urlscan.io logo urlscan.io
SecurityTrails logo

gwd.tta.mybluehost.me Open in urlscan Pro
162.241.216.107  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://gwd.tta.mybluehost.me/
Submission: On July 29 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 12 HTTP transactions. The main IP is 162.241.216.107, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is gwd.tta.mybluehost.me.
TLS certificate: Issued by R3 on July 29th 2023. Valid for: 3 months.
This is the only time gwd.tta.mybluehost.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 162.241.216.107 46606 (UNIFIEDLA...)
1 104.102.51.209 16625 (AKAMAI-AS)
1 2001:4de0:ac1... 20446 (STACKPATH...)
12 4
Apex Domain
Subdomains		 Transfer
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 743
30 KB
1 scotiabank.com.pe
mi.scotiabank.com.pe — Cisco Umbrella Rank: 763106
27 KB
1 mybluehost.me
gwd.tta.mybluehost.me
58 KB
12 3
Domain Requested by
1 code.jquery.com gwd.tta.mybluehost.me
1 mi.scotiabank.com.pe gwd.tta.mybluehost.me
mi.scotiabank.com.pe
1 gwd.tta.mybluehost.me
12 3

This site contains links to these domains. Also see Links.

Domain
www.google.com.pe
Subject Issuer Validity Valid
cpcalendars.gwd.tta.mybluehost.me
R3		 2023-07-29 -
2023-10-27		 3 months crt.sh
www.scotiabank.com.pe
Entrust Certification Authority - L1M		 2023-02-27 -
2024-03-27		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://gwd.tta.mybluehost.me/
Frame ID: F39739ACD2A3DF11B40D26E8C42F6B8A
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Scotiabank - Banca por InternetScotiabank

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

25 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

115 kB
Transfer

489 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gwd.tta.mybluehost.me/ 		229 KB
58 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gwd.tta.mybluehost.me/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.216.107 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5397.bluehost.com
Software
Apache /
Resource Hash
ea0f9e1a4c7dc2ebf3445695ae7c4e62e6caaea59a22b7043ae704289422a64c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=7200
content-encoding
gzip
content-type
text/html
date
Sat, 29 Jul 2023 21:38:24 GMT
expires
Sat, 29 Jul 2023 23:38:24 GMT
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified
Sat, 29 Jul 2023 02:05:27 GMT
server
Apache
vary
Accept-Encoding
x-newfold-cache-level
2
styles.30039a1c4409c4589a1d.css
mi.scotiabank.com.pe/joy-login/ 		169 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mi.scotiabank.com.pe/joy-login/styles.30039a1c4409c4589a1d.css
Requested by
Host: gwd.tta.mybluehost.me
URL: https://gwd.tta.mybluehost.me/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.102.51.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-102-51-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f8d69a7cbcc8a0bcb0736e142a04adde54cf55ee9089f746d7febaaa7b4c045d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gwd.tta.mybluehost.me/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Content-Security-Policy
frame-ancestors 'self';
X-Content-Type-Options
nosniff
Date
Sat, 29 Jul 2023 21:38:25 GMT
Last-Modified
Thu, 16 Mar 2023 22:56:14 GMT
Content-Encoding
gzip
ETag
"30235-6a29-5f70c5e1a3f80"
Vary
Accept-Encoding
Content-Type
text/css
Server-Timing
dtSInfo;desc="1"
Accept-Ranges
bytes
Connection
keep-alive
Content-Length
27177
X-XSS-Protection
1;mode=block
jquery-3.7.0.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.7.0.min.js
Requested by
Host: gwd.tta.mybluehost.me
URL: https://gwd.tta.mybluehost.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

Referer
https://gwd.tta.mybluehost.me/
Origin
https://gwd.tta.mybluehost.me
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date
Sat, 29 Jul 2023 21:38:25 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
etag
W/"28feccc0-155a6"
vary
Accept-Encoding
x-hw
1690666705.dop219.fr8.t,1690666705.cds276.fr8.hn,1690666705.cds237.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30308
truncated
/ 		984 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1de8807fb0904cb1446a18a21f9021da66d304f24d345d4abab0cee74531b030

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cc2a30f8a51aa97732ca36b85a4c85be9e68d3d6dde467f9b25ddbcd46ac3ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		950 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c425c4b9a6990752975d96e1e84e98105468fa15767db7c98ba9b148a2c6b775

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		289 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63e82a11268d5149c81d1fbde7da9d0763289dc4ae4fe2d774c7b5e18fa0a449

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		416 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11dd2414870d2f5a2c8047f3f418ea3bc5b89eca0cd3fae7ee71a13b6ebffca2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
Scotia_W_Lt.6153dce96e9dc4528f0f.woff2
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Lt.fc1f7392290e3cc880a5.woff
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Rg.58ae0df055c87072c593.woff2
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Rg.54bd4ddeecac6bcd0392.woff
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Headline.aa9ccae8fcc3543dda41.woff2
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Bd.bcf523a447f011358b09.woff2
mi.scotiabank.com.pe/joy-login/ 		0
0
canvas-icons.c1807ef24a1788a0f8a0.woff
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Headline.d14a2341b8497eecf7a9.woff
mi.scotiabank.com.pe/joy-login/ 		0
0
Scotia_W_Bd.e5dbf98bca38ef6433c1.woff
mi.scotiabank.com.pe/joy-login/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.6153dce96e9dc4528f0f.woff2
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.fc1f7392290e3cc880a5.woff
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.58ae0df055c87072c593.woff2
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.54bd4ddeecac6bcd0392.woff
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.aa9ccae8fcc3543dda41.woff2
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.bcf523a447f011358b09.woff2
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/canvas-icons.c1807ef24a1788a0f8a0.woff?9bnoso
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.d14a2341b8497eecf7a9.woff
Domain
mi.scotiabank.com.pe
URL
https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.e5dbf98bca38ef6433c1.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

18 Console Messages

Source Level URL
Text
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.6153dce96e9dc4528f0f.woff2' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.6153dce96e9dc4528f0f.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.fc1f7392290e3cc880a5.woff' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Lt.fc1f7392290e3cc880a5.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.58ae0df055c87072c593.woff2' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.58ae0df055c87072c593.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.54bd4ddeecac6bcd0392.woff' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Rg.54bd4ddeecac6bcd0392.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.aa9ccae8fcc3543dda41.woff2' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.aa9ccae8fcc3543dda41.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.bcf523a447f011358b09.woff2' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.bcf523a447f011358b09.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/canvas-icons.c1807ef24a1788a0f8a0.woff?9bnoso' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/canvas-icons.c1807ef24a1788a0f8a0.woff?9bnoso
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.d14a2341b8497eecf7a9.woff' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Headline.d14a2341b8497eecf7a9.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gwd.tta.mybluehost.me/
Message:
Access to font at 'https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.e5dbf98bca38ef6433c1.woff' from origin 'https://gwd.tta.mybluehost.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://mi.scotiabank.com.pe/joy-login/Scotia_W_Bd.e5dbf98bca38ef6433c1.woff
Message:
Failed to load resource: net::ERR_FAILED