https://redi-agencies.one/
172.67.136.99 · Cloudflare, Inc.
Toronto, Canada
0 days ⚠
200 · 20.6s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
connect-scotia
Vendors
26/31
Status
partial
No KB/IOK detections were recorded for this scan.
Finance & Banking · 7/19/2026
The domain redi-agencies.one is a very new domain (0 days old) that redirects to a Google Sites view page labeled connect-scotia with a page title ScotiaConnect. The site loads numerous Google/G Suite assets and scripts, and the final URL points to a Google Sites viewer rather than an official ScotiaBank domain. The HTML static content contains no login forms, but the SPA logic and external scripts could render credential capture at runtime. Iframes and cross-origin endpoints are present, and there are several POSTs to Google/Play endpoints related to logging impressions. The visual screenshot shows generic branding and a “Sorry”/under development message rather than a legitimate Scotia branding, suggesting possible impersonation via Scotia-like naming on a Google Sites host. Given the combination of a brand-looking name on a non-official domain, dynamic content potential, and suspicious traffic to logging endpoints, this warrants caution for potential credential phishing impersonation, though no explicit credential form is observed in static HTML.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 0
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 32
Hosts: 11
Domains: 6
The scan indicates a high risk due to a new, potentially impersonation-focused domain redirecting to a Google Sites page that uses Scotia-like branding. The page shows no static login form, but dynamic rendering could capture credentials. The presence of logging endpoints to Google domains and a final Google Sites URL suggests an attempt to mimic a legitimate service (ScotiaConnect) while hosting on an untrusted domain (redi-agencies.one). This should be treated as potential credential phishing impersonation and monitored closely; the site could be used to harvest user data if credential collection is rendered client-side. Recommend blocking or suspending domain or hosting if further abuse is confirmed.
Monitor