berniek.com.au Open in urlscan Pro
198.54.120.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://filtros-metalicos.com.ar/fsf3g
Effective URL:
https://berniek.com.au/storages/src/
Submission: On October 30 via manual (October 30th 2023, 10:18:46 pm UTC) from AU — Scanned from AU

Summary HTTP 9 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 1 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 198.54.120.79, located in United States and belongs to NAMECHEAP-NET, US. The main domain is berniek.com.au.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 10th 2023. Valid for: a year.

This is the only time berniek.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bendigo Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.21.92.54 104.21.92.54	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	110.232.143.17 110.232.143.17	45638 (SYNERGYWH...) (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD)
2 11	198.54.120.79 198.54.120.79	22612 (NAMECHEAP...) (NAMECHEAP-NET)
9	1

1 104.21.92.54 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

filtros-metalicos.com.ar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 110.232.143.17 (Brisbane, Australia) 1 redirects

ASN45638 (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU)
PTR: syn01ad.syd6.hostyourservices.net

wannadootours.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 198.54.120.79 (United States) 2 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: premium52-3.web-hosting.com

berniek.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	berniek.com.au 2 redirects berniek.com.au	136 KB
1	wannadootours.com.au 1 redirects wannadootours.com.au	225 B
1	filtros-metalicos.com.ar 1 redirects filtros-metalicos.com.ar	461 B
9	3

	Domain	Requested by
11	berniek.com.au	2 redirects berniek.com.au
1	wannadootours.com.au	1 redirects
1	filtros-metalicos.com.ar	1 redirects
9	3

This site contains links to these domains. Also see Links.

Domain
banking.bendigobank.com.au
www.bendigobank.com.au
demo.bendigobank.com.au
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
berniek.com.au Sectigo RSA Domain Validation Secure Server CA	`2023-01-10` - `2024-01-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://berniek.com.au/storages/src/
Frame ID: AA5A39DD29B7E843695AD5C0B3BF3573
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bendigo Bank - Log in to e-banking

Page URL History Show full URLs

https://filtros-metalicos.com.ar/fsf3g HTTP 301
https://wannadootours.com.au/storages HTTP 301
https://berniek.com.au/storages HTTP 301
https://berniek.com.au/storages/ HTTP 302
https://berniek.com.au/storages/src/ Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

3
Countries

135 kB
Transfer

163 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.bendigobank.com.au/Logon/
Title: What’s my Access ID?

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/support/
Title: See all Help Topics

Search URL Search Domain Scan URL

URL: https://demo.bendigobank.com.au/
Title: Take a tour

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/personal/ways-to-bank/online-banking
Title: Register

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/support/#ebanking
Title: Online support

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/security/
Title: Banking securely

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/au/app/bendigo-bank/id482844929?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.bendigobank.mobile

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/public/disclosure-documents
Title: Disclosure documents

Search URL Search Domain Scan URL

URL: https://www.bendigobank.com.au/privacy-policy/full-privacy-policy/
Title: Privacy policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://filtros-metalicos.com.ar/fsf3g HTTP 301
https://wannadootours.com.au/storages HTTP 301
https://berniek.com.au/storages HTTP 301
https://berniek.com.au/storages/ HTTP 302
https://berniek.com.au/storages/src/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response berniek.com.au/storages/src/ Redirect Chain https://filtros-metalicos.com.ar/fsf3g https://wannadootours.com.au/storages https://berniek.com.au/storages https://berniek.com.au/storages/ https://berniek.com.au/storages/src/	10 KB 3 KB	748ms 748ms	Document text/html	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / PHP/5.6.40 Resource Hash `2650421b97b25080813a6043dd63692a1b55f8170239fce0b989ad6ecdd55043` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers content-encoding br content-type text/html; charset=UTF-8 date Mon, 30 Oct 2023 22:18:41 GMT server LiteSpeed vary Accept-Encoding x-powered-by PHP/5.6.40 x-turbo-charged-by LiteSpeed Redirect headers cache-control no-cache, no-store, must-revalidate, max-age=0 content-length 0 content-type text/html; charset=UTF-8 date Mon, 30 Oct 2023 22:18:41 GMT location ./src/ server LiteSpeed x-powered-by PHP/5.6.40 x-turbo-charged-by LiteSpeed
GET H2	200	login.css berniek.com.au/storages/src/	9 KB 2 KB	267ms 266ms	Stylesheet text/css	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://berniek.com.au/storages/src/login.css Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `8c40c79689dcecc26d0639031700e66e7314690b0d00078fc754ad52552f8cdf` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1897 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	login-other.css berniek.com.au/storages/src/	2 KB 631 B	268ms 267ms	Stylesheet text/css	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://berniek.com.au/storages/src/login-other.css Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `838ff97a2cbbfb03c72d813aec36ce538429821115ad80ae756a05b92513cf39` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 411 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	logo.svg berniek.com.au/storages/src/assets/images/images/	6 KB 2 KB	268ms 268ms	Image image/svg+xml	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://berniek.com.au/storages/src/assets/images/images/logo.svg Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `9e543ff55570b1c12e8da269a4d4800eff0b214c68b931128c0358b7a58c6be6` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 2267 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	phone.svg berniek.com.au/storages/src/assets/images/icons/	629 B 521 B	272ms 271ms	Image image/svg+xml	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://berniek.com.au/storages/src/assets/images/icons/phone.svg Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `1e598d3fa3c35db74b39d4fbe7331540e252b089fd8e988132256af3700a1107` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 296 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	app-store.svg berniek.com.au/storages/src/assets/images/images/	7 KB 3 KB	274ms 273ms	Image image/svg+xml	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://berniek.com.au/storages/src/assets/images/images/app-store.svg Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `523f9a0b4d6199f080c54328d15ddf392dd79e25dae8b57c842a0d604a563a56` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 2903 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	play-store.svg berniek.com.au/storages/src/assets/images/images/	7 KB 3 KB	480ms 479ms	Image image/svg+xml	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://berniek.com.au/storages/src/assets/images/images/play-store.svg Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `d64a6776e14f1d0c54a9cb57fc425570cb950aaa08889f44da461fab90a9df06` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 2427 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	login-mobile.css berniek.com.au/storages/src/	2 KB 706 B	481ms 480ms	Stylesheet text/css	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://berniek.com.au/storages/src/login-mobile.css Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `31fad0947b2ae098176f477b618f84c2265be60b55557058131e92b6a2c7f5e2` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT content-encoding br last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 486 expires Mon, 06 Nov 2023 22:18:42 GMT
GET H2	200	bottom-banner.jpg berniek.com.au/storages/src/assets/images/images/	120 KB 120 KB	424ms 424ms	Image image/jpeg	198.54.120.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://berniek.com.au/storages/src/assets/images/images/bottom-banner.jpg Requested by Host: berniek.com.au URL: https://berniek.com.au/storages/src/login.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.120.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS premium52-3.web-hosting.com Software LiteSpeed / Resource Hash `42bbce07fbfd4b2b2d7d8297065238543646ec3113de6e39ea3fde25a54a6b0d` Request headers accept-language en-AU,en;q=0.9 Referer https://berniek.com.au/storages/src/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Mon, 30 Oct 2023 22:18:42 GMT last-modified Sun, 22 Oct 2023 10:29:30 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 122897 expires Mon, 06 Nov 2023 22:18:42 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bendigo Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

berniek.com.au
filtros-metalicos.com.ar
wannadootours.com.au
104.21.92.54
110.232.143.17
198.54.120.79
1e598d3fa3c35db74b39d4fbe7331540e252b089fd8e988132256af3700a1107
2650421b97b25080813a6043dd63692a1b55f8170239fce0b989ad6ecdd55043
31fad0947b2ae098176f477b618f84c2265be60b55557058131e92b6a2c7f5e2
42bbce07fbfd4b2b2d7d8297065238543646ec3113de6e39ea3fde25a54a6b0d
523f9a0b4d6199f080c54328d15ddf392dd79e25dae8b57c842a0d604a563a56
838ff97a2cbbfb03c72d813aec36ce538429821115ad80ae756a05b92513cf39
8c40c79689dcecc26d0639031700e66e7314690b0d00078fc754ad52552f8cdf
9e543ff55570b1c12e8da269a4d4800eff0b214c68b931128c0358b7a58c6be6
d64a6776e14f1d0c54a9cb57fc425570cb950aaa08889f44da461fab90a9df06

berniek.com.au Open in urlscan Pro 198.54.120.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

3 Countries

135 kBTransfer

163 kBSize

0 Cookies

10 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

berniek.com.au Open in urlscan Pro
198.54.120.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

3
Countries

135 kB
Transfer

163 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!