sg-madis.ch
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission: On November 20 via manual from DE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on November 9th 2023. Valid for: 3 months.
This is the only time sg-madis.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Deutsche Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
sg-madis.ch
sg-madis.ch |
291 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
17 | sg-madis.ch |
sg-madis.ch
|
17 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sg-madis.ch GTS CA 1P5 |
2023-11-09 - 2024-02-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sg-madis.ch/trxm/db/
Frame ID: 0045826078354814A75B2C35041C915C
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sg-madis.ch/trxm/db/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.es5.js
sg-madis.ch/public/scripts/ |
637 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
native-shim.js
sg-madis.ch/public/scripts/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom-elements.min.js
sg-madis.ch/public/scripts/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cms_snippets.es5.js
sg-madis.ch/public/scripts/ |
33 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
db-eccs-pws-pwcc-clientlib-trxm.css
sg-madis.ch/public/css/ |
107 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.css
sg-madis.ch/public/css/ |
346 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loginout.css
sg-madis.ch/public/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_db.gif
sg-madis.ch/public/images/login_files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ic_help.gif
sg-madis.ch/public/images/login_files/ |
356 B 859 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
print.css
sg-madis.ch/public/css/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg_headerContainer.svg
sg-madis.ch/public/images/ |
24 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bg_phishingDistractor.png
sg-madis.ch/public/images/ |
542 B 1003 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bt_primary_default.png
sg-madis.ch/public/images/ |
397 B 863 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_verimi.svg
sg-madis.ch/public/images/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
UniversDeutscheBankW01-Reg.woff
sg-madis.ch/public/webfonts/ |
48 KB 47 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pfbicons.woff
sg-madis.ch/public/webfonts/ |
57 KB 32 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Deutsche Bank (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| setImmediate function| clearImmediate object| cmsSnippets function| __CE_installPolyfill object| cmsStore undefined| f object| __eventListeners function| checkCapsLock0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
sg-madis.ch
2a06:98c1:3121::3
0b8d43923889c9727513b12ffd595be3e151ef5f6c7b06e14df15b7d3e6cd3c5
102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2
1d877de7b4275a1596393dea968491619835c2ef6f697833afa3e29b9f60c02f
3b39d491f064026fc999911e62780f377c7ce085d501257cc2bbc67cb1935fac
3bf7b013d798a458b822b2c4e46a65fa2b3af38ab3ae9f594e954f0b344da2e6
4713858ba9e8292ca443bde63df83f9d13b3eab4c92e7455a2983de7d2e4165c
4765ba305cd3fbb925665c207ffc14bea411231edc1c3b799148fda5bbe37b96
4ddafdf6c974bffccfc995d3df0bf8bff1675acb8115c7775b35540760280952
6d8e151c9a4662eed5ed30c64a2ae9feaa84748d92286849c9093b68724634bd
7274c97d9d713e6c4a515d61678edb6a3cb6e61d855276a64f37d41c3e25e354
7c2bceb05d1e6ffbad84c59a08f4943d37a1323fe48573d7ad9afc5121cbc95f
a52097c20282053f31c7a732f95db82e5ff37ce69abd0f1150a0bf85f702d8c1
b86d62cd6db965295cd25c44221ae2f91e9a84aebdff867b32619dcdc6354391
c0310ab7647fe10856bd7f0b0614e1cbce195abc9916d665a5eba3e70b1e711c
d64f45be4a1b6eba167704bb5057667101c83ccb99afe6e89b4dae7a3bc4a0f3
e5fa586c418c08dce89bb46bfa91597e880cdb2cd405a7da519bafb1c2ff5ae1
fe95ebf129bff5c16c70b1840eab25fce75586a4374517954071f01859929afb