benika.xyz Open in urlscan Pro
91.212.150.143 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv5...
Submission: On October 21 via automatic, source openphish (October 21st 2020, 1:33:54 pm UTC)

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 91.212.150.143, located in Russian Federation and belongs to NFORCE, NL. The main domain is benika.xyz.

This is the only time benika.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
21	91.212.150.143 91.212.150.143		43350 (NFORCE) (NFORCE)
21	1

21 91.212.150.143 (Russian Federation)

ASN43350 (NFORCE, NL)
PTR: italy.prive-portaal.top

benika.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	benika.xyz benika.xyz	1 MB
21	1

	Domain	Requested by
21	benika.xyz	benika.xyz
21	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul
Frame ID: 3F95851EB430956B5BB4C57673FE2498
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

21
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1524 kB
Transfer

1519 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request en.php Show response benika.xyz/wellsfargoloardbridgeV1/	6 KB 6 KB	201ms 169ms	Document text/html	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Full URL http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `7097b6699823e9daadf6f95f3d6e3f2173476f04b094aa503e97f1959fff8a5a` Request headers Host benika.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	wstyle.css benika.xyz/wellsfargoloardbridgeV1/css/	15 KB 16 KB	39ms 31ms	Stylesheet text/css	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Full URL http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `cd42cc3081d1ae6c07a40ce45b6534a7e510e9f859d9e3d91636910ee50ab09e` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Tue, 06 Oct 2020 16:55:16 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 15636
GET H/1.1	200 OK	jqueryLib.js Show response benika.xyz/wellsfargoloardbridgeV1/js/	85 KB 85 KB	62ms 44ms	Script application/javascript	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Full URL http://benika.xyz/wellsfargoloardbridgeV1/js/jqueryLib.js Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Mon, 25 Dec 2017 04:09:44 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86663
GET H/1.1	200 OK	actions.js Show response benika.xyz/wellsfargoloardbridgeV1/js/	961 B 1 KB	61ms 43ms	Script application/javascript	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Full URL http://benika.xyz/wellsfargoloardbridgeV1/js/actions.js Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `fb594fb6803b7edb361c10385853be3df83453bfe012485856dbea8774883324` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/en.php?locan=en&dc=R33kR72CAH7HmfGayV1EhXCdTDfy4FLC8jQoxular2K0e6rFg8Hv52h53hul User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Tue, 06 Oct 2020 09:31:30 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 961
GET H/1.1	200 OK	img1.png benika.xyz/wellsfargoloardbridgeV1/images/	10 KB 10 KB	32ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img1.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `edeaa50b3f1c1577c81c70ba67cfacc63b15c292f6440619d55819dcffe90d52` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Fri, 04 Sep 2020 13:14:38 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 9776
GET H/1.1	200 OK	img2.png benika.xyz/wellsfargoloardbridgeV1/images/	6 KB 6 KB	32ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img2.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `7d03e6e9257ee978bd1c4347dffdd690a305557a5705d40c1e84e38c7c722687` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Fri, 04 Sep 2020 13:15:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 6369
GET H/1.1	200 OK	img3.png benika.xyz/wellsfargoloardbridgeV1/images/	5 KB 5 KB	30ms 29ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img3.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `cf6caebc5481b990b477e48db89750b89ecd1d5d366b167192c61073b4460009` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Fri, 04 Sep 2020 13:16:20 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4907
GET H/1.1	200 OK	img4.png benika.xyz/wellsfargoloardbridgeV1/images/	6 KB 6 KB	33ms 32ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img4.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `9c6e7d95e79a4f169ac93a8152277dc280fbb88ffab1487034aa70bee8daf856` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:15 GMT Last-Modified Fri, 04 Sep 2020 13:17:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 5977
GET H/1.1	200 OK	bg1.png benika.xyz/wellsfargoloardbridgeV1/images/	663 KB 663 KB	96ms 30ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/bg1.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `ff1f0db1d936c2c720c9e0946007e50e3c34824d555ff3191ead7e06ea7824b7` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Tue, 06 Oct 2020 16:20:40 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 678488
GET H/1.1	200 OK	img5.png benika.xyz/wellsfargoloardbridgeV1/images/	4 KB 4 KB	98ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img5.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `e7edc0cb372e906c9e0a7a3e42b468918434189ee4c74fe3fb25d8cffe4ea253` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:23:16 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4320
GET H/1.1	200 OK	img6.png benika.xyz/wellsfargoloardbridgeV1/images/	4 KB 4 KB	51ms 32ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img6.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `d082c05ab621d5c51f7a8b4f3554e58a37715768a6e0e66994ca32244bb6c60e` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:24:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4114
GET H/1.1	200 OK	img7.png benika.xyz/wellsfargoloardbridgeV1/images/	4 KB 4 KB	48ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img7.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `031bdc9b0a980430a4db4978189164d01bf86997f98f0723c958812427e032f7` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Tue, 06 Oct 2020 16:24:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3775
GET H/1.1	200 OK	img8.png benika.xyz/wellsfargoloardbridgeV1/images/	4 KB 4 KB	80ms 30ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img8.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `a302047041e340c096e9973c621143d0fb69e3cb2b56063b252963bbc13d1804` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:26:12 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 3835
GET H/1.1	200 OK	img9.png benika.xyz/wellsfargoloardbridgeV1/images/	4 KB 4 KB	49ms 32ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img9.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `bdbf1ff8746aa77dd9b7314ae61682e905f8fa2935fc22530b7cfcce428045db` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Tue, 06 Oct 2020 16:13:50 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4303
GET H/1.1	200 OK	img13.png benika.xyz/wellsfargoloardbridgeV1/images/	40 KB 41 KB	48ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img13.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `64600a0c892fe631b56e525639780446fa8c7545f5cf83d5c6e5fde046f2c8a3` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 15:01:30 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 41279
GET H/1.1	200 OK	img10.png benika.xyz/wellsfargoloardbridgeV1/images/	78 KB 78 KB	47ms 45ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img10.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `fbfb43267fe0d2390ce147c24d04a796b169570ae9fcaae91b7f9011c0b6524c` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:28:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 79918
GET H/1.1	200 OK	img11.png benika.xyz/wellsfargoloardbridgeV1/images/	183 KB 183 KB	49ms 46ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img11.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `dc09c634009d0b39263945dc9eae285c299ce5481ed1b474718cb2893950b037` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:31:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 187056
GET H/1.1	200 OK	img12.png benika.xyz/wellsfargoloardbridgeV1/images/	198 KB 198 KB	29ms 29ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img12.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `1c79c806605391adc56470ecdd5d54e38570c2bd9edd652657287d0b0a955c51` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 13:32:18 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 202521
GET H/1.1	200 OK	img14.png benika.xyz/wellsfargoloardbridgeV1/images/	167 KB 167 KB	30ms 30ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img14.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `16ad2e2383212bcfe8bd540e363da3dd6b20f37ea5e3d0bb63ecb01112e19fb0` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 18:29:54 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 170779
GET H/1.1	200 OK	img15.png benika.xyz/wellsfargoloardbridgeV1/images/	28 KB 28 KB	31ms 31ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img15.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `7b86b454faa2524a6a1bf12e3f6803de86eee110fb73e19a12fe2cab372ccc35` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 18:31:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 28254
GET H/1.1	200 OK	img16.png benika.xyz/wellsfargoloardbridgeV1/images/	10 KB 10 KB	30ms 30ms	Image image/png	91.212.150.143 NFORCE
General Check archive.org Show headers Download Go to Show image Full URL http://benika.xyz/wellsfargoloardbridgeV1/images/img16.png Requested by Host: benika.xyz URL: http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css Protocol HTTP/1.1 Server 91.212.150.143 , Russian Federation, ASN43350 (NFORCE, NL), Reverse DNS italy.prive-portaal.top Software Apache / Resource Hash `f4bbd5ae1cdd7321608fe7a841415ae511a33ff2b3791200a063849bdf84964e` Request headers Referer http://benika.xyz/wellsfargoloardbridgeV1/css/wstyle.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 21 Oct 2020 13:33:16 GMT Last-Modified Fri, 04 Sep 2020 18:32:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 10371

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

benika.xyz
91.212.150.143
031bdc9b0a980430a4db4978189164d01bf86997f98f0723c958812427e032f7
16ad2e2383212bcfe8bd540e363da3dd6b20f37ea5e3d0bb63ecb01112e19fb0
1c79c806605391adc56470ecdd5d54e38570c2bd9edd652657287d0b0a955c51
64600a0c892fe631b56e525639780446fa8c7545f5cf83d5c6e5fde046f2c8a3
7097b6699823e9daadf6f95f3d6e3f2173476f04b094aa503e97f1959fff8a5a
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7b86b454faa2524a6a1bf12e3f6803de86eee110fb73e19a12fe2cab372ccc35
7d03e6e9257ee978bd1c4347dffdd690a305557a5705d40c1e84e38c7c722687
9c6e7d95e79a4f169ac93a8152277dc280fbb88ffab1487034aa70bee8daf856
a302047041e340c096e9973c621143d0fb69e3cb2b56063b252963bbc13d1804
bdbf1ff8746aa77dd9b7314ae61682e905f8fa2935fc22530b7cfcce428045db
cd42cc3081d1ae6c07a40ce45b6534a7e510e9f859d9e3d91636910ee50ab09e
cf6caebc5481b990b477e48db89750b89ecd1d5d366b167192c61073b4460009
d082c05ab621d5c51f7a8b4f3554e58a37715768a6e0e66994ca32244bb6c60e
dc09c634009d0b39263945dc9eae285c299ce5481ed1b474718cb2893950b037
e7edc0cb372e906c9e0a7a3e42b468918434189ee4c74fe3fb25d8cffe4ea253
edeaa50b3f1c1577c81c70ba67cfacc63b15c292f6440619d55819dcffe90d52
f4bbd5ae1cdd7321608fe7a841415ae511a33ff2b3791200a063849bdf84964e
fb594fb6803b7edb361c10385853be3df83453bfe012485856dbea8774883324
fbfb43267fe0d2390ce147c24d04a796b169570ae9fcaae91b7f9011c0b6524c
ff1f0db1d936c2c720c9e0946007e50e3c34824d555ff3191ead7e06ea7824b7

benika.xyz Open in urlscan Pro 91.212.150.143 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

21 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1524 kBTransfer

1519 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

benika.xyz Open in urlscan Pro
91.212.150.143 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1524 kB
Transfer

1519 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!