et.interac-nb1.com
Open in
urlscan Pro
82.180.162.217
Malicious Activity!
Public Scan
Effective URL: https://et.interac-nb1.com/sh/9j304I/scotiaonline/login.php?cmd=login_submit&id=d344deb66dd8eea310f7d4a20f6d3065d344deb66dd...
Submission: On July 13 via manual from PH — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 12th 2022. Valid for: 3 months.
This is the only time et.interac-nb1.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 11 | 82.180.162.217 82.180.162.217 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
7 7 | 45.60.115.208 45.60.115.208 | 19551 (INCAPSULA) (INCAPSULA) | |
7 | 45.60.87.208 45.60.87.208 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2003 | 15169 (GOOGLE) (GOOGLE) | |
11 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
interac.ca
7 redirects
interac.ca — Cisco Umbrella Rank: 109536 www.interac.ca — Cisco Umbrella Rank: 504525 |
285 B |
11 |
interac-nb1.com
8 redirects
et.interac-nb1.com |
254 KB |
1 |
gstatic.com
fonts.gstatic.com |
17 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
11 | et.interac-nb1.com |
8 redirects
et.interac-nb1.com
|
7 | www.interac.ca |
et.interac-nb1.com
|
7 | interac.ca | 7 redirects |
1 | fonts.gstatic.com |
et.interac-nb1.com
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
mobilebanking4.scotiabank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
et.interac-nb1.com cPanel, Inc. Certification Authority |
2022-07-12 - 2022-10-10 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://et.interac-nb1.com/sh/9j304I/scotiaonline/login.php?cmd=login_submit&id=d344deb66dd8eea310f7d4a20f6d3065d344deb66dd8eea310f7d4a20f6d3065&session=d344deb66dd8eea310f7d4a20f6d3065d344deb66dd8eea310f7d4a20f6d3065
Frame ID: A11C13C348846F865EC2238BE4F9477D
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Scotiabank-BankingWebPage URL History Show full URLs
-
https://et.interac-nb1.com/sh/9j304I/scotiaonline/
HTTP 302
https://et.interac-nb1.com/sh/9j304I/scotiaonline/login.php?cmd=login_submit&id=d344deb66dd8eea310f7d4a... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
ZURB Foundation (Web Frameworks) Expand
Detected patterns
- <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Need help signing in?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://et.interac-nb1.com/sh/9j304I/scotiaonline/
HTTP 302
https://et.interac-nb1.com/sh/9j304I/scotiaonline/login.php?cmd=login_submit&id=d344deb66dd8eea310f7d4a20f6d3065d344deb66dd8eea310f7d4a20f6d3065&session=d344deb66dd8eea310f7d4a20f6d3065d344deb66dd8eea310f7d4a20f6d3065 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://et.interac-nb1.com/sh/9j304I/scotiaonline/files/gtm.js.t%C3%A9l%C3%A9chargement HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/files/analytics.js.t%C3%A9l%C3%A9chargement HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/images/star-inactive.svg HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/images/location.png HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/images/contact.png HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/images/guarantee.png HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
- https://et.interac-nb1.com/sh/9j304I/scotiaonline/images/verify.png HTTP 302
- https://interac.ca/error HTTP 301
- https://www.interac.ca/error
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
et.interac-nb1.com/sh/9j304I/scotiaonline/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
et.interac-nb1.com/sh/9j304I/scotiaonline/files/ |
236 KB 236 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-logo.png
et.interac-nb1.com/sh/9j304I/scotiaonline/files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/lato/v11/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
www.interac.ca/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.interac.ca/ | Name: visid_incap_1659541 Value: hoQrqDLUTveQFNJAQnfadSgUzmIAAAAAQUIPAAAAAAAGS5OU3J7w5un+JyoGzijf |
|
.interac.ca/ | Name: nlbi_1659541 Value: 4+3Gf+9Y6mIvIM/fpXbVZgAAAADFBQFPfv0xxJAsHvLXSdsV |
|
.interac.ca/ | Name: incap_ses_1104_1659541 Value: ff74O1v/i06+F1GN1zJSDyoUzmIAAAAAqu0oUUtLoZ7IdzSDVfwLmg== |
|
www.interac.ca/ | Name: AWSALBCORS Value: P5nSdRDiIGKntaYkuUdpUpW3/u5HIMevayKFfuPkyUMtWVk2NvW4eJY7hbtY8gmIiWWuHZX52a+33s58tcybPd2PYau6d28MBfidbj6e7yHyle0pquC1h9YQ2r7X |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
et.interac-nb1.com
fonts.gstatic.com
interac.ca
www.interac.ca
2a00:1450:4001:82a::2003
45.60.115.208
45.60.87.208
82.180.162.217
0a78da58babddb651b51f1fccda38e727b9fa6aef612899b495c77cdabfb82cc
474e71b90809fee123704b882a237b6013fcc6d3f9520fb9b54d386017c61129
a4bdb96b753b074042b4f6bba5a25fd0dd39e410dd1599783329319ebf32b0e8
b3c414806e659b347c31f9205558d257b959cb5a465ba7c83943a3a8ca6aa59f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855