gutidentity.com - urlscan.io

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 107.154.147.218, located in United States and belongs to INCAPSULA, US. The main domain is gutidentity.com.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2024 Q4 on October 31st 2024. Valid for: 6 months.

This is the only time gutidentity.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Google (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 3	107.154.147.218 107.154.147.218	19551 (INCAPSULA) (INCAPSULA)
3	173.194.204.94 173.194.204.94	15169 (GOOGLE) (GOOGLE)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
6	4

3 107.154.147.218 (United States) 1 redirects

ASN19551 (INCAPSULA, US)
PTR: 107.154.147.218.ip.incapdns.net

gutidentity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.194.204.94 (United States)

ASN15169 (GOOGLE, US)
PTR: qb-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	gstatic.com fonts.gstatic.com	57 KB
3	gutidentity.com 1 redirects gutidentity.com	138 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 791	31 KB
6	3

	Domain	Requested by
3	fonts.gstatic.com	gutidentity.com
3	gutidentity.com	1 redirects
1	code.jquery.com	gutidentity.com
6	3

This site contains links to these domains. Also see Links.

Domain
support.google.com
accounts.google.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2024 Q4	`2024-10-31` - `2025-04-29`	6 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html
Frame ID: 6CA35AA6CE27F7DF416F489ECDF7C080
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Gmail

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

225 kB
Transfer

842 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://support.google.com/accounts?hl=en-GB&p=account_iph
Title: Help

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=NG&hl=en-GB&privacy=true
Title: Privacy

Search URL Search Domain Scan URL

URL: https://accounts.google.com/TOS?loc=NG&hl=en-GB
Title: Terms

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://gutidentity.com/favicon.ico HTTP 302
https://gutidentity.com/wp-content/uploads/2019/10/cropped-Gut-27-32x32.png

6 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request index.html Show response
gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/ 696 KB
136 KB 445ms
258ms Document
text/html 107.154.147.218
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

107.154.147.218 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

107.154.147.218.ip.incapdns.net

Software

nginx/1.25.5 /

Resource Hash

49a1e8bc1ceab29337ead31a2e32a77eb42b57c2e22f35d582929c2e145eaf06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: max-age=7200
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Wed, 06 Nov 2024 00:04:21 GMT
expires: Wed, 06 Nov 2024 01:47:00 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
last-modified: Sun, 25 Jun 2023 00:38:22 GMT
server: nginx/1.25.5
vary: Accept-Encoding
x-cdn: Imperva
x-endurance-cache-level: 2
x-iinfo: 9-27627585-27627587 NNNN CT(45 57 0) RT(1730851460309 80) q(0 0 1 1) r(2 2) U12
x-nginx-cache: WordPress
x-proxy-cache: HIT
x-server-cache: true

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H3 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 386ms
193ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: gutidentity.com
URL: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://gutidentity.com
Referer: https://gutidentity.com/

Response headers

age: 558097
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 13:02:44 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 13:02:44 GMT
last-modified: Mon, 22 Apr 2019 23:42:59 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21464
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ 15 KB
15 KB 337ms
145ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: gutidentity.com
URL: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://gutidentity.com
Referer: https://gutidentity.com/

Response headers

age: 38122
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 05 Nov 2025 13:28:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 05 Nov 2024 13:28:59 GMT
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15344
x-xss-protection: 0
server: sffe

GET
H3 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ 21 KB
21 KB 445ms
253ms Font
font/woff2 173.194.204.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v14/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: gutidentity.com
URL: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

173.194.204.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qb-in-f94.1e100.net

Software

sffe /

Resource Hash

6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://gutidentity.com
Referer: https://gutidentity.com/

Response headers

age: 561216
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 12:10:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 12:10:45 GMT
last-modified: Mon, 22 Apr 2019 23:43:33 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21700
x-xss-protection: 0
server: sffe

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
31 KB 256ms
71ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: gutidentity.com
URL: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://gutidentity.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-15d9d"
age: 4802918
x-cache: HIT, HIT
date: Wed, 06 Nov 2024 00:04:21 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 578388, 3924
x-served-by: cache-lga21934-LGA, cache-yvr1522-YVR
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1730851462.791054,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30875
server: nginx

GET
H2

200

cropped-Gut-27-32x32.png
gutidentity.com/wp-content/uploads/2019/10/
Redirect Chain

https://gutidentity.com/favicon.ico
https://gutidentity.com/wp-content/uploads/2019/10/cropped-Gut-27-32x32.png

1 KB
1 KB

80ms
79ms

Other
image/png

107.154.147.218
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://gutidentity.com/wp-content/uploads/2019/10/cropped-Gut-27-32x32.png
Protocol: H2
Server: 107.154.147.218 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.147.218.ip.incapdns.net
Software: /
Resource Hash: 562247b3160e69eaf8f36b41e0f96c992d7b58bc69b794d42969d937564d6476

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html

Response headers

x-iinfo: 9-27627585-0 0CNN RT(1730851460309 1942) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=41228, public
etag: "a79d8a83"
x-cdn: Imperva
expires: Wed, 06 Nov 2024 11:31:30 GMT
content-length: 1296
date: Wed, 06 Nov 2024 00:04:22 GMT
last-modified: Tue, 15 Oct 2019 23:24:29 GMT
content-type: image/png

Redirect headers

x-nginx-cache: WordPress
content-encoding: gzip
x-proxy-cache: EXPIRED
x-server-cache: true
date: Wed, 06 Nov 2024 00:04:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-redirect-by: WordPress
x-iinfo: 9-27627585-27627587 PNNN RT(1730851460309 1212) q(0 0 0 -1) r(6 6) U11
link: <https://gutidentity.com/wp-json/>; rel="https://api.w.org/"
content-security-policy: upgrade-insecure-requests
location: https://gutidentity.com/wp-content/uploads/2019/10/cropped-Gut-27-32x32.png
x-cdn: Imperva
content-length: 143
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-endurance-cache-level: 2
server: nginx/1.25.5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Google (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.gutidentity.com/	1970-01-21 09:32:04	Name: visid_incap_3143668 Value: zIuL9DExQy+1ZjS2qbWnaoSyKmcAAAAAQUIPAAAAAAApxlDhvLUalurySfwW1CXM
			.gutidentity.com/	1969-12-31 23:59:59	Name: incap_ses_1566_3143668 Value: DML0NgLojj+BBVD03Yy7FYSyKmcAAAAAgnvwx938HeYILp28mStNPQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://gutidentity.com/website_b449b52d/wp-includes/ID3/module.audio/module.compac/gmail.com/index.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
fonts.gstatic.com
gutidentity.com
107.154.147.218
151.101.130.137
173.194.204.94
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
49a1e8bc1ceab29337ead31a2e32a77eb42b57c2e22f35d582929c2e145eaf06
562247b3160e69eaf8f36b41e0f96c992d7b58bc69b794d42969d937564d6476
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

gutidentity.com Open in urlscan Pro 107.154.147.218 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

1 Countries

225 kBTransfer

842 kBSize

2 Cookies

3 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

gutidentity.com Open in urlscan Pro
107.154.147.218 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

225 kB
Transfer

842 kB
Size

2
Cookies

6 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!