www.finaltestwebsite.duckdns.org Open in urlscan Pro
20.79.155.225 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Submission: On October 14 via automatic, source openphish (October 14th 2024, 2:21:31 am UTC) — Scanned from DE

Summary HTTP 21 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 21 HTTP transactions. The main IP is 20.79.155.225, located in Frankfurt am Main, Germany and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.finaltestwebsite.duckdns.org.
TLS certificate: Issued by E5 on October 13th 2024. Valid for: 3 months.

This is the only time www.finaltestwebsite.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	20.79.155.225 20.79.155.225	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a02:26f0:710... 2a02:26f0:7100:9a7::51e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2600:9000:267... 2600:9000:2670:da00:d:e6dd:f300:21	16509 (AMAZON-02) (AMAZON-02)
1	184.31.89.73 184.31.89.73	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	52.214.156.76 52.214.156.76	16509 (AMAZON-02) (AMAZON-02)
1	54.246.177.143 54.246.177.143	16509 (AMAZON-02) (AMAZON-02)
1	54.77.0.81 54.77.0.81	16509 (AMAZON-02) (AMAZON-02)
1	63.140.62.222 63.140.62.222	15224 (OMNITURE) (OMNITURE)
1 1	34.255.61.41 34.255.61.41	16509 (AMAZON-02) (AMAZON-02)
21	9

4 20.79.155.225 (Frankfurt am Main, Germany)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.finaltestwebsite.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:7100:9a7::51e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

dmtags.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2670:da00:d:e6dd:f300:21 (United States)

ASN16509 (AMAZON-02, US)

dlslhpkfqfglo.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.89.73 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-89-73.deploy.static.akamaitechnologies.com

auth.scotiaonline.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.214.156.76 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-156-76.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.177.143 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-177-143.eu-west-1.compute.amazonaws.com

csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.0.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-0-81.eu-west-1.compute.amazonaws.com

scotiabank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.222 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-222.data.adobedc.net

somniture.scotiabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.61.41 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-61-41.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	cloudfront.net dlslhpkfqfglo.cloudfront.net	792 KB
6	scotiabank.com dmtags.scotiabank.com — Cisco Umbrella Rank: 146635 auth.scotiaonline.scotiabank.com — Cisco Umbrella Rank: 191973 somniture.scotiabank.com — Cisco Umbrella Rank: 127704	91 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 243 scotiabank.demdex.net — Cisco Umbrella Rank: 112706	4 KB
4	duckdns.org www.finaltestwebsite.duckdns.org	19 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1371	490 B
1	memcyco.com csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 440773
21	6

	Domain	Requested by
6	dlslhpkfqfglo.cloudfront.net	www.finaltestwebsite.duckdns.org dlslhpkfqfglo.cloudfront.net
4	dmtags.scotiabank.com	www.finaltestwebsite.duckdns.org dmtags.scotiabank.com
4	www.finaltestwebsite.duckdns.org	www.finaltestwebsite.duckdns.org
3	dpm.demdex.net	1 redirects www.finaltestwebsite.duckdns.org
1	cm.everesttech.net	1 redirects
1	somniture.scotiabank.com	dmtags.scotiabank.com
1	scotiabank.demdex.net	dmtags.scotiabank.com
1	csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com	dlslhpkfqfglo.cloudfront.net
1	auth.scotiaonline.scotiabank.com	www.finaltestwebsite.duckdns.org
21	9

This site contains links to these domains. Also see Links.

Domain
www.scotiabank.com

Subject Issuer	Validity	Valid
finaltestwebsite.duckdns.org E5	`2024-10-13` - `2025-01-11`	3 months	crt.sh
apps.scotiabank.com Entrust Certification Authority - L1K	`2023-11-21` - `2024-12-21`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
auth.scotiabank.com Entrust Certification Authority - L1K	`2024-01-31` - `2025-02-28`	a year	crt.sh
*.memcyco.com Amazon RSA 2048 M03	`2024-02-25` - `2025-03-25`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
somniture.scotiabank.com Entrust Certification Authority - L1K	`2024-07-23` - `2025-08-23`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Frame ID: 7F24443D6B470017530DD0282DBD213F
Requests: 18 HTTP requests in this frame

Frame: https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: A9FB2CC796DF679F38EC5892A4210CA1
Requests: 1 HTTP requests in this frame

Frame: https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 6587DE779FD441AA8ADF3D224085B0D6
Requests: 1 HTTP requests in this frame

Frame: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html
Frame ID: 5926B3332DD76B74520E817C8658AD91
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in | Scotiabank

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

86 %
HTTPS

22 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

905 kB
Transfer

2775 kB
Size

21
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.scotiabank.com/ca/en/personal.html
Title: Scotiabank

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/personal/contact-us.html
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/security.html
Title: Security

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/legal.html
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/about/contact-us/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.scotiabank.com/ca/en/personal/accessibility.html
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941

Request Chain 16

https://cm.everesttech.net/cm/dd?d_uuid=53172775256056986143453388545405280622 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwyAJwAAAEtADwO5

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/ 88 KB
19 KB 150ms
18ms Document
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 53c522f89bfce4eb46c2c5b53eb8c92874374faacaa22fde81e4ef2bd452ca07

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 18595
content-type: text/html; charset=UTF-8
date: Mon, 14 Oct 2024 02:21:26 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: LiteSpeed
vary: Accept-Encoding

GET
H/1.1 200
OK launch-edbf66c903b6.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ 252 KB
66 KB 46ms
16ms Script
application/x-javascript 2a02:26f0:7100:9a7::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Requested by

Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:7100:9a7::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

68fa9b61ae61cd5d5c02d9385e6ffffcc2712549fb658012c6c1ddde6225fd1d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "6706b6fb-3ef07"
X-Content-Type-Options: nosniff
Date: Mon, 14 Oct 2024 02:21:26 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 09 Oct 2024 17:01:47 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 1ff57add-c044-4a86-60ef-899878e090a7
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 67000
x-xss-protection: 1; mode=block

GET
H2 200 mutha-scotia-wrapper.min.js Show response
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 5 KB
3 KB 36ms
7ms Script
application/javascript 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

Requested by

Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

aacbb4075dbf1cdc7057308d94338bba14434e9a62d662edd8d106eaca821654

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

content-encoding: gzip
age: 19545
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 5a2cb96a37aeca3f9626798c4e9dab28.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: vlO4DouVXMfC0aPKn2N1krPtIAULGMkNpsKcYeT1Tm-1wId9C-CIFQ==
date: Sun, 13 Oct 2024 20:55:41 GMT
content-type: application/javascript; charset=UTF-8
x-amz-cf-pop: FRA56-P9
server: nginx

GET
H2 200 7c428f63a00e5bd025fa159e8c94389f.svg
auth.scotiaonline.scotiabank.com/assets/ 537 B
765 B 236ms
208ms Image
image/svg+xml 184.31.89.73
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth.scotiaonline.scotiabank.com/assets/7c428f63a00e5bd025fa159e8c94389f.svg

Requested by

Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.31.89.73 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-31-89-73.deploy.static.akamaitechnologies.com

Software

Resource Hash

51bf40e3535dee036bec3df6d4b279b4373fb22cdd40632535932d6999f7e37e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, immutable
x-content-type-options: nosniff
accept-ranges: bytes
x-vcap-request-id: f13484e3-e081-4fb4-54c6-c8334d61d8a5
content-length: 537
x-xss-protection: 1; mode=block
date: Mon, 14 Oct 2024 02:21:27 GMT
content-language: en
content-type: image/svg+xml

GET
H2 404 8fd30bd010d9e2c7677ec339685f958b.woff
www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ 0
0 9ms
8ms Font
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/8fd30bd010d9e2c7677ec339685f958b.woff
Requested by: Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.finaltestwebsite.duckdns.org
Referer: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Response headers

cache-control: private, no-cache, max-age=0
content-encoding: gzip
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
date: Mon, 14 Oct 2024 02:21:26 GMT
content-type: text/html
vary: Accept-Encoding
server: LiteSpeed

GET
H2 200 jquery-3.6.1.min.js Show response
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 2 MB
781 KB 7ms
7ms Script
application/javascript 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

7005532e5f203588e3311c9577d6ce84124b50e9344bee25199e9c28d6ae676a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

content-encoding: gzip
age: 19353
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 5a2cb96a37aeca3f9626798c4e9dab28.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: t-nE8o50zQRyaHKVfCJyTRsLQ8QQTfrOvkxzupH2JkkDnFjnlblC7g==
date: Sun, 13 Oct 2024 20:58:53 GMT
content-type: application/javascript; charset=UTF-8
x-amz-cf-pop: FRA56-P9
server: nginx

GET
H2 404 50805f331bb1b697aafb6f0c28b09212.woff2
www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ 0
0 8ms
7ms Font
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/50805f331bb1b697aafb6f0c28b09212.woff2
Requested by: Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.finaltestwebsite.duckdns.org
Referer: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Response headers

cache-control: private, no-cache, max-age=0
content-encoding: gzip
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
date: Mon, 14 Oct 2024 02:21:26 GMT
content-type: text/html
vary: Accept-Encoding
server: LiteSpeed

GET
H2

200

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941

5 KB
2 KB

36ms
36ms

XHR
application/json

52.214.156.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941

Requested by

Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

Server

52.214.156.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-156-76.eu-west-1.compute.amazonaws.com

Software

Resource Hash

2e5e11f0b9cd5fe733d69c19a38705ba1027bde7f80c5021910ab924f51fb239

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-2-v066-0eebf2cd9.edge-irl1.demdex.com 4 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: 7Wr7pSTwTow=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
content-length: 1721
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 14 Oct 2024 02:21:27 GMT
content-type: application/json;charset=utf-8
vary: Origin

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728872486941
dcs: dcs-prod-irl1-2-v066-0d643a734.edge-irl1.demdex.com 0 ms
pragma: no-cache
access-control-allow-credentials: true
x-tid: KYfNChBtTDs=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 14 Oct 2024 02:21:27 GMT
vary: Origin

GET
H/1.1 200
OK AppMeasurement.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 16ms
16ms Script
application/x-javascript 2a02:26f0:7100:9a7::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:7100:9a7::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "6706b7cc-8d52"
X-Content-Type-Options: nosniff
Date: Mon, 14 Oct 2024 02:21:26 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 09 Oct 2024 17:05:16 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 10aeecb2-aa91-434e-7b73-96b7cb35d92c
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 13012
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK AppMeasurement_Module_ActivityMap.min.js Show response
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 31ms
14ms Script
application/x-javascript 2a02:26f0:7100:9a7::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:7100:9a7::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "6706b6fb-cd4"
X-Content-Type-Options: nosniff
Date: Mon, 14 Oct 2024 02:21:26 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 09 Oct 2024 17:01:47 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 6183afa9-d45d-4c12-6fce-542d00ae3e85
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 1597
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK otSDKStub.js Show response
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ 21 KB
7 KB 25ms
14ms Script
application/x-javascript 2a02:26f0:7100:9a7::51e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js

Requested by

Host: www.finaltestwebsite.duckdns.org
URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Protocol

HTTP/1.1

Security

TLS 1.3, , CHACHA20_POLY1305

Server

2a02:26f0:7100:9a7::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://.bns https://*.bns ;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

Content-Encoding: gzip
ETag: "66884eaf-524b"
X-Content-Type-Options: nosniff
Date: Mon, 14 Oct 2024 02:21:26 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 05 Jul 2024 19:51:11 GMT
Vary: Accept-Encoding, origin
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Content-Security-Policy: frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
x-vcap-request-id: 8ed6200b-d357-481c-6af9-e49b94e7998b
Access-Control-Allow-Origin: https://scotiabank.com
Content-Length: 6793
x-xss-protection: 1; mode=block

GET 4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ 0
0

GET
H2 200 gpk Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 791 B
1 KB 19ms
6ms XHR
application/json 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80&e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3f62426593c5e46afbdeebb9e78433a1cbced79d2e211e73d2e22d9405a3110e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

content-encoding: gzip
age: 19353
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 6b15a9d1514a5645abfd43cbf330ce48.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
x-cache: Hit from cloudfront
x-amz-cf-id: BQrWV7sOh-bMgm9G9iFjcTZ5YwCUKYe9j2p4Hus5WGBvFpSy0awHBQ==
date: Sun, 13 Oct 2024 20:58:54 GMT
content-type: application/json
x-amz-cf-pop: FRA56-P9
server: nginx

GET
H3 404 favicon.ico
www.finaltestwebsite.duckdns.org/ 1 KB
952 B 9ms
8ms Other
text/html 20.79.155.225
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.finaltestwebsite.duckdns.org/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 20.79.155.225 Frankfurt am Main, Germany, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: LiteSpeed /
Resource Hash: 679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e

Response headers

cache-control: private, no-cache, max-age=0
content-encoding: gzip
pragma: no-cache
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
date: Mon, 14 Oct 2024 02:21:27 GMT
content-type: text/html
vary: Accept-Encoding
server: LiteSpeed

GET
H2 200 csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame A9FB 0
0 128ms
55ms Document
text/html 54.246.177.143
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.246.177.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-246-177-143.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.finaltestwebsite.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 14 Oct 2024 02:21:27 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only

GET
H2 200 dest5.html
scotiabank.demdex.net/ Frame 6587 0
0 93ms
30ms Document
text/html 54.77.0.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://scotiabank.demdex.net/dest5.html?d_nsid=0

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.77.0.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-77-0-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.finaltestwebsite.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 14 Oct 2024 02:21:27 GMT
dcs: dcs-prod-irl1-1-v066-09c12a92b.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 10 Oct 2024 08:51:48 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: LNgpxcqnTSc=

GET
H2 200 id Show response
somniture.scotiabank.com/ 48 B
471 B 65ms
21ms XHR
application/x-javascript 63.140.62.222
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=49607354071386934122521514108052425852&ts=1728872487111

Requested by

Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.222 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-222.data.adobedc.net

Software

jag /

Resource Hash

8aa988701a84e515c7469402bf797f0b845eeb1c5caf76a3d29fe0d48f834a9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
p3p: CP="This is not a P3P policy"
content-length: 48
date: Mon, 14 Oct 2024 02:21:27 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript;charset=utf-8
vary: Origin
server: jag

GET
H2

200

ibs:dpid=411&dpuuid=ZwyAJwAAAEtADwO5
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=53172775256056986143453388545405280622
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwyAJwAAAEtADwO5

42 B
716 B

37ms
37ms

Image
image/gif

52.214.156.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwyAJwAAAEtADwO5

Protocol

Server

52.214.156.76 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-214-156-76.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.finaltestwebsite.duckdns.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v066-051831fca.edge-irl1.demdex.com 2 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: 15CErWCNReE=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 14 Oct 2024 02:21:27 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwyAJwAAAEtADwO5
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Mon, 14 Oct 2024 02:21:27 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

GET
H2 200 lwsa.html
dlslhpkfqfglo.cloudfront.net/cdn/ca/ Frame 5926 0
0 21ms
8ms Document
text/html 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.finaltestwebsite.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
age: 19352
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 13 Oct 2024 20:58:55 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx
via: 1.1 e3824a4cc698f190d3fa6fe687f1a600.cloudfront.net (CloudFront)
x-amz-cf-id: h4pQ0k8t4ZF8uc6v5IOKQd7pQPl6d5kRY62lI-_Moj0eIEf6fpr_qg==
x-amz-cf-pop: FRA56-P9
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only

POST
H2 200 gwf Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 8 KB
6 KB 514ms
513ms XHR
text/plain 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf?e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b9aeae93cb3a68b3b7fe1c80b4f84f547b149ebab955947756f002c8f636f92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.finaltestwebsite.duckdns.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-encoding: gzip
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 5a2cb96a37aeca3f9626798c4e9dab28.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
x-cache: Miss from cloudfront
x-amz-cf-id: 4IzDGXd8ON8AcYuuNbxmgffk-oRQHcFxhVzv5U-j6hD5aZU3zQEciA==
date: Mon, 14 Oct 2024 02:21:27 GMT
content-type: text/plain; charset=UTF-8
x-amz-cf-pop: FRA56-P9
server: nginx

POST
H2 200 l Show response
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 104 B
541 B 542ms
540ms XHR
text/plain 2600:9000:2670:da00:d:e6dd:f300:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dlslhpkfqfglo.cloudfront.net/cdn/cd/l?e=v

Requested by

Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2670:da00:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

ea2b99eec9d0183942c5aa500cece8c1b5cc3873387c87187b405e1d9c71ab10

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.finaltestwebsite.duckdns.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
via: 1.1 5a2cb96a37aeca3f9626798c4e9dab28.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.finaltestwebsite.duckdns.org
x-cache: Miss from cloudfront
content-length: 104
x-amz-cf-id: VaGlWN29Rr7YUdBOLZ4zebaq6KWYvoq4GZ7w1mH4bybw8i9SJ_X8Yg==
date: Mon, 14 Oct 2024 02:21:28 GMT
content-type: text/plain; charset=UTF-8
x-amz-cf-pop: FRA56-P9
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

21 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.finaltestwebsite.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: ar6kibhshbi4nv8cuu8s4udn01
dlslhpkfqfglo.cloudfront.net/	1970-01-21 00:14:32	Name: aphishCookie-1728852941676-SCOTIA Value: sKr2Zd294RuU1DmW0lIQKobXR7c8ANBB7cuAUGxPrdupVwBB5y
.demdex.net/	1970-01-21 04:33:44	Name: demdex Value: 53172775256056986143453388545405280622
.finaltestwebsite.duckdns.org/	1969-12-31 23:59:59	Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/	1970-01-21 00:24:37	Name: AWSALBCORS Value: eUGDxhWr/evVHQ0i7j309CXv67WRvT1y35b9VZ8mFChDKaAQZGYWzeJ4tfLTkrAHeNo0gTYFbu9ho9F/AmlozKaOQCFBVLKsrhF5/Ar0F6qm71RyFuODBsKBozdW
.dpm.demdex.net/	1970-01-21 04:33:44	Name: dpm Value: 53172775256056986143453388545405280622
.finaltestwebsite.duckdns.org/	1970-01-21 09:50:32	Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C20011%7CMCMID%7C49607354071386934122521514108052425852%7CMCAAMLH-1729477287%7C6%7CMCAAMB-1729477287%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1728879687s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-20018%7CvVersion%7C5.5.0
.adnxs.com/	1970-01-21 09:50:32	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-21 09:36:08	Name: IDE Value: AHWqTUl_79NQrPyA4My5npXxZL9_22hLD32B8h3QuCdIAP5b0CUi8wpTlGkp82bchyk
.mathtag.com/	1970-01-21 09:40:27	Name: uuid Value: eb5c670c-8027-4b00-8e99-46663a3e5fbf
.rfihub.com/	1970-01-21 09:36:08	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjEwNTEwszQyNhXiM9QtyLZwKdZNrqrINYsCAMeFRCYlAAAA
.rfihub.com/	1970-01-21 09:36:08	Name: eud Value: H4sIAAAAAAAA_1vFxGtobmRhYW5kYmFuaWQGAMyY4bIQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjEwNTEwszQyNhXiM9QtyLZwKdZNrqrINYsCAMeFRCYlAAAA
.twitter.com/	1970-01-21 09:50:32	Name: personalization_id Value: "v1_718LHip9DMMB3SKQFN1S0g=="
.eyeota.net/	1970-01-21 00:14:33	Name: SERVERID Value: 16870~DM
.quantserve.com/	1970-01-21 09:44:46	Name: mc Value: 670c8028-510cb-56064-dfe90
.quantserve.com/	1970-01-21 02:24:08	Name: sp Value: CgkIjd0BEgMQ0w0=
.demdex.net/	1970-01-21 04:33:44	Name: dextp Value: 269-1-1728872487220\|358-1-1728872487321\|601-1-1728872487422\|771-1-1728872487523\|822-1-1728872487627\|1123-1-1728872487728\|1121-1-1728872487828\|903-1-1728872487937\|1175-1-1728872488042\|22052-1-1728872488143\|30064-1-1728872488244\|30646-1-1728872488347\|73426-1-1728872488448\|121998-1-1728872488549\|144230-1-1728872488649\|144231-1-1728872488750\|144232-1-1728872488851\|144233-1-1728872488952\|144234-1-1728872489052\|144235-1-1728872489153\|144236-1-1728872489254\|144237-1-1728872489354\|161033-1-1728872489455\|139200-1-1728872489555
.onaudience.com/	1970-01-21 09:00:08	Name: cookie Value: 73d9f4c774ba18e0
.amazon-adsystem.com/	1970-01-21 06:28:56	Name: ad-id Value: Aztlsrfda0M9gm22LYv85kw
.amazon-adsystem.com/	1970-01-21 09:50:32	Name: ad-privacy Value: 0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/8fd30bd010d9e2c7677ec339685f958b.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/50805f331bb1b697aafb6f0c28b09212.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.finaltestwebsite.duckdns.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://www.finaltestwebsite.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e Message: Access to XMLHttpRequest at 'https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json' from origin 'https://www.finaltestwebsite.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://scotiabank.com' that is not equal to the supplied origin.
network	error	URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.scotiaonline.scotiabank.com
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
scotiabank.demdex.net
somniture.scotiabank.com
www.finaltestwebsite.duckdns.org
dmtags.scotiabank.com
184.31.89.73
20.79.155.225
2600:9000:2670:da00:d:e6dd:f300:21
2a02:26f0:7100:9a7::51e
34.255.61.41
52.214.156.76
54.246.177.143
54.77.0.81
63.140.62.222
2e5e11f0b9cd5fe733d69c19a38705ba1027bde7f80c5021910ab924f51fb239
3f62426593c5e46afbdeebb9e78433a1cbced79d2e211e73d2e22d9405a3110e
51bf40e3535dee036bec3df6d4b279b4373fb22cdd40632535932d6999f7e37e
53c522f89bfce4eb46c2c5b53eb8c92874374faacaa22fde81e4ef2bd452ca07
679e7e62b81267c93d0778083ae0fd0efe24172ff0ac581835b54165b3d9ed43
68fa9b61ae61cd5d5c02d9385e6ffffcc2712549fb658012c6c1ddde6225fd1d
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
7005532e5f203588e3311c9577d6ce84124b50e9344bee25199e9c28d6ae676a
8aa988701a84e515c7469402bf797f0b845eeb1c5caf76a3d29fe0d48f834a9d
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
aacbb4075dbf1cdc7057308d94338bba14434e9a62d662edd8d106eaca821654
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b9aeae93cb3a68b3b7fe1c80b4f84f547b149ebab955947756f002c8f636f92f
ea2b99eec9d0183942c5aa500cece8c1b5cc3873387c87187b405e1d9c71ab10
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

www.finaltestwebsite.duckdns.org Open in urlscan Pro 20.79.155.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

86 %HTTPS

22 %IPv6

6 Domains

9 Subdomains

9 IPs

3 Countries

905 kBTransfer

2775 kBSize

21 Cookies

6 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

21 Cookies

6 Console Messages

Indicators

www.finaltestwebsite.duckdns.org Open in urlscan Pro
20.79.155.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

86 %
HTTPS

22 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

905 kB
Transfer

2775 kB
Size

21
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!