xeigjw.com
Open in
urlscan Pro
185.99.2.117
Malicious Activity!
Public Scan
Submission: On May 03 via automatic, source openphish
Summary
This is the only time xeigjw.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bendigo Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 185.99.2.117 185.99.2.117 | 200698 (GLOBALHOS...) (GLOBALHOST-BOSNIA-AS) | |
13 | 103.211.241.30 103.211.241.30 | 45852 (BENDIGOBA...) (BENDIGOBANK-AS-AP Bendigo and Adelaide Bank Limited) | |
1 | 40.69.200.41 40.69.200.41 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
22 | 4 |
ASN200698 (GLOBALHOST-BOSNIA-AS, BA)
PTR: 06fgl.revoleadsmarket.space
xeigjw.com |
ASN45852 (BENDIGOBANK-AS-AP Bendigo and Adelaide Bank Limited, AU)
PTR: banking.bendigobank.com.au
banking.bendigobank.com.au |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
monstat.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
bendigobank.com.au
banking.bendigobank.com.au |
115 KB |
4 |
xeigjw.com
xeigjw.com |
17 KB |
1 |
monstat.com
monstat.com |
300 B |
22 | 3 |
Domain | Requested by | |
---|---|---|
13 | banking.bendigobank.com.au |
xeigjw.com
|
4 | xeigjw.com |
banking.bendigobank.com.au
|
1 | monstat.com |
xeigjw.com
|
22 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
www.google.com |
demo.bendigobank.com.au |
www.bendigobank.com.au |
itunes.apple.com |
play.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
banking.bendigobank.com.au Entrust Certification Authority - L1M |
2018-05-24 - 2019-05-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://xeigjw.com/bendigoo/bankingbendigobank.htm
Frame ID: 6118087F997A1F45BE01840589446087
Requests: 22 HTTP requests in this frame
12 Outgoing links
These are links going to different origins than the main page.
Title: update your browser
Search URL Search Domain Scan URL
Title: Google Chrome
Search URL Search Domain Scan URL
Title: Take a tour
Search URL Search Domain Scan URL
Title: Register
Search URL Search Domain Scan URL
Title: What's new
Search URL Search Domain Scan URL
Title: Online support
Search URL Search Domain Scan URL
Title: Banking securely
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: iTunes App Store
Search URL Search Domain Scan URL
Title: Google Play Store
Search URL Search Domain Scan URL
Title: Disclosure documents
Search URL Search Domain Scan URL
Title: Privacy policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
bankingbendigobank.htm
xeigjw.com/bendigoo/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site_v2.css
banking.bendigobank.com.au/static/assets/stylesheets/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
outage_info.js
banking.bendigobank.com.au/static/javascript/ |
158 B 391 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site.js
banking.bendigobank.com.au/static/assets/javascripts/ |
86 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
application-c1b45de1.js
banking.bendigobank.com.au/static/assets/javascripts/ |
93 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hashtable.js
banking.bendigobank.com.au/static/assets/javascripts/ |
14 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rsa.js
banking.bendigobank.com.au/static/assets/javascripts/ |
37 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oamSubmit.js.page
banking.bendigobank.com.au/Logon/javax.faces.resource/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
osko-100.png
banking.bendigobank.com.au/static/assets/images/ |
15 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bendigobank.png
monstat.com/ |
0 300 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-ben.svg
banking.bendigobank.com.au/static/assets/images/ |
11 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone.svg
banking.bendigobank.com.au/static/assets/images/ |
822 B 696 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lock.svg
banking.bendigobank.com.au/static/assets/images/ |
1 KB 816 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
proximanova-regular.woff
banking.bendigobank.com.au/static/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
proximanova-semibold.woff
banking.bendigobank.com.au/static/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
itunes.svg
banking.bendigobank.com.au/static/assets/images/ |
19 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google-play-badge.svg
banking.bendigobank.com.au/static/assets/images/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
warning.html
xeigjw.com/static/assets/html/ |
348 B 548 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
securityMessages.html
xeigjw.com/static/assets/html/ |
357 B 557 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
campaign.html
xeigjw.com/static/assets/html/ |
349 B 550 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
proximanova-regular.ttf
banking.bendigobank.com.au/static/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
proximanova-semibold.ttf
banking.bendigobank.com.au/static/assets/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- banking.bendigobank.com.au
- URL
- https://banking.bendigobank.com.au/static/assets/fonts/proximanova-regular.woff
- Domain
- banking.bendigobank.com.au
- URL
- https://banking.bendigobank.com.au/static/assets/fonts/proximanova-semibold.woff
- Domain
- banking.bendigobank.com.au
- URL
- https://banking.bendigobank.com.au/static/assets/fonts/proximanova-regular.ttf
- Domain
- banking.bendigobank.com.au
- URL
- https://banking.bendigobank.com.au/static/assets/fonts/proximanova-semibold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bendigo Bank (Banking)70 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| OUTAGE_MESSAGE number| DISPLAY_OUTAGE_MESSAGE_INDICATOR function| $ function| jQuery function| Cookies function| ValidForm function| LoginForm function| KillLoginCookie function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| randrange function| detectIE function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| TimestampCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity number| cacheBust string| fraudPath string| campaignPath string| warningPath function| loadSecurityMessages function| loadWarning function| loadCampaign object| myfaces object| jQuery183046064642598475890 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
banking.bendigobank.com.au
monstat.com
xeigjw.com
banking.bendigobank.com.au
103.211.241.30
185.99.2.117
40.69.200.41
138143108101149f64bcda5fe38cdd2f3f2139cc957b45949e71fac33ea94482
16ae0de21ae8e4f8e93edf34ba51dbb54a6cb3f632cac7e4dabd08a4477b7834
2cef603909dde61f26c62d596d2862f07c68012fa44a0f2fe443d227b8ed1b0d
3f74a07b889b162944d9612b74414a93c74e878dc8179f70a92af0bb5287cf05
47845182c3dd27a904738f791723b2ebbe12ad6331b29e85ddfb6e03a30de822
631f8624ee8734fb91bc885e259dc2aeb94a90c4e61736267371328e0813d380
7da20f61f0172701b20a1bd4096276b3275a6198f7eb65fff783b7748ee5d268
89e3370e4bf47401c26e21344ddd8e3b7a2e3e1c961b4726958a31f5970e490e
8fab79ac8bf215200bcf0e6eea6d23e9a2dbb69a229b434a95fa51ee84532328
91949f98715ab667e28b3e2333df5a83eacbde20f8a12e21d83a9c931115f0e5
940f801632e189492d6ea9b6da03c2bd61fe4a7208c39397e87f1d783bbe78d3
98dd64e545863c785de22773cb7e78590488d376c309a348b5b142775ae32277
b10cb773ffe9487c981f670d7292f264b3c384b6a6e3f5b7196d9a6c287ec336
c46339ccb9fb376c9c9b59b03e7efb8f338a6f69c222fc07fae256ccf8d203e6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb4b21e75c9965646dff09688b762c94501e0250fe8e71b631b5f9acfcf8cccb
f6f888500b192e7c5e94c9029fdcc49f32ee2b3915ce760d12a81ada704fbd4c
fbfb5178ef1a29310093b5ee868197a78e357ddee9fd0bf92f766901e785da89