urlscan.io logo urlscan.io
SecurityTrails logo

bonivan.cfd Open in urlscan Pro
193.233.203.151  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Submission: On July 17 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 6 domains to perform 23 HTTP transactions. The main IP is 193.233.203.151, located in Chisinau, Moldova and belongs to ALEXHOST, MD. The main domain is bonivan.cfd.
This is the only time bonivan.cfd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

IP Address AS Autonomous System
8 193.233.203.151 200019 (ALEXHOST)
4 2a02:26f0:170... 20940 (AKAMAI-ASN1)
5 2600:9000:267... 16509 (AMAZON-02)
1 3 63.32.136.28 16509 (AMAZON-02)
1 34.243.204.162 16509 (AMAZON-02)
1 63.140.62.222 15224 (OMNITURE)
1 1 52.19.10.201 16509 (AMAZON-02)
1 99.80.78.170 16509 (AMAZON-02)
23 8
8    193.233.203.151 (Chisinau, Moldova)

ASN200019 (ALEXHOST, MD)
PTR: rbc-verifyid.com
bonivan.cfd
4    2a02:26f0:1700:194::51e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
dmtags.scotiabank.com
5    2600:9000:2670:9600:d:e6dd:f300:21 (United States)

ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net
3    63.32.136.28 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-136-28.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    34.243.204.162 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-204-162.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net
1    63.140.62.222 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-222.data.adobedc.net
somniture.scotiabank.com
1    52.19.10.201 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-10-201.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    99.80.78.170 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-78-170.eu-west-1.compute.amazonaws.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
Apex Domain
Subdomains		 Transfer
8 bonivan.cfd
bonivan.cfd
96 KB
5 cloudfront.net
dlslhpkfqfglo.cloudfront.net
791 KB
5 scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 273867
somniture.scotiabank.com — Cisco Umbrella Rank: 196692
91 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 319
scotiabank.demdex.net — Cisco Umbrella Rank: 160796
4 KB
1 memcyco.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 672463
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 2184
490 B
23 6
Domain Requested by
8 bonivan.cfd bonivan.cfd
5 dlslhpkfqfglo.cloudfront.net bonivan.cfd
dlslhpkfqfglo.cloudfront.net
4 dmtags.scotiabank.com bonivan.cfd
dmtags.scotiabank.com
3 dpm.demdex.net 1 redirects
1 csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com dlslhpkfqfglo.cloudfront.net
1 cm.everesttech.net 1 redirects
1 somniture.scotiabank.com dmtags.scotiabank.com
1 scotiabank.demdex.net dmtags.scotiabank.com
23 8

This site contains links to these domains. Also see Links.

Domain
www.scotiabank.com
Subject Issuer Validity Valid
apps.scotiabank.com
Entrust Certification Authority - L1K		 2023-11-21 -
2024-12-21		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
somniture.scotiabank.com
Entrust Certification Authority - L1K		 2023-08-21 -
2024-09-21		 a year crt.sh
*.memcyco.com
Amazon RSA 2048 M03		 2024-02-25 -
2025-03-25		 a year crt.sh

This page contains 3 frames:

Primary Page: http://bonivan.cfd/scotia/personal/details/index.php/assets
Frame ID: CADDC794C0FA9984448549EF739A4B0B
Requests: 21 HTTP requests in this frame

Frame: https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 223077C69938FE8CBE0460F948348A42
Requests: 1 HTTP requests in this frame

Frame: https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: D2EFF43F95021AB256047E03B758E207
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in | Scotiabank

Page URL History Show full URLs

  1. http://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
    https://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
    http://bonivan.cfd/scotia/personal/details/index.php/assets Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

52 %
HTTPS

25 %
IPv6

6
Domains

8
Subdomains

8
IPs

4
Countries

982 kB
Transfer

3200 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
    https://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
    http://bonivan.cfd/scotia/personal/details/index.php/assets Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
Request Chain 18
  • https://cm.everesttech.net/cm/dd?d_uuid=59950277643873997722910854015933113960 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request assets
bonivan.cfd/scotia/personal/details/index.php/
Redirect Chain
  • http://bonivan.cfd/scotia/personal/details/index.php/assets
  • https://bonivan.cfd/scotia/personal/details/index.php/assets
  • http://bonivan.cfd/scotia/personal/details/index.php/assets
100 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
17493
Content-Type
text/html; charset=UTF-8
Date
Wed, 17 Jul 2024 01:01:11 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding

Redirect headers

Location
http://bonivan.cfd/scotia/personal/details/index.php/assets
Non-Authoritative-Reason
HttpsUpgrades
launch-edbf66c903b6.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ 		256 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:1700:194::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
68056
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:22:51 GMT
Server
nginx/1.25.3
ETag
"668ec36b-3ffaf"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
5a4b3bcf-6d51-4de3-61f1-22539136fbc6
Cache-Control
private
Accept-Ranges
bytes
mutha-scotia-wrapper.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:9600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 00:26:54 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 b6a955345e4fcc7881bd0a9815e8286e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P9
age
2057
x-frame-options
DENY
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-credentials
true
x-amz-cf-id
fk-Y3d5EguZzr9letZlfaGfq346F7-XACHNuqQOPsQj1iTfbMheqzQ==
7c428f63a00e5bd025fa159e8c94389f.svg
bonivan.cfd/scotia/personal/details/index.php/assets/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets/7c428f63a00e5bd025fa159e8c94389f.svg
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:11 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
main.054ad90d49cb5bf3a1c6.chunk.js
bonivan.cfd/scotia/personal/details/index.php/assets/ 		100 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:11 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
styles.ee1730d27a38e7dfb0d6.css
bonivan.cfd/scotia/personal/details/index.php/assets/ 		100 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets/styles.ee1730d27a38e7dfb0d6.css
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
17493
8fd30bd010d9e2c7677ec339685f958b.woff
bonivan.cfd/scotia/personal/details/index.php/assets/ 		100 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets/8fd30bd010d9e2c7677ec339685f958b.woff
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
Origin
http://bonivan.cfd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:11 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
17493
1pOmQMP1I
bonivan.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/1pOmQMP1I
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Server
Apache/2.4.52 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
273
Content-Type
text/html; charset=iso-8859-1
50805f331bb1b697aafb6f0c28b09212.woff2
bonivan.cfd/scotia/personal/details/index.php/assets/ 		100 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/scotia/personal/details/index.php/assets/50805f331bb1b697aafb6f0c28b09212.woff2
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
Origin
http://bonivan.cfd
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
Server
Apache/2.4.52 (Ubuntu)
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
17493
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ 		2 MB
781 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/mutha-scotia-wrapper.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:9600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 23:38:31 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 b6a955345e4fcc7881bd0a9815e8286e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P9
age
4961
x-frame-options
DENY
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-credentials
true
x-amz-cf-id
1W__X1v5FJ0L7Mvd5F04WaqnIZ_8I6cyaIrwzlWXeoKqtAzaqRVHSA==
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
Protocol
H2
Server
63.32.136.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-136-28.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
80288204b47f9f5755f02392ab5b390131a6310d472997e8de7b50db2adefbf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-1-v062-0e7d3f901.edge-irl1.demdex.com 3 ms
pragma
no-cache
date
Wed, 17 Jul 2024 01:01:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
i8/DMSRXT/g=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
http://bonivan.cfd
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
1710
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs
dcs-prod-irl1-2-v062-0aec0e841.edge-irl1.demdex.com 0 ms
pragma
no-cache
date
Wed, 17 Jul 2024 01:01:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-tid
pIJ52V8PRZs=
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
access-control-allow-origin
http://bonivan.cfd
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:1700:194::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
12938
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:22:51 GMT
Server
nginx/1.25.3
ETag
"668ec36b-8be7"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
6a98dbe4-16e0-4b29-462c-e7196a3fce4b
Cache-Control
private
Accept-Ranges
bytes
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:1700:194::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
1599
x-xss-protection
1; mode=block
Last-Modified
Wed, 10 Jul 2024 17:22:51 GMT
Server
nginx/1.25.3
ETag
"668ec36b-cd4"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
bef8fa58-f91b-4b98-7af7-60049993203e
Cache-Control
private
Accept-Ranges
bytes
otSDKStub.js
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/otSDKStub.js
Requested by
Host: bonivan.cfd
URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a02:26f0:1700:194::51e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://*.scotiabank.com https://www.scotiaitrade.com/ https://www.scotialifefinancial.com/ https://www.scotiafunds.com/ http://*.bns https://*.bns ;
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Connection
keep-alive
Content-Length
6793
x-xss-protection
1; mode=block
Last-Modified
Fri, 05 Jul 2024 19:51:11 GMT
Server
nginx/1.25.3
ETag
"66884eaf-524b"
Vary
Accept-Encoding, origin
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://scotiabank.com
x-vcap-request-id
cd70865c-9ca1-4461-4ba3-32a4dcbf36f6
Cache-Control
private
Accept-Ranges
bytes
4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ 		0
0
favicon.ico
bonivan.cfd/ 		273 B
489 B 		Other
General
Check archive.org
Download Go to
Full URL
http://bonivan.cfd/favicon.ico
Protocol
HTTP/1.1
Server
193.233.203.151 Chisinau, Moldova, ASN200019 (ALEXHOST, MD),
Reverse DNS
rbc-verifyid.com
Software
Apache/2.4.52 (Ubuntu) /
Resource Hash
9f150a1488281309462ef931abfdd42e4109d6191476bf9b013a61c91709cd2b

Request headers

Referer
http://bonivan.cfd/scotia/personal/details/index.php/assets
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 17 Jul 2024 01:01:12 GMT
Server
Apache/2.4.52 (Ubuntu)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
273
Content-Type
text/html; charset=iso-8859-1
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		767 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gpk?orgID=81f541cd2f4ea9c2908b9e39b03e0a80&
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:9600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 23:38:33 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
content-encoding
gzip
x-permitted-cross-domain-policies
master-only
via
1.1 e47c87f8fd9c4c08ac7559d0bcc2b4c2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P9
age
4959
x-cache
Hit from cloudfront
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
http://bonivan.cfd
access-control-allow-credentials
true
x-amz-cf-id
gBhnj2Sdkc7Ug5aeT36sPO_5tQBI7Ug-7rMPZbYGPSqW86gtPwkPSA==
dest5.html
scotiabank.demdex.net/ Frame 2230 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.243.204.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-204-162.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://bonivan.cfd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 17 Jul 2024 01:01:12 GMT
dcs
dcs-prod-irl1-2-v062-0b7b05379.edge-irl1.demdex.com 0 ms
expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Fri, 12 Jul 2024 08:49:42 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
x-tid
GRlDMIwkRkw=
id
somniture.scotiabank.com/ 		48 B
457 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://somniture.scotiabank.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0AAF22CE52827A080A490D4D%40AdobeOrg&mid=67825054951949858062699836933796219770&ts=1721178072405
Requested by
Host: dmtags.scotiabank.com
URL: https://dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/launch-edbf66c903b6.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.222 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
0e75dcdb10e0af63ccde169392f6798a407d6f78ff86ce0a9d4f9d4415ded774
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 17 Jul 2024 01:01:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
http://bonivan.cfd
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=59950277643873997722910854015933113960
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
42 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
Protocol
H2
Server
63.32.136.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-136-28.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs
dcs-prod-irl1-1-v062-0de694321.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Wed, 17 Jul 2024 01:01:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
x-tid
rbCvSM2QQng=
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length
59
expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
Date
Wed, 17 Jul 2024 01:01:12 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame D2EF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.80.78.170 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-78-170.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://bonivan.cfd/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 17 Jul 2024 01:01:12 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/gwf?
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:9600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
43ebbda651e8e78fe58b65e55b9b217884f2475b66042e9e17866215f890803e
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 17 Jul 2024 01:01:12 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding
gzip
server
nginx
x-permitted-cross-domain-policies
master-only
via
1.1 b6a955345e4fcc7881bd0a9815e8286e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P9
x-frame-options
DENY
x-cache
Miss from cloudfront
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://bonivan.cfd
access-control-allow-credentials
true
x-amz-cf-id
UZc4NDDvsxHPoVWJh2N1WxjkXI-OMQuL71hXKHiwi_gy3tLDfUgX6A==
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ 		104 B
581 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dlslhpkfqfglo.cloudfront.net/cdn/cd/l?
Requested by
Host: dlslhpkfqfglo.cloudfront.net
URL: https://dlslhpkfqfglo.cloudfront.net/cdn/ca/jquery-3.6.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:9600:d:e6dd:f300:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e43d169c7008cecc62007a13d11ffb5c5dba032995aa9e2545cbb580fb175818
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Referer
http://bonivan.cfd/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Wed, 17 Jul 2024 01:01:13 GMT
content-security-policy
frame-ancestors https://*
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
via
1.1 e47c87f8fd9c4c08ac7559d0bcc2b4c2.cloudfront.net (CloudFront)
server
nginx
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
FRA56-P9
x-frame-options
DENY
x-cache
Miss from cloudfront
content-type
text/plain; charset=UTF-8
access-control-allow-origin
http://bonivan.cfd
access-control-allow-credentials
true
content-length
104
x-amz-cf-id
PBd8EbXp-LPZO5-8WQf9SAlFnSX512ZQ3mbdMNCfs9ajSe3RjJXyMw==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dmtags.scotiabank.com
URL
https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| stylesLink object| process object| LD_CONFIG object| REDUX_STATE object| webpackJsonp function| a0d function| a0ad function| a0ab function| a0ac function| a0c object| a0f function| a0e function| a0af function| a0ai function| a0ah boolean| a0g function| a0F function| a0ag string| a0h function| a0ae string| a0i function| a0E function| a0a9 function| a0j number| a0k function| a0aa function| a0l object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| OptanonWrapper object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s function| inList number| a object| OneTrustStub function| $ function| jQuery function| lTa object| murmurHash3 function| UAParser object| localforage object| KJUR function| JSEncrypt object| CryptoJS

20 Cookies

Domain/Path Name / Value
dlslhpkfqfglo.cloudfront.net/ Name: aphishCookie-1721176014806-SCOTIA
Value: OGSVPERFpOjyr6tP8sBMZZoR38egrBthedThE8OeKEWzBfDDO5
.demdex.net/ Name: demdex
Value: 59950277643873997722910854015933113960
.bonivan.cfd/ Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg
Value: 1
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/ Name: AWSALBCORS
Value: TyjSlzxtf+vVPikvT7TUf2xI7E4jgimUdd4vfAD/zPq/jE3LZcpBLpvLeiuQwAfT6i4bATM6Vke2IhSOncIJk4ujSXtpKM1zwGdIuocJae1hOIvJQzoUB3zAlWBl
.dpm.demdex.net/ Name: dpm
Value: 59950277643873997722910854015933113960
.bonivan.cfd/ Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19922%7CMCMID%7C67825054951949858062699836933796219770%7CMCAAMLH-1721782872%7C6%7CMCAAMB-1721782872%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1721185272s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19929%7CvVersion%7C5.5.0
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUmDUXv39dRHl1zdLHQcbfn-bx9kXvrr1B_yjnptfIn6KpvrirJfuvduhVHY1SI
.mathtag.com/ Name: uuid
Value: 2dab6697-17d9-4c00-b806-19e837146b25
.twitter.com/ Name: personalization_id
Value: "v1_b1R/MBibavylW6+jFg18Qw=="
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3srQwsjAFMo0thPgMdYsyfXMyndID8jPMUwDzGRqaJQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3srQwsjAFMo0thPgMdYsyfXMyndID8jPMUwDzGRqaJQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_1vFxGtobmRoaG5hYG5sbGoBAJUm6nUQAAAA
.quantserve.com/ Name: d
Value: EOoBDAGsLLmvYA
.quantserve.com/ Name: mc
Value: 669717d9-5973e-b6f7c-a85fa
.eyeota.net/ Name: SERVERID
Value: 21619~DM
.onaudience.com/ Name: cookie
Value: 06b1a3d6584d9baa
.demdex.net/ Name: dextp
Value: 269-1-1721178072528|358-1-1721178072629|601-1-1721178072729|771-1-1721178072830|822-1-1721178072930|1123-1-1721178073031|1121-1-1721178073131|903-1-1721178073232|1175-1-1721178073332|22052-1-1721178073433|30064-1-1721178073533|30646-1-1721178073634|73426-1-1721178073734|121998-1-1721178073836|144230-1-1721178073937|144231-1-1721178074037|144232-1-1721178074138|144233-1-1721178074238|144234-1-1721178074339|144235-1-1721178074439|144236-1-1721178074540|144237-1-1721178074640|161033-1-1721178074741|139200-1-1721178074841
.amazon-adsystem.com/ Name: ad-id
Value: AzWog9yCSEMBs1mWr8ddBT4
.amazon-adsystem.com/ Name: ad-privacy
Value: 0

8 Console Messages

Source Level URL
Text
other warning URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Message:
Failed to decode downloaded font: http://bonivan.cfd/scotia/personal/details/index.php/assets/8fd30bd010d9e2c7677ec339685f958b.woff
other warning URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Message:
OTS parsing error: invalid sfntVersion: 538976288
network error URL: http://bonivan.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/1pOmQMP1I
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Message:
Failed to decode downloaded font: http://bonivan.cfd/scotia/personal/details/index.php/assets/50805f331bb1b697aafb6f0c28b09212.woff2
other warning URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Message:
OTS parsing error: invalid sfntVersion: 538976288
network error URL: http://bonivan.cfd/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
javascript error URL: http://bonivan.cfd/scotia/personal/details/index.php/assets
Message:
Access to XMLHttpRequest at 'https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json' from origin 'http://bonivan.cfd' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://scotiabank.com' that is not equal to the supplied origin.
network error URL: https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bonivan.cfd
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
193.233.203.151
2600:9000:2670:9600:d:e6dd:f300:21
2a02:26f0:1700:194::51e
34.243.204.162
52.19.10.201
63.140.62.222
63.32.136.28
99.80.78.170
0e75dcdb10e0af63ccde169392f6798a407d6f78ff86ce0a9d4f9d4415ded774
43ebbda651e8e78fe58b65e55b9b217884f2475b66042e9e17866215f890803e
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
80288204b47f9f5755f02392ab5b390131a6310d472997e8de7b50db2adefbf0
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
9f150a1488281309462ef931abfdd42e4109d6191476bf9b013a61c91709cd2b
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43d169c7008cecc62007a13d11ffb5c5dba032995aa9e2545cbb580fb175818
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720