urlscan.io logo urlscan.io
SecurityTrails logo

bendiqo.life Open in urlscan Pro
94.158.247.79  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bendigo-personal.net/?utm_term=bendigo%20bank
Effective URL: https://bendiqo.life/Logon/
Submission: On September 14 via manual from IN — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 94.158.247.79, located in Bend, United States and belongs to MIVOCLOUD, MD. The main domain is bendiqo.life.
TLS certificate: Issued by R3 on September 11th 2022. Valid for: 3 months.
This is the only time bendiqo.life was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bendigo Bank (Banking)

Community Verdicts: Malicious4 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 1 23.163.0.152 8100 (ASN-QUADR...)
6 94.158.247.79 39798 (MIVOCLOUD)
1 103.211.240.30 45852 (BENDIGOBA...)
7 2
Apex Domain
Subdomains		 Transfer
6 bendiqo.life
bendiqo.life
106 KB
1 bendigobank.com.au
banking.bendigobank.com.au
69 KB
1 bendigo-personal.net
bendigo-personal.net
861 B
7 3
Domain Requested by
6 bendiqo.life bendiqo.life
1 banking.bendigobank.com.au bendiqo.life
1 bendigo-personal.net 1 redirects
7 3

This site contains links to these domains. Also see Links.

Domain
itunes.apple.com
play.google.com
Subject Issuer Validity Valid
bendiqo.life
R3		 2022-09-11 -
2022-12-10		 3 months crt.sh
banking.bendigobank.com.au
Entrust Certification Authority - L1M		 2022-04-26 -
2023-05-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bendiqo.life/Logon/
Frame ID: A406DB31868044180F84DC3F4621E35E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bendigo Bank - Logon to e-banking

Page URL History Show full URLs

  1. http://bendigo-personal.net/?utm_term=bendigo%20bank HTTP 302
    https://bendiqo.life/Logon/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

175 kB
Transfer

271 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bendigo-personal.net/?utm_term=bendigo%20bank HTTP 302
    https://bendiqo.life/Logon/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bendiqo.life/Logon/
Redirect Chain
  • http://bendigo-personal.net/?utm_term=bendigo%20bank
  • https://bendiqo.life/Logon/
33 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
d46c40b0d7075ca94de4af16c8592b4e4e8b2d973198f66cb1eba50703eb1c8f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-AU,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
11959
Content-Type
text/html; charset=UTF-8
Date
Wed, 14 Sep 2022 23:45:13 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Wed, 14 Sep 2022 23:45:12 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
https://bendiqo.life/Logon/
Pragma
no-cache
Server
Apache/2.4.54 (Debian)
style.css
bendiqo.life/Logon/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/style.css
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
f81a827ef4b1dfdcf3d5618d3269f1d360e514bd68d520051803c951fb29ca1d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bendiqo.life/Logon/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Wed, 14 Sep 2022 23:45:14 GMT
Content-Encoding
gzip
Last-Modified
Sun, 11 Sep 2022 13:46:30 GMT
Server
Apache/2.4.38 (Debian)
ETag
"5772-5e867019e9980-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
4091
jquery.js
bendiqo.life/Logon/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/jquery.js
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bendiqo.life/Logon/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Wed, 14 Sep 2022 23:45:14 GMT
Content-Encoding
gzip
Last-Modified
Tue, 09 Aug 2022 16:12:52 GMT
Server
Apache/2.4.38 (Debian)
ETag
"15d9d-5e5d1344de900-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
30905
action.js
bendiqo.life/Logon/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/action.js
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
9703b6343544239f20c1fdf4db1b0641743c2d4cb7623a12db684ace14bdc14a

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bendiqo.life/Logon/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Wed, 14 Sep 2022 23:45:14 GMT
Content-Encoding
gzip
Last-Modified
Sun, 11 Sep 2022 13:48:52 GMT
Server
Apache/2.4.38 (Debian)
ETag
"af7-5e8670a155900-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
902
kb-banner.jpg
banking.bendigobank.com.au/static/assets/images/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banking.bendigobank.com.au/static/assets/images/kb-banner.jpg
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
103.211.240.30 , Australia, ASN45852 (BENDIGOBANK-AS-AP Bendigo and Adelaide Bank Limited, AU),
Reverse DNS
banking.bendigobank.com.au
Software
/
Resource Hash
14d08e89cdb809352e649dac60cce2eb7a9fc9b79b1334bd2f6950f672578fa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://bendiqo.life/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Wed, 14 Sep 2022 23:45:15 GMT
content-encoding
gzip
transfer-encoding
chunked
last-modified
Mon, 15 Nov 2021 23:48:20 GMT
content-type
image/jpeg
strict-transport-security
max-age=31536000;includeSubDomains
p3p
CP="NON CUR OTPi OUR NOR UNI"
proximanova-regular.ttf
bendiqo.life/Logon/fonts/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/fonts/proximanova-regular.ttf
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
8ff3adc285e25ab87fecd9a276d3464c4088e8be4701a2ab2b9c677b08a28a99

Request headers

Referer
https://bendiqo.life/Logon/style.css
Origin
https://bendiqo.life
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Wed, 14 Sep 2022 23:45:14 GMT
Last-Modified
Tue, 30 Aug 2022 19:14:46 GMT
Server
Apache/2.4.38 (Debian)
ETag
"7b00-5e77a317f3580"
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
31488
proximanova-bold.ttf
bendiqo.life/Logon/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bendiqo.life/Logon/fonts/proximanova-bold.ttf
Requested by
Host: bendiqo.life
URL: https://bendiqo.life/Logon/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.158.247.79 Bend, United States, ASN39798 (MIVOCLOUD, MD),
Reverse DNS
no-rdns.mivocloud.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
59d8c4171b52742ea50652c1c9da8839e5fa491e65347c648156b6a47ea4d3ea

Request headers

Referer
https://bendiqo.life/Logon/style.css
Origin
https://bendiqo.life
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Wed, 14 Sep 2022 23:45:14 GMT
Last-Modified
Tue, 30 Aug 2022 19:15:10 GMT
Server
Apache/2.4.38 (Debian)
ETag
"68a0-5e77a32ed6b80"
Content-Type
font/ttf
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
26784

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on September 14th 2022, 11:59:00 pm UTC — From Australia

Threats: Phishing
Brands: Bendigo Bank AU
Comment: confirmed phishing targeting bendigo bank

Malicious task.domain
Submitted on September 14th 2022, 11:58:33 pm UTC — From Australia

Threats: Phishing
Brands: Bendigo Bank AU
Comment: confirmed phishing targeting bendigo bank

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bendigo Bank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| enableButton function| showLoadingAnimation function| hideLoadingAnimation

4 Cookies

Domain/Path Name / Value
bendigo-personal.net/ Name: PHPSESSID
Value: n4pau9k22ucljl7k0i0bm4c6l6
.bendigo-personal.net/ Name: _subid
Value: i9o2heftk1
.bendigo-personal.net/ Name: 26add
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIzOVwiOjE2NjMxOTkxMTJ9LFwiY2FtcGFpZ25zXCI6e1wiNzlcIjoxNjYzMTk5MTEyfSxcInRpbWVcIjoxNjYzMTk5MTEyfSJ9.lB1JMIoojz3U3rI7UTdYto4sksVEqh5MiTMI2UdMmGU
bendiqo.life/ Name: PHPSESSID
Value: vsitmd4m4kq3g1q307gsuq3p4i