funtoplaygamesforkids.duckdns.org Open in urlscan Pro
20.79.155.225 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Submission: On October 13 via api (October 13th 2024, 10:41:35 pm UTC) from CA — Scanned from CA

Summary HTTP 20 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 20 HTTP transactions. The main IP is 20.79.155.225, located in Frankfurt am Main, Germany and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is funtoplaygamesforkids.duckdns.org.
TLS certificate: Issued by (STAGING) Pseudo Plum E5 on October 11th 2024. Valid for: 3 months.

This is the only time funtoplaygamesforkids.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	20.79.155.225 20.79.155.225	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2600:1408:10:... 2600:1408:10:280::51e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2600:9000:24d... 2600:9000:24d6:5000:d:e6dd:f300:21	16509 (AMAZON-02) (AMAZON-02)
1	184.25.41.104 184.25.41.104	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	107.20.112.51 107.20.112.51	14618 (AMAZON-AES) (AMAZON-AES)
1	63.140.38.236 63.140.38.236	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.209.125.30 18.209.125.30	14618 (AMAZON-AES) (AMAZON-AES)
1	54.246.140.19 54.246.140.19	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:24d... 2600:9000:24d6:e600:d:e6dd:f300:21	16509 (AMAZON-02) (AMAZON-02)
20	9

3 20.79.155.225 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

funtoplaygamesforkids.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1408:10:280::51e (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

dmtags.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:24d6:5000:d:e6dd:f300:21 (United States)

ASN16509 (AMAZON-02, US)

dlslhpkfqfglo.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.25.41.104 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-25-41-104.deploy.static.akamaitechnologies.com

auth.scotiaonline.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.20.112.51 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-112-51.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
scotiabank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.38.236 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-236.data.adobedc.net

somniture.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.209.125.30 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-125-30.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.140.19 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-140-19.eu-west-1.compute.amazonaws.com

csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24d6:e600:d:e6dd:f300:21 (United States)

ASN16509 (AMAZON-02, US)

dlslhpkfqfglo.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cloudfront.net dlslhpkfqfglo.cloudfront.net	792 KB
6	scotiabank.com dmtags.scotiabank.com — Cisco Umbrella Rank: 146635 auth.scotiaonline.scotiabank.com — Cisco Umbrella Rank: 191973 somniture.scotiabank.com — Cisco Umbrella Rank: 127704	91 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 243 scotiabank.demdex.net — Cisco Umbrella Rank: 112706	4 KB
3	duckdns.org funtoplaygamesforkids.duckdns.org	19 KB
1	memcyco.com csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 440773
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1371	490 B
20	6

	Domain	Requested by
6	dlslhpkfqfglo.cloudfront.net	funtoplaygamesforkids.duckdns.org dlslhpkfqfglo.cloudfront.net
4	dmtags.scotiabank.com	funtoplaygamesforkids.duckdns.org dmtags.scotiabank.com
3	dpm.demdex.net	1 redirects funtoplaygamesforkids.duckdns.org
3	funtoplaygamesforkids.duckdns.org	funtoplaygamesforkids.duckdns.org
1	csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	dlslhpkfqfglo.cloudfront.net
1	cm.everesttech.net	1 redirects
1	somniture.scotiabank.com	dmtags.scotiabank.com
1	scotiabank.demdex.net	dmtags.scotiabank.com
1	auth.scotiaonline.scotiabank.com	funtoplaygamesforkids.duckdns.org
20	9

This site contains links to these domains. Also see Links.

Domain
www.scotiabank.com

Subject Issuer	Validity	Valid
funtoplaygamesforkids.duckdns.org (STAGING) Pseudo Plum E5	`2024-10-11` - `2025-01-09`	3 months	crt.sh
apps.scotiabank.com Entrust Certification Authority - L1K	`2023-11-21` - `2024-12-21`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
auth.scotiabank.com Entrust Certification Authority - L1K	`2024-01-31` - `2025-02-28`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
somniture.scotiabank.com Entrust Certification Authority - L1K	`2024-07-23` - `2025-08-23`	a year	crt.sh
*.memcyco.com Amazon RSA 2048 M03	`2024-02-25` - `2025-03-25`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Frame ID: 1F751E3E8C1C0CF05D484D1E4935BE3F
Requests: 17 HTTP requests in this frame

Frame: https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: A1733905F1865998CAACBBEFA2667DFD
Requests: 1 HTTP requests in this frame

Frame: https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: 8832ABF08FEBFAEA0F26EE0EEEE03278
Requests: 1 HTTP requests in this frame

Frame: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html
Frame ID: 6EFE615C1E21D2C53BD2CCE392DDF989
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Scotiabank

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

70 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

904 kB
Transfer

2774 kB
Size

30
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.scotiabank.com/ca/en/personal.html
Title: Scotiabank

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/personal/contact-us.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/legal.html
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/personal/accessibility.html
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547

Request Chain 13

https://cm.everesttech.net/cm/dd?d_uuid=16185485215976164832968065390809580624 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/ 88 KB
19 KB 950ms
232ms Document
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 53c522f89bfce4eb46c2c5b53eb8c92874374faacaa22fde81e4ef2bd452ca07

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 18595
content-type: text/html; charset=UTF-8
date: Sun, 13 Oct 2024 22:41:30 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: LiteSpeed
vary: Accept-Encoding

GET
H/1.1 200
OK launch-edbf66c903b6.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ 252 KB
66 KB 238ms
69ms Script
application/x-javascript 2600:1408:10:280::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2600:1408:10:280::51e Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

68fa9b61ae61cd5d5c02d9385e6ffffcc2712549fb658012c6c1ddde6225fd1d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "66f2ccc2-3ef07"
X-Content-Type-Options: nosniff
Date: Sun, 13 Oct 2024 22:41:30 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 24 Sep 2024 14:29:22 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: c62c8adf-65c1-4dc1-4523-7e7904d1bb67
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 67000
x-xss-protection: 1; mode=block

GET
H2 200 mutha-scotia-wrapper.min.js Show response
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 5 KB
3 KB 158ms
50ms Script
application/javascript 2600:9000:24d6:5000:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:5000:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aacbb4075dbf1cdc7057308d94338bba14434e9a62d662edd8d106eaca821654

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

content-encoding: gzip
age: 52726
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 493e292caca329a2b20dbbc4e33d60f2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: GNMCL8B04YvxgQez7YP8ql8CLS2UO_OvPwyBZvzMMOUDAwShB1jJtg==
date: Sun, 13 Oct 2024 08:02:44 GMT
content-type: application/javascript; charset=UTF-8
x-amz-cf-pop: ATL58-P2
server: nginx

GET
H2 200 7c428f63a00e5bd025fa159e8c94389f.svg
auth.scotiaonline.scotiabank.com/assets/ 537 B
767 B 307ms
124ms Image
image/svg+xml 184.25.41.104
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.scotiaonline.scotiabank.com/assets/7c428f63a00e5bd025fa159e8c94389f.svg

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.25.41.104 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-25-41-104.deploy.static.akamaitechnologies.com

Software

Resource Hash

51bf40e3535dee036bec3df6d4b279b4373fb22cdd40632535932d6999f7e37e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-content-type-options: nosniff
accept-ranges: bytes
x-vcap-request-id: 7402a3f0-cec0-46ff-6ba6-e37eb9e1f4d0
content-length: 537
x-xss-protection: 1; mode=block
date: Sun, 13 Oct 2024 22:41:30 GMT
content-language: en-CA
content-type: image/svg+xml

GET
H2 404 8fd30bd010d9e2c7677ec339685f958b.woff
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ 0
0 115ms
115ms Font
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/8fd30bd010d9e2c7677ec339685f958b.woff
Requested by: Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://funtoplaygamesforkids.duckdns.org
Referer: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Response headers

cache-control: private, no-cache, max-age=0
content-encoding: gzip
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
date: Sun, 13 Oct 2024 22:41:30 GMT
content-type: text/html
vary: Accept-Encoding
server: LiteSpeed

GET
H2 200 jquery-3.6.1.min.js Show response
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 2 MB
781 KB 55ms
55ms Script
application/javascript 2600:9000:24d6:5000:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:5000:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7005532e5f203588e3311c9577d6ce84124b50e9344bee25199e9c28d6ae676a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

content-encoding: gzip
age: 58136
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 493e292caca329a2b20dbbc4e33d60f2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: YQXvCuAJXvbt_7oMGmQL4RVwC7xnbqH8_YhHFW0gEsm9dT4YFSLDQw==
date: Sun, 13 Oct 2024 06:32:34 GMT
content-type: application/javascript; charset=UTF-8
x-amz-cf-pop: ATL58-P2
server: nginx

GET
H2 404 50805f331bb1b697aafb6f0c28b09212.woff2
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ 0
0 116ms
116ms Font
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/50805f331bb1b697aafb6f0c28b09212.woff2
Requested by: Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://funtoplaygamesforkids.duckdns.org
Referer: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Response headers

cache-control: private, no-cache, max-age=0
content-encoding: gzip
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
date: Sun, 13 Oct 2024 22:41:30 GMT
content-type: text/html
vary: Accept-Encoding
server: LiteSpeed

GET
H2

200

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547

5 KB
2 KB

39ms
38ms

XHR
application/json

107.20.112.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Server

107.20.112.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-20-112-51.compute-1.amazonaws.com

Software

Resource Hash

764a09d0645d05257fd37913c10d3b76f7adfe430cb63904dff80ee8458feea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-va6-1-v065-0aab289e2.edge-va6.demdex.com 4 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: XONhgVHtRx4=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
content-length: 1727
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Sun, 13 Oct 2024 22:41:30 GMT
content-type: application/json;charset=utf-8
vary: Origin

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547
dcs: dcs-prod-va6-2-v065-03842fddb.edge-va6.demdex.com 0 ms
pragma: no-cache
access-control-allow-credentials: true
x-tid: GZOMv3mTTzg=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Sun, 13 Oct 2024 22:41:30 GMT
vary: Origin

GET
H/1.1 200
OK AppMeasurement.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 47ms
46ms Script
application/x-javascript 2600:1408:10:280::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2600:1408:10:280::51e Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "66f2ccc2-8d52"
X-Content-Type-Options: nosniff
Date: Sun, 13 Oct 2024 22:41:30 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 24 Sep 2024 14:29:22 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 5ed7143d-7c18-42e8-4ec6-6fc23fd38c9a
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 13012
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK AppMeasurement_Module_ActivityMap.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 97ms
44ms Script
application/x-javascript 2600:1408:10:280::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2600:1408:10:280::51e Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "66f2ccc2-cd4"
X-Content-Type-Options: nosniff
Date: Sun, 13 Oct 2024 22:41:30 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 24 Sep 2024 14:29:22 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 987ccf39-4a20-49a4-575b-9e8bc6365102
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 1597
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK otSDKStub.js Show response
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ 21 KB
7 KB 91ms
43ms Script
application/x-javascript 2600:1408:10:280::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2600:1408:10:280::51e Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "66884eaf-524b"
X-Content-Type-Options: nosniff
Date: Sun, 13 Oct 2024 22:41:30 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 05 Jul 2024 19:51:11 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: a3f6c1a8-5dd6-40d1-6544-bb8beb44089c
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 6793
x-xss-protection: 1; mode=block

GET 4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ 0
0

GET
H2 200 dest5.html
scotiabank.demdex.net/ Frame A173 0
0 95ms
33ms Document
text/html 107.20.112.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scotiabank.demdex.net/dest5.html?d_nsid=0

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.20.112.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-20-112-51.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://funtoplaygamesforkids.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sun, 13 Oct 2024 22:41:30 GMT
dcs: dcs-prod-va6-2-v065-0a53b26ef.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 10 Oct 2024 10:01:56 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: N7XhG0urQJ4=

GET
H2 200 id Show response
somniture.scotiabank.com/ 48 B
473 B 206ms
42ms XHR
application/x-javascript 63.140.38.236
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=19739624466975571052603782701371042114&ts=1728859290782

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.38.236 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-38-236.data.adobedc.net

Software

jag /

Resource Hash

a12f50d4b2cf23b32e718484f2da0911ceec0ade447cdbfbf2928d53c40e2a78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
p3p: CP="This is not a P3P policy"
content-length: 48
date: Sun, 13 Oct 2024 22:41:30 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript;charset=utf-8
vary: Origin
server: jag

GET
H2

200

ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=16185485215976164832968065390809580624
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP

42 B
716 B

36ms
36ms

Image
image/gif

107.20.112.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP

Requested by

Host: funtoplaygamesforkids.duckdns.org
URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Server

107.20.112.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-107-20-112-51.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-va6-2-v065-0ca0808c8.edge-va6.demdex.com 3 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: Kr/dSG2PRX0=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Sun, 13 Oct 2024 22:41:30 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Sun, 13 Oct 2024 22:41:30 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

GET
H2 200 gpk Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 791 B
1 KB 144ms
49ms XHR
application/json 2600:9000:24d6:5000:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80&e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:5000:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

d35fa1fe46195caf6c30e581d017303c44cf6201283acd06852f460b726d203e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://funtoplaygamesforkids.duckdns.org/

Response headers

content-encoding: gzip
age: 56718
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 57e3d5d3b005fa4d07716cb3ffc6ecc0.cloudfront.net (CloudFront)
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
x-cache: Hit from cloudfront
x-amz-cf-id: OzPPxyynP9gnW3_3_h8WI8BWnHrSizjpRUz3rpf_pH4tumgEig3Ejg==
date: Sun, 13 Oct 2024 06:56:12 GMT
content-type: application/json
x-amz-cf-pop: ATL58-P2
server: nginx

GET
H2 200 csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame 8832 0
0 358ms
121ms Document
text/html 54.246.140.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.246.140.19 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-246-140-19.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://funtoplaygamesforkids.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 13 Oct 2024 22:41:31 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only

GET
H2 200 lwsa.html
dlslhpkfqfglo.cloudfront.net/cdn/ca/ Frame 6EFE 0
0 140ms
48ms Document
text/html 2600:9000:24d6:e600:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:e600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://funtoplaygamesforkids.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
age: 56930
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 13 Oct 2024 06:52:41 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx
via: 1.1 d5d585dce9ad5e702dfde5c38b8b4b9e.cloudfront.net (CloudFront)
x-amz-cf-id: nt9rZAMVIoep4UorQXxH58OhUxurWXJdFurgtye60bC4iQrP6sz-Kg==
x-amz-cf-pop: ATL58-P2
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only

POST
H2 200 gwf Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 8 KB
6 KB 250ms
248ms XHR
text/plain 2600:9000:24d6:5000:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf?e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:5000:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

db1238b507a45491709e7e13e45e76245a268bcd1b9bdfb63b6838c8de0fdeed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://funtoplaygamesforkids.duckdns.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding: gzip
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 493e292caca329a2b20dbbc4e33d60f2.cloudfront.net (CloudFront)
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
x-cache: Miss from cloudfront
x-amz-cf-id: k1jPPb6SpWh9QPBeY3lL0HMDeUVxY1TpRbmfx3rW3PSoJfksCxCKjQ==
date: Sun, 13 Oct 2024 22:41:31 GMT
content-type: text/plain; charset=UTF-8
x-amz-cf-pop: ATL58-P2
server: nginx

POST
H2 200 l Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 104 B
542 B 258ms
256ms XHR
text/plain 2600:9000:24d6:5000:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/l?e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24d6:5000:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

1a03537319bb4731e7d1251f5069d1c139df39f27a2a3f981f1f1a9e24b60683

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://funtoplaygamesforkids.duckdns.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 493e292caca329a2b20dbbc4e33d60f2.cloudfront.net (CloudFront)
access-control-allow-origin: https://funtoplaygamesforkids.duckdns.org
x-cache: Miss from cloudfront
content-length: 104
x-amz-cf-id: I1nfDtUADOk7TMFr2MSxOCfLMjV8SixPDM3se6E_Pw617KVxE35IqA==
date: Sun, 13 Oct 2024 22:41:32 GMT
content-type: text/plain; charset=UTF-8
x-amz-cf-pop: ATL58-P2
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
funtoplaygamesforkids.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 872voepthr95pm5qhap9nnjmvq
dlslhpkfqfglo.cloudfront.net/	1970-01-21 00:14:19	Name: aphishCookie-1728806564299-SCOTIA Value: 0
.demdex.net/	1970-01-21 04:33:31	Name: demdex Value: 16185485215976164832968065390809580624
.funtoplaygamesforkids.duckdns.org/	1969-12-31 23:59:59	Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1
.dpm.demdex.net/	1970-01-21 04:33:31	Name: dpm Value: 16185485215976164832968065390809580624
.funtoplaygamesforkids.duckdns.org/	1970-01-21 09:50:19	Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C20010%7CMCMID%7C19739624466975571052603782701371042114%7CMCAAMLH-1729464090%7C7%7CMCAAMB-1729464090%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1728866490s%7CNONE%7CMCSYNCSOP%7C411-20017%7CMCAID%7CNONE%7CvVersion%7C5.5.0
.mathtag.com/	1970-01-21 09:40:14	Name: uuid Value: 67cd670c-4c9b-4400-b632-5f1470987a6f
.adnxs.com/	1970-01-21 09:50:19	Name: receive-cookie-deprecation Value: 1
.33across.com/	1970-01-21 08:59:55	Name: 33x_ps Value: u%3D212835514262705%3As1%3D1728859291212%3Ats%3D1728859291212
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/	1970-01-21 00:24:24	Name: AWSALBCORS Value: r0MLpSc0D8+a9jiF/tz4VMljsQayoz4uFqAZmW83fIkTbu/2+Teqzb1UPa7rfcctY5eessjU7MZ9SD1O6HhM2OTQre5B7Kma9GIlXCQJWrS8q2h2PEN+eSAA3FBy
.doubleclick.net/	1970-01-21 09:50:19	Name: IDE Value: AHWqTUnDTb3y1q4TifUbcYROYdUTtA6ufGraM6E1BwMtw2TOrd_e2gNmCi22OLLkikc
.rfihub.com/	1970-01-21 09:35:55	Name: rud Value: H4sIAAAAAAAA_-MSNrIwsDQ3NTYzMjc3MzI2szA2NBDiM9TNKw7L1DXJyHbJLUsEANF747QlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNrIwsDQ3NTYzMjc3MzI2szA2NBDiM9TNKw7L1DXJyHbJLUsEANF747QlAAAA
.rfihub.com/	1970-01-21 09:35:55	Name: eud Value: H4sIAAAAAAAA_1vFxGtobmRhYWppZGloZmYBAATxGbQQAAAA
.twitter.com/	1970-01-21 09:50:19	Name: personalization_id Value: "v1_SyCRbIMUka9MwFoHUe0QPg=="
.adsrvr.org/	1970-01-21 08:59:55	Name: TDID Value: e8293dcb-c733-46b1-8fca-b71fcbb5b35a
.adsrvr.org/	1970-01-21 08:59:55	Name: TDCPM Value: CAESEgoDYWFtEgsIvqiR-Mb4tT0QBRgFIAEoAjILCOTX6qTd-LU9EAU4AQ..
.quantserve.com/	1970-01-21 09:44:33	Name: mc Value: 670c4c9b-ca799-83b6a-5e079
.quantserve.com/	1970-01-21 02:23:55	Name: sp Value: CgkIjd0BEgMQ0g0=
.ml314.com/	1970-01-21 08:59:55	Name: pi Value: 3647686972696166494
.eyeota.net/	1970-01-21 08:59:55	Name: mako_uid Value: 192880b4188-11f00000010a4aa6
.eyeota.net/	1970-01-21 00:14:19	Name: SERVERID Value: 19110~DM
.scorecardresearch.com/	1970-01-21 09:35:55	Name: UID Value: 145f5e7841515c83343df7d1728859292
.scorecardresearch.com/	1970-01-21 09:35:55	Name: XID Value: 145f5e7841515c83343df7d1728859292
.crwdcntrl.net/	1970-01-21 06:43:05	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 06:43:05	Name: _cc_id Value: 6babd2dc805c7a70f0d749f70b5f418e
.demdex.net/	1970-01-21 04:33:31	Name: dextp Value: 269-1-1728859290911\|358-1-1728859291013\|601-1-1728859291113\|771-1-1728859291214\|822-1-1728859291315\|1123-1-1728859291416\|1121-1-1728859291517\|903-1-1728859291618\|1175-1-1728859291719\|22052-1-1728859291820\|30064-1-1728859291921\|30646-1-1728859292022\|73426-1-1728859292123\|121998-1-1728859292224\|144230-1-1728859292325\|144231-1-1728859292426\|144232-1-1728859292527\|144233-1-1728859292628\|144234-1-1728859292729\|144235-1-1728859292831\|144236-1-1728859292932\|144237-1-1728859293032\|161033-1-1728859293134\|139200-1-1728859293235
.amazon-adsystem.com/	1970-01-21 06:30:09	Name: ad-id Value: A-hzzZKwwk9FpBwBa1hVeRU
.amazon-adsystem.com/	1970-01-21 09:50:19	Name: ad-privacy Value: 0
.onaudience.com/	1970-01-21 08:59:55	Name: cookie Value: dc13cabcfdffa268

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/8fd30bd010d9e2c7677ec339685f958b.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/50805f331bb1b697aafb6f0c28b09212.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e Message: Access to XMLHttpRequest at 'https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json' from origin 'https://funtoplaygamesforkids.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://scotiabank.com' that is not equal to the supplied origin.
network	error	URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.scotiaonline.scotiabank.com
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
funtoplaygamesforkids.duckdns.org
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
107.20.112.51
18.209.125.30
184.25.41.104
20.79.155.225
2600:1408:10:280::51e
2600:9000:24d6:5000:d:e6dd:f300:21
2600:9000:24d6:e600:d:e6dd:f300:21
54.246.140.19
63.140.38.236
1a03537319bb4731e7d1251f5069d1c139df39f27a2a3f981f1f1a9e24b60683
51bf40e3535dee036bec3df6d4b279b4373fb22cdd40632535932d6999f7e37e
53c522f89bfce4eb46c2c5b53eb8c92874374faacaa22fde81e4ef2bd452ca07
68fa9b61ae61cd5d5c02d9385e6ffffcc2712549fb658012c6c1ddde6225fd1d
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
7005532e5f203588e3311c9577d6ce84124b50e9344bee25199e9c28d6ae676a
764a09d0645d05257fd37913c10d3b76f7adfe430cb63904dff80ee8458feea3
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
a12f50d4b2cf23b32e718484f2da0911ceec0ade447cdbfbf2928d53c40e2a78
aacbb4075dbf1cdc7057308d94338bba14434e9a62d662edd8d106eaca821654
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
d35fa1fe46195caf6c30e581d017303c44cf6201283acd06852f460b726d203e
db1238b507a45491709e7e13e45e76245a268bcd1b9bdfb63b6838c8de0fdeed
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

funtoplaygamesforkids.duckdns.org Open in urlscan Pro 20.79.155.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

20 Requests

70 %HTTPS

33 %IPv6

6 Domains

9 Subdomains

9 IPs

3 Countries

904 kBTransfer

2774 kBSize

30 Cookies

6 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

30 Cookies

5 Console Messages

Indicators

funtoplaygamesforkids.duckdns.org Open in urlscan Pro
20.79.155.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

70 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

904 kB
Transfer

2774 kB
Size

30
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!