bendigo-bankauth.com
Open in
urlscan Pro
104.21.80.217
Malicious Activity!
Public Scan
Effective URL: https://bendigo-bankauth.com/intl/secure.php
Submission: On February 18 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by E1 on February 18th 2024. Valid for: 3 months.
This is the only time bendigo-bankauth.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Westpac (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 172.67.187.70 172.67.187.70 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 10 | 104.21.80.217 104.21.80.217 | () () | |
1 | 151.101.194.137 151.101.194.137 | 54113 (FASTLY) (FASTLY) | |
10 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
bendigo-bankauth.com
2 redirects
bendigo-bankauth.com |
124 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 940 |
82 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
11 | bendigo-bankauth.com |
2 redirects
bendigo-bankauth.com
|
1 | code.jquery.com |
bendigo-bankauth.com
|
10 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
banking.westpac.com.au |
www.westpac.com.au |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bendigo-bankauth.com E1 |
2024-02-18 - 2024-05-18 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://bendigo-bankauth.com/intl/secure.php
Frame ID: 3CC3D9A897B2C2D3797599B2A6018EB0
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Westpac Online BankingPage URL History Show full URLs
-
http://bendigo-bankauth.com/
HTTP 301
https://bendigo-bankauth.com/ HTTP 302
https://bendigo-bankauth.com/intl/secure.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Desktop website
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bendigo-bankauth.com/
HTTP 301
https://bendigo-bankauth.com/ HTTP 302
https://bendigo-bankauth.com/intl/secure.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
secure.php
bendigo-bankauth.com/intl/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
bendigo-bankauth.com/files/css/ |
447 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.0.js
code.jquery.com/ |
278 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
bendigo-bankauth.com/files/js/ |
266 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientStatus.js
bendigo-bankauth.com/files/js/ |
397 B 534 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
bendigo-bankauth.com/files/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.js
bendigo-bankauth.com/files/js/ |
728 B 631 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application@2x.png.023c0c6679dece75e11a29fc62d1269b0c676946.png
bendigo-bankauth.com/assets/wp/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application.png.0b085c422f49ff478a069a19849e8717c460746e.png
bendigo-bankauth.com/assets/wp/ |
196 B 196 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
action.php
bendigo-bankauth.com/files/incl/ |
0 566 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Westpac (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery number| interval function| heartbeat2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bendigo-bankauth.com/ | Name: PHPSESSID Value: op44k0rqig9rctq5v5tvslamos |
|
bendigo-bankauth.com/ | Name: allowed Value: 1 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | sameorigin |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bendigo-bankauth.com
code.jquery.com
104.21.80.217
151.101.194.137
172.67.187.70
265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43
70b94b7d45c64d68c378083f4b7feb5b8b2b0d107a2775fbb9813e3ddadb85f2
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
880d71e238d522092c9d6534b286d5898a8d0968270e0eea3a457777527e58ae
92a6236ca21810fb04b8c0e657a6b9f593901a0206793a02223c563cb5843b6a
c86ea1dc61bb18be2d99d05c1b26bb2955772e8d7fc61ad5d3be7ea74e8b3166
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbf950076bc2f2ed0e30988dd8abcaf35e423efaef7254bdbba69d5242d6dbd2