www.bendligo-login.com
Open in
urlscan Pro
2a06:98c1:3120::c
Malicious Activity!
Public Scan
Submission: On January 03 via automatic, source certstream-suspicious — Scanned from NL
Summary
TLS certificate: Issued by E1 on January 3rd 2023. Valid for: 3 months.
This is the only time www.bendligo-login.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bendigo Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 2a06:98c1:312... 2a06:98c1:3120::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2606:4700:303... 2606:4700:3033::6815:c55 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
bendligo-login.com
www.bendligo-login.com |
182 KB |
4 |
k54687913.group
k54687913.group |
1 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
7 | www.bendligo-login.com |
www.bendligo-login.com
|
4 | k54687913.group |
www.bendligo-login.com
|
11 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bendligo-login.com E1 |
2023-01-03 - 2023-04-03 |
3 months | crt.sh |
*.k54687913.group E1 |
2022-12-04 - 2023-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.bendligo-login.com/
Frame ID: 4097F7C15EA590FACE4E43C3317A6ECB
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.bendligo-login.com/ |
38 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
www.bendligo-login.com/assets/css/ |
15 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
www.bendligo-login.com/assets/js/ |
29 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.bendligo-login.com/assets/js/ |
87 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser.js
www.bendligo-login.com/assets/js/ |
2 KB 996 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
www.bendligo-login.com/assets/js/ |
8 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
switchnow.jpg
www.bendligo-login.com/assets/img/ |
120 KB 121 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
detect
k54687913.group/api/ |
0 619 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
detect
k54687913.group/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
check-action
k54687913.group/api/ |
0 582 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
check-action
k54687913.group/api/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bendigo Bank (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| axios function| $ function| jQuery object| BrowserDetect function| rand0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
k54687913.group
www.bendligo-login.com
2606:4700:3033::6815:c55
2a06:98c1:3120::c
00475f82a523cbdc75170a661b62c432a03d74b658aaa6c22190da68cdef4501
27e2c1ba52b3fbdc60309a5f9002b6a906cdc43c16357def077104b48e085dde
42bbce07fbfd4b2b2d7d8297065238543646ec3113de6e39ea3fde25a54a6b0d
6011467dba0a8a7a640f5c72e5fd83b82778cac90681fb4d3b954da7bab33c05
c493537a12290bafdb938d453332243c08dea3c718be71a7c5bbff62000cd688
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f97bcb7f11995c4f4120e5484a9fc23566813c7080b93418f42da6ae81510ee4