nine13media.com Open in urlscan Pro
144.217.107.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Submission: On September 04 via automatic, source openphish (September 4th 2021, 1:04:12 pm UTC)

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 144.217.107.82, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is nine13media.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 2nd 2021. Valid for: 3 months.

This is the only time nine13media.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	144.217.107.82 144.217.107.82	16276 (OVH) (OVH)
2 2	104.111.241.15 104.111.241.15	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	92.122.107.247 92.122.107.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.37.35.213 23.37.35.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
9	3

6 144.217.107.82 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: nine13media.com

nine13media.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.241.15 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-241-15.deploy.static.akamaitechnologies.com

mobilebanking4.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 92.122.107.247 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-107-247.deploy.static.akamaitechnologies.com

secure.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.35.213 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-35-213.deploy.static.akamaitechnologies.com

auth.scotiaonline.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	scotiabank.com 6 redirects mobilebanking4.scotiabank.com secure.scotiabank.com auth.scotiaonline.scotiabank.com	9 KB
6	nine13media.com nine13media.com	863 KB
1	googletagmanager.com www.googletagmanager.com	33 KB
9	3

	Domain	Requested by
6	nine13media.com	nine13media.com
4	secure.scotiabank.com	4 redirects
2	auth.scotiaonline.scotiabank.com	nine13media.com
2	mobilebanking4.scotiabank.com	2 redirects
1	www.googletagmanager.com	nine13media.com
9	5

This site contains links to these domains. Also see Links.

Domain
mobilebanking1.scotiabank.com
www.scotiabank.com
www1.scotiaonline.scotiabank.com

Subject Issuer	Validity	Valid
nine13media.com cPanel, Inc. Certification Authority	`2021-09-02` - `2021-12-01`	3 months	crt.sh
auth.scotiabank.com Entrust Certification Authority - L1K	`2020-02-27` - `2022-02-27`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Frame ID: DC70D100F8B396D90DD2778CA959018C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Scotiabank-BankingWeb

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

Page Statistics

9
Requests

100 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

3
IPs

2
Countries

896 kB
Transfer

945 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://mobilebanking1.scotiabank.com/
Title: Classic Scotiabank Mobile Website

Search URL Search Domain Scan URL

URL: http://www.scotiabank.com/ca/en/0,,317,00.html
Title: iOS/Android apps

Search URL Search Domain Scan URL

URL: https://www1.scotiaonline.scotiabank.com/online/authentication/authentication.bns
Title: Scotia OnLine

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://mobilebanking4.scotiabank.com/bankingweb/css/css.css HTTP 301
https://secure.scotiabank.com/ HTTP 302
https://secure.scotiabank.com/auth/authorize?state=eyJyZXR1cm5VUkkiOiJodHRwczovL3NlY3VyZS5zY290aWFiYW5rLmNvbS8ifQ==&language=en-US HTTP 302
https://auth.scotiaonline.scotiabank.com/online?oauth_key=DPDPqJs_jWw&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiJEUERQcUpzX2pXdyIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKbWRYSmlSVGN4WnkxVFpGOHlkRE40YkdRNGQweHdabFp1WW1VdFZVbEVaMWw2VTBraWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjVlNTZlZmRmLTBlZGItNGUwMS04MjZmLTM2MmQ4Y2JiMTY2YiIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.MpPGzzem-zQgwGTQ-9U_u25wtgM5EBV34RMN30y5yfKt3zdM5YSWioXttg5stzMu5NsAdJNvJq1CatMgWaXhmyr1niYfHGLoMindn8-KZgpSNMYT28aN-CkTjfHxmtCiUoqt6bJKXIrC4vRFPI-TqJpUTS38YPJ4BgFxL0pGcofaUd-lxL8C3VQv8dB13Uzq9IUGz8FlWRrh8AFBX1VJZwYc5l9L8oe5yUHKi6UCguC6fKU7_KZjV7BLzG8zjK-kwaNyMm071jENWOO8JD3eSa0NofNVnWEIeSmv2Bp75BiYHWAimW57WXCXtmxKAdBFBhoflwz4biP2R7S9diu78Q

Request Chain 3

https://mobilebanking4.scotiabank.com/bankingweb/images/en/login-logo.svg HTTP 301
https://secure.scotiabank.com/ HTTP 302
https://secure.scotiabank.com/auth/authorize?state=eyJyZXR1cm5VUkkiOiJodHRwczovL3NlY3VyZS5zY290aWFiYW5rLmNvbS8ifQ==&language=en-US HTTP 302
https://auth.scotiaonline.scotiabank.com/online?oauth_key=5qgZZlM2VWU&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiI1cWdaWmxNMlZXVSIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKNGNVbEZaMkUzWXkxVlpIcDZZek40TXpWR1RUUnFXWEpSV214Mk9WaDJiM1ZNV0ZVaWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjQ3ZDZiYzgyLWQ0ZTQtNDlkZS1iNWFhLTAyYWM0YWE1MWQ3ZCIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.VEE0QRjt16cI-TqNONQc21q9OS9XfG23twTGxQ4Gl8C7yf6yf_8WZ1kEts2TiF9C0582p297PC9zmZwkwJTDqJZssW-0xFHKa0zMiIxx1FjpntYTLDJ3SuDcaoR1Ddzs2TWFKPSANlXP_XMndLdZLMImMVK88RN74W4keE0G8REzqU-FctVsfKm48ZX6aTUITIygyaIQ_Mliz5EqtZAsItX5-rwBd12gRSfFfFQUuG-bO9UlYqTvCah6srSW4MXNn5EmLIbN5YpmvLkMhKWvwXjxdx-KVioYGMWM1hA1qdvkV44GqgEAQ0m7DytFFvUjAk8KLHtprNe4jyYDB76h0w

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Scotiabank-BankingWeb.html Show response
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/ 16 KB
16 KB 382ms
189ms Document
text/html 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

7c0fd0be468a611f0cd72599ed62719af766b9c2e7311bf68f73c565be51553b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Host: nine13media.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Server: nginx/1.21.1
Date: Sat, 04 Sep 2021 13:03:51 GMT
Content-Type: text/html
Content-Length: 16328
Connection: keep-alive
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Jan 2019 23:36:30 GMT
Accept-Ranges: bytes

GET
H2

200

online
auth.scotiaonline.scotiabank.com/
Redirect Chain

https://mobilebanking4.scotiabank.com/bankingweb/css/css.css
https://secure.scotiabank.com/
https://secure.scotiabank.com/auth/authorize?state=eyJyZXR1cm5VUkkiOiJodHRwczovL3NlY3VyZS5zY290aWFiYW5rLmNvbS8ifQ==&language=en-US
https://auth.scotiaonline.scotiabank.com/online?oauth_key=DPDPqJs_jWw&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ....

0
0

479ms
462ms

Stylesheet
text/html

23.37.35.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.scotiaonline.scotiabank.com/online?oauth_key=DPDPqJs_jWw&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiJEUERQcUpzX2pXdyIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKbWRYSmlSVGN4WnkxVFpGOHlkRE40YkdRNGQweHdabFp1WW1VdFZVbEVaMWw2VTBraWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjVlNTZlZmRmLTBlZGItNGUwMS04MjZmLTM2MmQ4Y2JiMTY2YiIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.MpPGzzem-zQgwGTQ-9U_u25wtgM5EBV34RMN30y5yfKt3zdM5YSWioXttg5stzMu5NsAdJNvJq1CatMgWaXhmyr1niYfHGLoMindn8-KZgpSNMYT28aN-CkTjfHxmtCiUoqt6bJKXIrC4vRFPI-TqJpUTS38YPJ4BgFxL0pGcofaUd-lxL8C3VQv8dB13Uzq9IUGz8FlWRrh8AFBX1VJZwYc5l9L8oe5yUHKi6UCguC6fKU7_KZjV7BLzG8zjK-kwaNyMm071jENWOO8JD3eSa0NofNVnWEIeSmv2Bp75BiYHWAimW57WXCXtmxKAdBFBhoflwz4biP2R7S9diu78Q
Requested by: Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 23.37.35.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-35-213.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
referrer-policy: no-referrer
date: Sat, 04 Sep 2021 13:03:53 GMT
x-frame-options: SAMEORIGIN
location: https://auth.scotiaonline.scotiabank.com/online?oauth_key=DPDPqJs_jWw&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiJEUERQcUpzX2pXdyIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKbWRYSmlSVGN4WnkxVFpGOHlkRE40YkdRNGQweHdabFp1WW1VdFZVbEVaMWw2VTBraWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjVlNTZlZmRmLTBlZGItNGUwMS04MjZmLTM2MmQ4Y2JiMTY2YiIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.MpPGzzem-zQgwGTQ-9U_u25wtgM5EBV34RMN30y5yfKt3zdM5YSWioXttg5stzMu5NsAdJNvJq1CatMgWaXhmyr1niYfHGLoMindn8-KZgpSNMYT28aN-CkTjfHxmtCiUoqt6bJKXIrC4vRFPI-TqJpUTS38YPJ4BgFxL0pGcofaUd-lxL8C3VQv8dB13Uzq9IUGz8FlWRrh8AFBX1VJZwYc5l9L8oe5yUHKi6UCguC6fKU7_KZjV7BLzG8zjK-kwaNyMm071jENWOO8JD3eSa0NofNVnWEIeSmv2Bp75BiYHWAimW57WXCXtmxKAdBFBhoflwz4biP2R7S9diu78Q
x-vcap-request-id: ad5fb6c7-2f10-4bbe-48f5-b1dc57deb30c
x-xss-protection: 0
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK scripts.js Show response
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/ 778 KB
779 KB 95ms
95ms Script
application/javascript 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/scripts.js

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

af2f544a6c0fe78d7cdafd87b1bf2d65865c6823070fb88f029a8eb7851d1621

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: nine13media.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Connection: keep-alive
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 13:03:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Jan 2019 23:36:32 GMT
Server: nginx/1.21.1
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 796947

GET
H/1.1 200
OK logo.svg
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/ 12 KB
12 KB 95ms
95ms Image
image/svg+xml 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/logo.svg

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

64e3b238dda41f80bcf2d4eec558ea259093b2f4b381aee2dfd18782501450f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: nine13media.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Connection: keep-alive
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 13:03:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Jan 2019 23:36:32 GMT
Server: nginx/1.21.1
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12496

GET
H2

200

online
auth.scotiaonline.scotiabank.com/
Redirect Chain

https://mobilebanking4.scotiabank.com/bankingweb/images/en/login-logo.svg
https://secure.scotiabank.com/
https://secure.scotiabank.com/auth/authorize?state=eyJyZXR1cm5VUkkiOiJodHRwczovL3NlY3VyZS5zY290aWFiYW5rLmNvbS8ifQ==&language=en-US
https://auth.scotiaonline.scotiabank.com/online?oauth_key=5qgZZlM2VWU&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ....

0
0

513ms
446ms

Image
text/html

23.37.35.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://auth.scotiaonline.scotiabank.com/online?oauth_key=5qgZZlM2VWU&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiI1cWdaWmxNMlZXVSIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKNGNVbEZaMkUzWXkxVlpIcDZZek40TXpWR1RUUnFXWEpSV214Mk9WaDJiM1ZNV0ZVaWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjQ3ZDZiYzgyLWQ0ZTQtNDlkZS1iNWFhLTAyYWM0YWE1MWQ3ZCIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.VEE0QRjt16cI-TqNONQc21q9OS9XfG23twTGxQ4Gl8C7yf6yf_8WZ1kEts2TiF9C0582p297PC9zmZwkwJTDqJZssW-0xFHKa0zMiIxx1FjpntYTLDJ3SuDcaoR1Ddzs2TWFKPSANlXP_XMndLdZLMImMVK88RN74W4keE0G8REzqU-FctVsfKm48ZX6aTUITIygyaIQ_Mliz5EqtZAsItX5-rwBd12gRSfFfFQUuG-bO9UlYqTvCah6srSW4MXNn5EmLIbN5YpmvLkMhKWvwXjxdx-KVioYGMWM1hA1qdvkV44GqgEAQ0m7DytFFvUjAk8KLHtprNe4jyYDB76h0w
Requested by: Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 23.37.35.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-35-213.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Redirect headers

content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
referrer-policy: no-referrer
date: Sat, 04 Sep 2021 13:03:53 GMT
x-frame-options: SAMEORIGIN
location: https://auth.scotiaonline.scotiabank.com/online?oauth_key=5qgZZlM2VWU&oauth_key_signature=eyJraWQiOiJrUFVqdlNhT25GWUVDakpjMmV1MXJvNGxnb2VFeXJJb2tCbU1oX3BiZXNVIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJ1aV9sb2NhbGVzIjoiZW4tVVMiLCJvYXV0aF9rZXkiOiI1cWdaWmxNMlZXVSIsImNvbnNlbnRfcmVxdWlyZWQiOmZhbHNlLCJyZWRpcmVjdF91cmkiOiJodHRwczpcL1wvc2VjdXJlLnNjb3RpYWJhbmsuY29tXC9hdXRoXC9hdXRob3JpemF0aW9uIiwic3RhdGUiOiJleUp5WlhSMWNtNVZVa2tpT2lKb2RIUndjem92TDNObFkzVnlaUzV6WTI5MGFXRmlZVzVyTG1OdmJTOGlMQ0pqYzNKbVZHOXJaVzRpT2lKNGNVbEZaMkUzWXkxVlpIcDZZek40TXpWR1RUUnFXWEpSV214Mk9WaDJiM1ZNV0ZVaWZRJTNEJTNEIiwiZXhwIjoxNjMwNzYxODMzLCJpYXQiOjE2MzA3NjA2MzMsImp0aSI6IjQ3ZDZiYzgyLWQ0ZTQtNDlkZS1iNWFhLTAyYWM0YWE1MWQ3ZCIsImNsaWVudF9pZCI6IjRlY2Y3ZTM5LWJlNTYtNGE2Ni04MTZjLTEzY2I5NGU2MmRhNSIsImNsaWVudF9tZXRhZGF0YSI6eyJDaGFubmVsSUQiOiJNb2JpbGUiLCJBcHBsaWNhdGlvbkNvZGUiOiJJbVdBUCJ9LCJpc3N1ZXIiOiJodHRwczpcL1wvcGFzc3BvcnQuc2NvdGlhYmFuay5jb20ifQ.VEE0QRjt16cI-TqNONQc21q9OS9XfG23twTGxQ4Gl8C7yf6yf_8WZ1kEts2TiF9C0582p297PC9zmZwkwJTDqJZssW-0xFHKa0zMiIxx1FjpntYTLDJ3SuDcaoR1Ddzs2TWFKPSANlXP_XMndLdZLMImMVK88RN74W4keE0G8REzqU-FctVsfKm48ZX6aTUITIygyaIQ_Mliz5EqtZAsItX5-rwBd12gRSfFfFQUuG-bO9UlYqTvCah6srSW4MXNn5EmLIbN5YpmvLkMhKWvwXjxdx-KVioYGMWM1hA1qdvkV44GqgEAQ0m7DytFFvUjAk8KLHtprNe4jyYDB76h0w
x-vcap-request-id: 8c68a7e6-9438-4a6c-4ed0-3c4a52521b18
x-xss-protection: 0
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK bd-1-29 Show response
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/ 54 KB
54 KB 95ms
95ms Script
text/plain 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/bd-1-29

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

0e3ca5ff965bf78ca037fe0bb07e7e0e3af713b327a411068b2ca5f0abc3cdd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: nine13media.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Connection: keep-alive
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 04 Sep 2021 13:03:52 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Jan 2019 23:36:32 GMT
Server: nginx/1.21.1
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 54971

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 83 KB
33 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MSJKZ8

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f71a4153ff9d21007b43337a968bba83eb7b77965e1ec552d6f3ba7ca4bbaea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://nine13media.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 04 Sep 2021 13:03:54 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33930
x-xss-protection: 0
last-modified: Sat, 04 Sep 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 04 Sep 2021 13:03:54 GMT

GET
H/1.1 404
Not Found translation.json Show response
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/locales/en-US/ 806 B
1013 B 103ms
102ms XHR
text/html 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/locales/en-US/translation.json?_=1630760634453

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/scripts.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

2ec06c8a738bf8dd4da8b905cebdeed455cc92af299b4d84ec7d513a9d43e0ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: nine13media.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Connection: keep-alive
accept: */*
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

Date: Sat, 04 Sep 2021 13:03:53 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.21.1
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H/1.1 404
Not Found translation.json Show response
nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/locales/en/ 803 B
1010 B 204ms
100ms XHR
text/html 144.217.107.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/locales/en/translation.json?_=1630760634453

Requested by

Host: nine13media.com
URL: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/files/scripts.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

144.217.107.82 Beauharnois, Canada, ASN16276 (OVH, FR),

Reverse DNS

nine13media.com

Software

nginx/1.21.1 /

Resource Hash

4e6ba7caa6a69f54c29c65e1785230d2ea3e0080a314480815f7d95981da1a9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: nine13media.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
Connection: keep-alive
accept: */*
Referer: https://nine13media.com/amazo/directing/www2.scotiaonline.scotiabank.com/online/authentication/Scotiabank-BankingWeb.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

Date: Sat, 04 Sep 2021 13:03:53 GMT
X-Content-Type-Options: nosniff
Server: nginx/1.21.1
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.scotiaonline.scotiabank.com
mobilebanking4.scotiabank.com
nine13media.com
secure.scotiabank.com
www.googletagmanager.com
104.111.241.15
144.217.107.82
23.37.35.213
2a00:1450:4001:80f::2008
92.122.107.247
0e3ca5ff965bf78ca037fe0bb07e7e0e3af713b327a411068b2ca5f0abc3cdd0
0f71a4153ff9d21007b43337a968bba83eb7b77965e1ec552d6f3ba7ca4bbaea
2ec06c8a738bf8dd4da8b905cebdeed455cc92af299b4d84ec7d513a9d43e0ef
4e6ba7caa6a69f54c29c65e1785230d2ea3e0080a314480815f7d95981da1a9e
64e3b238dda41f80bcf2d4eec558ea259093b2f4b381aee2dfd18782501450f1
7c0fd0be468a611f0cd72599ed62719af766b9c2e7311bf68f73c565be51553b
af2f544a6c0fe78d7cdafd87b1bf2d65865c6823070fb88f029a8eb7851d1621
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

nine13media.com Open in urlscan Pro 144.217.107.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

20 %IPv6

3 Domains

5 Subdomains

3 IPs

2 Countries

896 kBTransfer

945 kBSize

0 Cookies

3 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

nine13media.com Open in urlscan Pro
144.217.107.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

20 %
IPv6

3
Domains

5
Subdomains

3
IPs

2
Countries

896 kB
Transfer

945 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!