cshgml.com
Open in
urlscan Pro
47.254.193.125
Malicious Activity!
Public Scan
Effective URL: http://cshgml.com/Login.php
Submission: On May 04 via automatic, source phishtank — Scanned from ES
Summary
This is the only time cshgml.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DBS Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.36.201.119 54.36.201.119 | 16276 (OVH) (OVH) | |
1 16 | 47.254.193.125 47.254.193.125 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 2606:4700::68... 2606:4700::6810:a010 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 198.145.13.11 198.145.13.11 | 2044 (DF-PTL01) (DF-PTL01) | |
17 | 3 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
cshgml.com |
ASN2044 (DF-PTL01, US)
PTR: getclicky.com
in.getclicky.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cshgml.com
1 redirects
cshgml.com |
1 MB |
2 |
getclicky.com
static.getclicky.com — Cisco Umbrella Rank: 13758 in.getclicky.com — Cisco Umbrella Rank: 11000 |
6 KB |
1 |
urla.ws
1 redirects
urla.ws |
547 B |
17 | 3 |
Domain | Requested by | |
---|---|---|
16 | cshgml.com |
1 redirects
cshgml.com
|
1 | in.getclicky.com |
static.getclicky.com
|
1 | static.getclicky.com |
cshgml.com
|
1 | urla.ws | 1 redirects |
17 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dbs.com.sg |
Subject Issuer | Validity | Valid |
---|
This page contains 2 frames:
Primary Page:
http://cshgml.com/Login.php
Frame ID: EAC9D4789E763D60C589E7AF4263C6BA
Requests: 10 HTTP requests in this frame
Frame:
http://cshgml.com/DBS_filez/iframe.htm
Frame ID: 41939A2B0C2370D5FC79981165397CDF
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
DBS iBankingPage URL History Show full URLs
-
http://urla.ws/OdLhvJ
HTTP 301
http://cshgml.com/?utm_source=inbound&utm_medium=other&utm_campaign=Singapore&i=ODQzMjM= HTTP 302
http://cshgml.com/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Clicky (Analytics) Expand
Detected patterns
- static\.getclicky\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: here
Search URL Search Domain Scan URL
Title: Security & You
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://urla.ws/OdLhvJ
HTTP 301
http://cshgml.com/?utm_source=inbound&utm_medium=other&utm_campaign=Singapore&i=ODQzMjM= HTTP 302
http://cshgml.com/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.php
cshgml.com/ Redirect Chain
|
39 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
themes_login.css
cshgml.com/DBS_filez/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
language_login.css
cshgml.com/DBS_filez/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
cshgml.com/DBS_filez/css/ |
22 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
cshgml.com/DBS_filez/js/ |
87 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktoplogo.jpg
cshgml.com/DBS_filez/img/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
101350339.js
static.getclicky.com/ |
15 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe.htm
cshgml.com/DBS_filez/ Frame 4193 |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frutigernextlt-light-webfont.woff
cshgml.com/DBS_filez/fonts/ |
22 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerNextPro-Medium.woff2
cshgml.com/DBS_filez/fonts/ |
25 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
in.php
in.getclicky.com/ |
133 B 519 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.css
cshgml.com/DBS_filez/css/ Frame 4193 |
131 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
themes.css
cshgml.com/DBS_filez/css/ Frame 4193 |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
language.css
cshgml.com/DBS_filez/css/ Frame 4193 |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enhanced.css
cshgml.com/DBS_filez/css/ Frame 4193 |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Night.jpg
cshgml.com/DBS_filez/img/ Frame 4193 |
896 KB 897 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dbsicons.woff
cshgml.com/DBS_filez/fonts/ Frame 4193 |
2 KB 2 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DBS Bank (Banking)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontextlost object| oncontextrestored function| structuredClone function| $ function| jQuery object| webkitEventStorage function| AbortSignalRenderer object| clicky_obj object| clicky object| clicky_custom undefined| test object| clicky_site_ids object| _cgen object| _cgen_custom3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.urla.ws/OdLhvJ | Name: cid Value: 84323 |
|
cshgml.com/ | Name: PHPSESSID Value: 8l56oc9h3e87m09md8mb6pof92 |
|
.cshgml.com/ | Name: _jsuid Value: 3449961400 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cshgml.com
in.getclicky.com
static.getclicky.com
urla.ws
198.145.13.11
2606:4700::6810:a010
47.254.193.125
54.36.201.119
1b50a9b493cabf289101372c147a9602c3be1784632d66f75ba8e47caed1f682
1f5244c71b03253ff5e2a4da21f13a016b0456825d5399ba583768bd12692c95
35f4c81a1ef85bdc3e1c9fa1e93581a9fc34558a2e614b6b1c667a85f8d984b2
438f8954ef65fde354aff393a9eef3979b517392b3a7613e43f8151e6c5eca32
50f7668a4b056adc343957ef61050731841f505337c2945526358bc51f166740
51865ffcdb034bfda54cea8ae1752cfaa6476adabaf319e2697d68bb74bb767b
540ee096bbfc81730a4e2208f64f79161a4153af18c16b7c2d45147a360fec91
598b132459fc9c44390842438537cfe99a72fcceb112462033b706d71987b02f
6997e0f41b077dd9b56d962701ccbc02421fa35456c1ce77c3512c5da6ac96f1
8fde3b7e7614c23b342d70797d7c1597b6955639d3422040d800051101c842fb
9e93a2a40b22900dfb76bf7898c95dec13e34fe47bb143bbc40210258a6d813a
acd134fba40d04e91fdd3c0ab53ef59080b2283d60ab63fc557fa41e92d77d3b
b60923b5232af55ca5a0e74c9488e47b421b884e1b41c79e010c104078ca8f1d
b938693d635c28774b136c9b1a648618130789c04258170b56f4eae91053f3ff
f79ef6be6d1aaf6aaf955a8eba176ca38cae7912ba9254419135764be74e4b72
f7c80617b6d6d6f26a92d758c0dce67b8513c67c40cd18e3936c8b7d6c2afbbb
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e