urlscan.io logo urlscan.io
SecurityTrails logo

naucora.cfd Open in urlscan Pro
193.233.203.151  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Submission: On July 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 6 domains to perform 23 HTTP transactions. The main IP is 193.233.203.151, located in Chisinau, Moldova and belongs to ALEXHOST, MD. The main domain is naucora.cfd.
This is the only time naucora.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

IP Address AS Autonomous System
8 193.233.203.151 200019 (ALEXHOST)
4 2a02:26f0:480... 20940 (AKAMAI-ASN1)
5 2600:9000:238... 16509 (AMAZON-02)
1 3 63.35.110.225 16509 (AMAZON-02)
1 54.76.5.246 16509 (AMAZON-02)
1 63.140.62.222 16509 (AMAZON-02)
1 1 52.215.27.40 16509 (AMAZON-02)
1 34.243.0.75 16509 (AMAZON-02)
23 8
8    193.233.203.151 (Chisinau, Moldova)

ASN200019 (ALEXHOST, MD)
PTR: rbc-verifyid.com
naucora.cfd
4    2a02:26f0:480:b9a::51e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
dmtags.scotiabank.com
5    2600:9000:238d:1600:d:e6dd:f300:21 (United States)

ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net
3    63.35.110.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-110-225.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    54.76.5.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-5-246.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net
1    63.140.62.222 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-222.data.adobedc.net
somniture.scotiabank.com
1    52.215.27.40 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-27-40.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    34.243.0.75 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-0-75.eu-west-1.compute.amazonaws.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
Apex Domain
Subdomains		 Transfer
8 naucora.cfd
naucora.cfd
96 KB
5 cloudfront.net
dlslhpkfqfglo.cloudfront.net
792 KB
5 scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 273867
somniture.scotiabank.com — Cisco Umbrella Rank: 196692
91 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 319
scotiabank.demdex.net — Cisco Umbrella Rank: 160796
4 KB
1 memcyco.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 672463
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 2184
490 B
23 6
Domain Requested by
8 naucora.cfd naucora.cfd
5 dlslhpkfqfglo.cloudfront.net naucora.cfd
dlslhpkfqfglo.cloudfront.net
4 dmtags.scotiabank.com naucora.cfd
dmtags.scotiabank.com
3 dpm.demdex.net 1 redirects
1 csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com dlslhpkfqfglo.cloudfront.net
1 cm.everesttech.net 1 redirects
1 somniture.scotiabank.com dmtags.scotiabank.com
1 scotiabank.demdex.net dmtags.scotiabank.com
23 8

This site contains links to these domains. Also see Links.

Domain
www.scotiabank.com
Subject Issuer Validity Valid
apps.scotiabank.com
Entrust Certification Authority - L1K		 2023-11-21 -
2024-12-21		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
somniture.scotiabank.com
Entrust Certification Authority - L1K		 2023-08-21 -
2024-09-21		 a year crt.sh
*.memcyco.com
Amazon RSA 2048 M03		 2024-02-25 -
2025-03-25		 a year crt.sh

This page contains 3 frames:

Primary Page: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Frame ID: A157D2FE3A6EED448CBBDE5A67A62FC4
Requests: 21 HTTP requests in this frame

Frame: https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 3CF660CD594044B26476761D78DA0D28
Requests: 1 HTTP requests in this frame

Frame: https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: 2A923E644065DD698E1633A3A7BEBAD2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in | Scotiabank

Page URL History Show full URLs

  1. http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch... HTTP 307
    https://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch... HTTP 307
    http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

52 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

4
Countries

982 kB
Transfer

3200 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js HTTP 307
    https://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js HTTP 307
    http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
Request Chain 18
  • https://cm.everesttech.net/cm/dd?d_uuid=17894615830935143201855734969584442340 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request main.054ad90d49cb5bf3a1c6.chunk.js
naucora.cfd/scotia/personal/details/index.php/assets/assets/
Redirect Chain
  • http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
  • https://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
  • http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
100 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
17493
Content-Type
text/html; charset=UTF-8
Date
Thu, 18 Jul 2024 15:48:28 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding

Redirect headers

Location
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Non-Authoritative-Reason
HttpsUpgrades
launch-edbf66c903b6.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ 		256 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:480:b9a::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
68056
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:22:51 GMT
Server
nginx/1.25.3
ETag
"668ec36b-3ffaf"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
5a4b3bcf-6d51-4de3-61f1-22539136fbc6
Cache-Control
private
Accept-Ranges
bytes
mutha-scotia-wrapper.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 00:35:48 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
age
54760
x-frame-options
DENY
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-credentials
true
x-amz-cf-id
N7xVpQ3P53qp2ZzD-G24eHVqq2nZOBUgmDq7Lqk37thsocsrZB-pOg==
7c428f63a00e5bd025fa159e8c94389f.svg
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/7c428f63a00e5bd025fa159e8c94389f.svg
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
17493
main.054ad90d49cb5bf3a1c6.chunk.js
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ 		100 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
styles.ee1730d27a38e7dfb0d6.css
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ 		100 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/styles.ee1730d27a38e7dfb0d6.css
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
8fd30bd010d9e2c7677ec339685f958b.woff
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ 		100 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/8fd30bd010d9e2c7677ec339685f958b.woff
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Origin
http://naucora.cfd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
1pOmQMP1I
naucora.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/1pOmQMP1I
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Server
Apache/2.4.52 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
273
Content-Type
text/html; charset=iso-8859-1
50805f331bb1b697aafb6f0c28b09212.woff2
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ 		100 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/50805f331bb1b697aafb6f0c28b09212.woff2
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Origin
http://naucora.cfd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
17493
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 		2 MB
781 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 00:35:49 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
age
54759
x-frame-options
DENY
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-credentials
true
x-amz-cf-id
ISRNWQxHNdZYR8awScZsyNeg3AM6grVKCNKdxKTVjoTotVZxwbQ5Sw==
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
Protocol
H2
Server
63.35.110.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-35-110-225.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d620b6048232cdc58e603eda62e33796f2959833ca42dcd8e0e5102e80835091
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-2-v063-0e243c3dd.edge-irl1.demdex.com 3 ms
pragma
no-cache
date
Thu, 18 Jul 2024 15:48:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
RNEBcLSRSkE=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
http://naucora.cfd
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
1711
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-irl1-2-v063-0907ccebb.edge-irl1.demdex.com 1 ms
pragma
no-cache
date
Thu, 18 Jul 2024 15:48:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
RN0w025QT6A=
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
access-control-allow-origin
http://naucora.cfd
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:480:b9a::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
12938
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:26:53 GMT
Server
nginx/1.25.3
ETag
"668ec45d-8be7"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
1f28b525-b760-437e-6025-32d3e8d06a82
Cache-Control
private
Accept-Ranges
bytes
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:480:b9a::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
1599
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:26:53 GMT
Server
nginx/1.25.3
ETag
"668ec45d-cd4"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
e27a333e-c96a-4f40-53cf-9217e4bc1bd3
Cache-Control
private
Accept-Ranges
bytes
otSDKStub.js
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js
Requested by
Host: naucora.cfd
URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:480:b9a::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:29 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
6793
x-xss-protection
1; mode=block
Last-Modified
Fri, 05 Jul 2024 19:51:11 GMT
Server
nginx/1.25.3
ETag
"66884eaf-524b"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
cd70865c-9ca1-4461-4ba3-32a4dcbf36f6
Cache-Control
private
Accept-Ranges
bytes
4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ 		0
0
favicon.ico
naucora.cfd/ 		273 B
489 B 		Other
General
Check archive.org
Download Go to
Full URL
http://naucora.cfd/favicon.ico
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
24565b5d66817199cc973ee08dba4f4528e5551358d210633916953e4814e8e5

Request headers

Referer
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 18 Jul 2024 15:48:29 GMT
Server
Apache/2.4.52 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
273
Content-Type
text/html; charset=iso-8859-1
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		767 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80&
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 18 Jul 2024 00:35:51 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
content-encoding
gzip
x-permitted-cross-domain-policies
master-only
via
1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
age
54758
x-cache
Hit from cloudfront
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
http://naucora.cfd
access-control-allow-credentials
true
x-amz-cf-id
Atvde7hPL2fZR3_RtHo-sTxmHB8f6ZlCKnfDxpiFKsfqEe7WbD7Njw==
dest5.html
scotiabank.demdex.net/ Frame 3CF6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.76.5.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-5-246.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://naucora.cfd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Thu, 18 Jul 2024 15:48:29 GMT
dcs
dcs-prod-irl1-2-v063-0d9beb7a6.edge-irl1.demdex.com 0 ms
expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Thu, 18 Jul 2024 10:28:53 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
x-tid
r92BHTwoTPo=
id
somniture.scotiabank.com/ 		48 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=15693999875040494741500319017259824886&ts=1721317709201
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.222 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
4deb009906ce216cd7e2932908e7f193814e4384cf9db7faab9e7161bf9284d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 18 Jul 2024 15:48:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
http://naucora.cfd
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=17894615830935143201855734969584442340
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
42 B
718 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
Protocol
H2
Server
63.35.110.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-35-110-225.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-2-v063-0ff27c1a9.edge-irl1.demdex.com 3 ms
pragma
no-cache
date
Thu, 18 Jul 2024 15:48:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
DBfQEc4HQSI=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
Date
Thu, 18 Jul 2024 15:48:29 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame 2A92 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.243.0.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-0-75.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://naucora.cfd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 18 Jul 2024 15:48:29 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf?
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
134eeeb4a57dc806d01d30253dbe2dbb82a3d8ba32f4a0da687fc3b3c0d410d1
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 18 Jul 2024 15:48:29 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
x-frame-options
DENY
x-cache
Miss from cloudfront
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://naucora.cfd
access-control-allow-credentials
true
x-amz-cf-id
kSPTmgN5QD5sTfC3rMUXbfPv0uBWQwjBUIeE74i5m2de3kz3jQoPfg==
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		104 B
580 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/l?
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:1600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
d3bb47e33842ca93bb0557685e661f1733947fb4507865aeae0521a8ee476d27
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
http://naucora.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 18 Jul 2024 15:48:30 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
via
1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront)
server
nginx
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
AMS1-P1
x-frame-options
DENY
x-cache
Miss from cloudfront
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://naucora.cfd
access-control-allow-credentials
true
content-length
104
x-amz-cf-id
_77W4bTNw3Hfj3GSzMefDmlYGNdVKdfj1JU9X4QsflsmIx8N1APw6w==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dmtags.scotiabank.com
URL
https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| stylesLink object| process object| LD_CONFIG object| REDUX_STATE object| webpackJsonp function| a0d function| a0ad function| a0ab function| a0ac function| a0c object| a0f function| a0e function| a0af function| a0ai function| a0ah boolean| a0g function| a0F function| a0ag string| a0h function| a0ae string| a0i function| a0E function| a0a9 function| a0j number| a0k function| a0aa function| a0l object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| OptanonWrapper object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s function| inList number| a object| OneTrustStub function| $ function| jQuery function| lTa object| murmurHash3 function| UAParser object| localforage object| KJUR function| JSEncrypt object| CryptoJS

20 Cookies

Domain/Path Name / Value
dlslhpkfqfglo.cloudfront.net/ Name: aphishCookie-1721262948600-SCOTIA
Value: 0
.demdex.net/ Name: demdex
Value: 17894615830935143201855734969584442340
.naucora.cfd/ Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg
Value: 1
.dpm.demdex.net/ Name: dpm
Value: 17894615830935143201855734969584442340
.naucora.cfd/ Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19923%7CMCMID%7C15693999875040494741500319017259824886%7CMCAAMLH-1721922509%7C6%7CMCAAMB-1721922509%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1721324909s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19930%7CvVersion%7C5.5.0
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/ Name: AWSALBCORS
Value: PpvO13eUrGMH+6HknaED0Tx438fOzSxHfxORPuWJbcyoKGOwN5kBnmQTAKQiekZfU89cDLpre9kmwdJ8T7bNqQJIMPOumi5F0JldotPQYUu/qxTRjX6L5uLN69E3
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.mathtag.com/ Name: uuid
Value: 7c346699-394e-4a00-bf54-c86d24ba0a89
.doubleclick.net/ Name: IDE
Value: AHWqTUmics7WYbc9eEQLq_8TMeJtKkiMc9ywWy-yoUd_7v-nroORkq5uFoxZI58eBUo
.twitter.com/ Name: personalization_id
Value: "v1_b97aMKUvCkPOuDowRZwo0Q=="
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjYwN7c0NTGxNBTiM9QNNS3Iife39DTILksEAHhwCTIlAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjYwN7c0NTGxNBTiM9QNNS3Iife39DTILksEAHhwCTIlAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1vFxGtobmRobGhubmhgbGAAAPxhZ5gQAAAA
.quantserve.com/ Name: d
Value: EOsBDAGtLLmvYA
.quantserve.com/ Name: mc
Value: 6699394e-54cae-c9f3c-786e3
.eyeota.net/ Name: SERVERID
Value: 17328~DM
.demdex.net/ Name: dextp
Value: 269-1-1721317709405|358-1-1721317709505|601-1-1721317709608|771-1-1721317709708|822-1-1721317709809|1123-1-1721317709910|1121-1-1721317710019|903-1-1721317710119|1175-1-1721317710220|22052-1-1721317710321|30064-1-1721317710425|30646-1-1721317710527|73426-1-1721317710632|121998-1-1721317710733|144230-1-1721317710833|144231-1-1721317710934|144232-1-1721317711035|144233-1-1721317711135|144234-1-1721317711236|144235-1-1721317711337|144236-1-1721317711437|144237-1-1721317711538|161033-1-1721317711638|139200-1-1721317711739
.onaudience.com/ Name: cookie
Value: 58f7056ea035525e
.amazon-adsystem.com/ Name: ad-id
Value: A9pmqmQdBUYHhLVlU-r7LFA
.amazon-adsystem.com/ Name: ad-privacy
Value: 0

8 Console Messages

Source Level URL
Text
network error URL: http://naucora.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/1pOmQMP1I
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Message:
Failed to decode downloaded font: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/8fd30bd010d9e2c7677ec339685f958b.woff
other warning URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Message:
OTS parsing error: invalid sfntVersion: 538976288
other warning URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Message:
Failed to decode downloaded font: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/50805f331bb1b697aafb6f0c28b09212.woff2
other warning URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Message:
OTS parsing error: invalid sfntVersion: 538976288
network error URL: http://naucora.cfd/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Message:
Access to XMLHttpRequest at 'https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json' from origin 'http://naucora.cfd' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://scotiabank.com' that is not equal to the supplied origin.
network error URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
naucora.cfd
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
193.233.203.151
2600:9000:238d:1600:d:e6dd:f300:21
2a02:26f0:480:b9a::51e
34.243.0.75
52.215.27.40
54.76.5.246
63.140.62.222
63.35.110.225
134eeeb4a57dc806d01d30253dbe2dbb82a3d8ba32f4a0da687fc3b3c0d410d1
24565b5d66817199cc973ee08dba4f4528e5551358d210633916953e4814e8e5
4deb009906ce216cd7e2932908e7f193814e4384cf9db7faab9e7161bf9284d0
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
d3bb47e33842ca93bb0557685e661f1733947fb4507865aeae0521a8ee476d27
d620b6048232cdc58e603eda62e33796f2959833ca42dcd8e0e5102e80835091
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720