bendigo-bankauth.com Open in urlscan Pro
104.21.80.217 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bendigo-bankauth.com/
Effective URL:
https://bendigo-bankauth.com/intl/secure.php
Submission: On February 18 via manual (February 18th 2024, 11:11:33 pm UTC) from AU — Scanned from AU

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 104.21.80.217, located in and belongs to . The main domain is bendigo-bankauth.com.
TLS certificate: Issued by E1 on February 18th 2024. Valid for: 3 months.

This is the only time bendigo-bankauth.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Westpac (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.187.70 172.67.187.70	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 10	104.21.80.217 104.21.80.217	() ()
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
10	3

1 172.67.187.70 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bendigo-bankauth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.21.80.217 (None, ) 1 redirects

ASN- ()

bendigo-bankauth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	bendigo-bankauth.com 2 redirects bendigo-bankauth.com	124 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 940	82 KB
10	2

	Domain	Requested by
11	bendigo-bankauth.com	2 redirects bendigo-bankauth.com
1	code.jquery.com	bendigo-bankauth.com
10	2

This site contains links to these domains. Also see Links.

Domain
banking.westpac.com.au
www.westpac.com.au

Subject Issuer	Validity	Valid
bendigo-bankauth.com E1	`2024-02-18` - `2024-05-18`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bendigo-bankauth.com/intl/secure.php
Frame ID: 3CC3D9A897B2C2D3797599B2A6018EB0
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Westpac Online Banking

Page URL History Show full URLs

http://bendigo-bankauth.com/ HTTP 301
https://bendigo-bankauth.com/ HTTP 302
https://bendigo-bankauth.com/intl/secure.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

205 kB
Transfer

1000 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.westpac.com.au/
Title: Desktop website

Search URL Search Domain Scan URL

URL: https://www.westpac.com.au/personal-banking/online-banking/support-faqs/
Title: Help

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bendigo-bankauth.com/ HTTP 301
https://bendigo-bankauth.com/ HTTP 302
https://bendigo-bankauth.com/intl/secure.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request secure.php Show response
bendigo-bankauth.com/intl/
Redirect Chain

http://bendigo-bankauth.com/
https://bendigo-bankauth.com/
https://bendigo-bankauth.com/intl/secure.php

6 KB
2 KB

432ms
431ms

Document
text/html

104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

c86ea1dc61bb18be2d99d05c1b26bb2955772e8d7fc61ad5d3be7ea74e8b3166

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8579f3076e0b5d25-SYD
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 18 Feb 2024 23:11:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1f9M9v4TSk6uTGZ%2ByB7Xgjai9%2BG8t2kicykCo3Ai6KBvNdDecAz8EGEY2%2Fdq52tRf%2BYYiEIOnXgzT0Hp9AQ2mbAsTK1SBOYhNXdrJQSYAJ5C1QmAkKhta35nDoh0UZDVCD7EbU7Zng%3D%3D"}],"group":"cf-nel","max_age":604800}
sec-fetch-site: same-origin
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8579f2fa18825d25-SYD
content-type: text/html; charset=UTF-8
date: Sun, 18 Feb 2024 23:11:27 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: intl/secure.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qtsT942CaN%2FYK5jd7oWAEq1kFpqdF5rBrvMmePmfkoJwzJUd76TjU2%2B%2BRo8ELauSNp4OUYHhsBRWwmrCU8uSQCPxPIdOTvVtBsvWgTLwa%2BpbdOiGnGx4GGv%2F5UP6byDB1c6dzQLBZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
sec-fetch-site: same-origin
server: cloudflare
x-content-type-options: nosniff
x-frame-options: sameorigin
x-xss-protection: 1; mode=block

GET
H2 200 main.css
bendigo-bankauth.com/files/css/ 447 KB
38 KB 17ms
16ms Stylesheet
text/css 104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/files/css/main.css?5

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

92a6236ca21810fb04b8c0e657a6b9f593901a0206793a02223c563cb5843b6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/intl/secure.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2608
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 17 Feb 2024 12:46:16 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75EkCIRsKWHORqGSaqsRTcJPqx1dg72BVOxOjwiZ4GEYGT%2F%2F2hGVh1%2F0T7QKpR9UO6F4UCj6HBw5Tnqf%2BYxh5SOoMSuy9tmxOIoYgjiEExvfeMJDgMujM6%2F0sZ%2FKKI4Iiu6bQKsDaw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
sec-fetch-site: same-origin
cf-ray: 8579f30a28815d25-SYD

GET
H2 200 jquery-3.7.0.js Show response
code.jquery.com/ 278 KB
82 KB 725ms
139ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.7.0.js
Requested by: Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43

Request headers

Referer: https://bendigo-bankauth.com/
Origin: https://bendigo-bankauth.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 4036905
x-cache: HIT, HIT
content-length: 83531
x-served-by: cache-lga13628-LGA, cache-bfi-kbfi7400029-BFI
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1708297889.996294,VS0,VE0
etag: W/"28feccc0-45944"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 1, 3203

GET
H2 200 jquery.js Show response
bendigo-bankauth.com/files/js/ 266 KB
79 KB 18ms
18ms Script
application/javascript 104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/files/js/jquery.js

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

880d71e238d522092c9d6534b286d5898a8d0968270e0eea3a457777527e58ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/intl/secure.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2608
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 17 Feb 2024 12:46:13 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qeMhIJJ9xR4gSk9CvDhKrrA9btvJMVr%2Bnx%2BNoeJDXA2Y%2FcexYh%2FMSLyF61e9eU5KbU7%2BCUgHcW1UK9aTaZTE9YtUfOtAbEQR7PpzKNhXMWvGPWvPtMSskkzZq9IKtnzFGwIg8tBJgw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
sec-fetch-site: same-origin
cf-ray: 8579f30a28835d25-SYD

GET
H2 200 clientStatus.js Show response
bendigo-bankauth.com/files/js/ 397 B
534 B 11ms
10ms Script
application/javascript 104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/files/js/clientStatus.js

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

70b94b7d45c64d68c378083f4b7feb5b8b2b0d107a2775fbb9813e3ddadb85f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/intl/secure.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2608
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 17 Feb 2024 12:46:13 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d0FaWRU3P%2FE2QvrDEL6Y3LFoE8CFMFjlFZ16Su2ADYxk8ErAWl6f%2FpwhQNLHnHMMMdT4e9ZXz1Kgcj%2BYRl68QLS1Ty8R5vTMrrnPhE6UI6lTIyxVzWFTeOsGCGnz%2Buvfad2jWwYbzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
sec-fetch-site: same-origin
cf-ray: 8579f30a28845d25-SYD

GET
H2 200 logo.png
bendigo-bankauth.com/files/img/ 1 KB
1 KB 9ms
9ms Image
image/png 104.21.80.217

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bendigo-bankauth.com/files/img/logo.png

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/intl/secure.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2606
alt-svc: h3=":443"; ma=86400
content-length: 1183
x-xss-protection: 1; mode=block
last-modified: Sun, 18 Feb 2024 13:23:27 GMT
server: cloudflare
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUCLVVbp2LaxJTrwBRU%2FzhjT2pIodFZ0S%2BYvoIW3S%2BCdkaPEwnt6JEwQ51njAg0boZy1Wam3gg%2BUwz6gleqE5NvZdhZ2iuEGKaGBwCSt5d0XaRyK7ASsETE88opJdCluc4NqTUTlEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
sec-fetch-site: same-origin
accept-ranges: bytes
cf-ray: 8579f30a58a85d25-SYD

GET
H2 200 login.js Show response
bendigo-bankauth.com/files/js/ 728 B
631 B 12ms
12ms Script
application/javascript 104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/files/js/login.js

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/intl/secure.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf950076bc2f2ed0e30988dd8abcaf35e423efaef7254bdbba69d5242d6dbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/intl/secure.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2606
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sat, 17 Feb 2024 12:46:13 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: sameorigin
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOKoDDvxY7UeiiAITDvQFbrKkrQFf8J%2FWvj%2F2B08DwZxb7hf5iiK98bgS84elTNyzNF1Cyrqxv0iwbCiUhg6fMSyHh4ESYITlASbYHO9EVJ6%2Fdl6PHR%2BFJU69wsKrYSoc58qEFygmA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
sec-fetch-site: same-origin
cf-ray: 8579f30a28865d25-SYD

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 404 application@2x.png.023c0c6679dece75e11a29fc62d1269b0c676946.png
bendigo-bankauth.com/assets/wp/ 196 B
196 B 585ms
585ms Image
text/html 104.21.80.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bendigo-bankauth.com/assets/wp/application@2x.png.023c0c6679dece75e11a29fc62d1269b0c676946.png?preserve-inactive-time=true
Requested by: Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/files/css/main.css?5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.217 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/files/css/main.css?5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22tQ%2BkbtfUvxm7lWMaxwQKibVO2oxQ9kdiX2qZeaq%2F3lP%2F3QiK%2FGwTEMCzmQA%2Fuxl7iHR2CcLFPB82WK9fHAvWAf6Ul6iklPyLVIHVFK65kTbfBrzFTshxco96EtjS%2FdrmeMGpi1iw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8579f3100dac5d25-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 404 application.png.0b085c422f49ff478a069a19849e8717c460746e.png
bendigo-bankauth.com/assets/wp/ 196 B
196 B 584ms
584ms Image
text/html 104.21.80.217

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bendigo-bankauth.com/assets/wp/application.png.0b085c422f49ff478a069a19849e8717c460746e.png?preserve-inactive-time=true
Requested by: Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/files/css/main.css?5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.80.217 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://bendigo-bankauth.com/files/css/main.css?5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:29 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHJU4OCderBsbtSidWkrNz3KJ5dyIXQ052xx6V9%2FQCWTBoYEA7kxxAtOWjs1VV%2FPf1jClCcGBYMxYolyGc3sHqs9OyRkeEAvBMPFKKBO4lV58ahvCLr2D7y%2FTl6d5VqvJE%2BfhM0gdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8579f3100daf5d25-SYD
alt-svc: h3=":443"; ma=86400

GET
H2 200 action.php Show response
bendigo-bankauth.com/files/incl/ 0
566 B 293ms
292ms XHR
text/html 104.21.80.217

General

Check archive.org

Show headers Download Go to

Full URL

https://bendigo-bankauth.com/files/incl/action.php?type=clientStatus

Requested by

Host: bendigo-bankauth.com
URL: https://bendigo-bankauth.com/files/js/jquery.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.80.217 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://bendigo-bankauth.com/intl/secure.php
X-Requested-With: XMLHttpRequest
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sun, 18 Feb 2024 23:11:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
x-frame-options: sameorigin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfo5wIg4rG1mEa6Tcpo7rbNbbTXP5Cey94JuYQ7sS3ICTNaQvGwRNgKyhxpjvmtAPAFQ2FDJ51OY0bmSFm74KTY6ex6Ko%2FiJvye%2FQJRKTMvqI3vZal1lwxyWOvrAKeGmcXeTFI7FZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
sec-fetch-site: same-origin
cf-ray: 8579f322ce305d25-SYD
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Westpac (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| interval function| heartbeat

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bendigo-bankauth.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: op44k0rqig9rctq5v5tvslamos
			bendigo-bankauth.com/	1970-01-20 18:31:39	Name: allowed Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bendigo-bankauth.com/assets/wp/application@2x.png.023c0c6679dece75e11a29fc62d1269b0c676946.png?preserve-inactive-time=true Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bendigo-bankauth.com/assets/wp/application.png.0b085c422f49ff478a069a19849e8717c460746e.png?preserve-inactive-time=true Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bendigo-bankauth.com
code.jquery.com
104.21.80.217
151.101.194.137
172.67.187.70
265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43
70b94b7d45c64d68c378083f4b7feb5b8b2b0d107a2775fbb9813e3ddadb85f2
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
880d71e238d522092c9d6534b286d5898a8d0968270e0eea3a457777527e58ae
92a6236ca21810fb04b8c0e657a6b9f593901a0206793a02223c563cb5843b6a
c86ea1dc61bb18be2d99d05c1b26bb2955772e8d7fc61ad5d3be7ea74e8b3166
cf1c352b986e083292b5713ac5556b02832a8cf248485e627708110e62a83820
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbf950076bc2f2ed0e30988dd8abcaf35e423efaef7254bdbba69d5242d6dbd2

bendigo-bankauth.com Open in urlscan Pro 104.21.80.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

205 kBTransfer

1000 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

2 Console Messages

Security Headers

Indicators

bendigo-bankauth.com Open in urlscan Pro
104.21.80.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

205 kB
Transfer

1000 kB
Size

2
Cookies

10 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!