UTF-8
date: Thu, 02 May 2024 03:58:11 GMT
server: Apache
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80

143.204.42.72

200 OK

767 B

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80
IP
143.204.42.72:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (775), with no line terminators
Size
767 B (767 bytes)
Hash
52300238c7aa600c8f27d6c23f8f3f6f
ce6b1815177d77af4d326b993531e07a66de478e
d3373a03cdc388b5c74279490bd3eb5c1020575bb7aa59bb4e310580d58d5c40

HTTP Headers

GET /cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80 HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json
date: Wed, 01 May 2024 18:32:58 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: juYa2kWs3VdBN9nzjjlnJPgQ0GeeAmSoJj7WhdfzJLR1VOkMYTu7_g==
age: 33913
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

143.204.42.72

200 OK

5.1 kB

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
IP
143.204.42.72:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5813), with no line terminators
Size
5.1 kB (5145 bytes)
Hash
def0fdfb38fb2897aca04aff080f055a
0eb9d645aa872829da00a9941f279289e34ec39d
2696bfd4fef5072d4dfbfa735d123e69470e1116cea8f739b155df4e7a8750d2

HTTP Headers

GET /cdn/ca/mutha-scotia-wrapper.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 01 May 2024 18:32:56 GMT
server: nginx/1.18.0 (Ubuntu)
set-cookie: aphishCookie-1714588376933-SCOTIA=0; Max-Age=60; Expires=Wed, 01 May 2024 18:33:56 GMT; SameSite=None; Path=/; Secure
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: V6lJJO5SESmo9o_zo8ZKRiWukUswzNKDh31y9leqsmEIaicFhJHXWg==
age: 33914
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js

143.204.42.72

200 OK

2.4 MB

URL GET HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
IP
143.204.42.72:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type

Size
2.4 MB (2448888 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn/ca/jquery-3.6.1.min.js HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://forestofirmino.com.br.oliveiramidias.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 01 May 2024 18:32:57 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: McXXzlaBPXqD5FV7fpJmyjN82wL5ycTCxQ4XWgO0oQENmTZkOPgUVg==
age: 33914
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf

143.204.42.72

200 OK

7.9 kB

URL POST HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf
IP
143.204.42.72:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7872), with no line terminators
Size
7.9 kB (7872 bytes)
Hash
029e4b681d2e9d564ad998979ac2aeed
f0d97b26add5a73012c11c35927d9e1e16018650
ead7a6360eeff86aa8e2bb37d9fe24ae0008199aed385ac68cdf5b5e94da280e

HTTP Headers

POST /cdn/cd/gwf HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 989
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
date: Thu, 02 May 2024 03:58:12 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: uPOS4RFORjlvQA_dOcMYmjabpV8fxQxexrVamDEXGAxXdG_Q6oJ9bQ==
X-Firefox-Spdy: h2

dlslhpkfqfglo.cloudfront.net/cdn/cd/l

143.204.42.72

200 OK

88 B

URL POST HTTP/2
dlslhpkfqfglo.cloudfront.net/cdn/cd/l
IP
143.204.42.72:443
ASN
#16509 AMAZON-02

Requested by
https://forestofirmino.com.br.oliveiramidias.com/s/NOVASCOT/8b787/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
88 B (88 bytes)
Hash
cf041a9f74dba4e718adf19515dfac7d
e2b43054b03e6953364ac8c13b6ad3e3e62e4692
2251ad298b3375e435842a1570579fdb0997f71d3235c5cb010d67f5cc7fd1ea

HTTP Headers

POST /cdn/cd/l HTTP/1.1
Host: dlslhpkfqfglo.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 997
Origin: https://forestofirmino.com.br.oliveiramidias.com
DNT: 1
Connection: keep-alive
Referer: https://forestofirmino.com.br.oliveiramidias.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain; charset=UTF-8
content-length: 88
date: Thu, 02 May 2024 03:58:12 GMT
server: nginx/1.18.0 (Ubuntu)
access-control-allow-origin: https://forestofirmino.com.br.oliveiramidias.com
access-control-allow-credentials: true
content-security-policy: frame-ancestors https://*
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
x-cache: Miss from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zA5lzcg9MQQ5Q86JamfZLVR01oUfM25bIzpo1sTdRLsQmfXxxteY_Q==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL