gazipursadar.gov.bd Open in urlscan Pro
176.9.32.72 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/
Submission: On July 23 via automatic, source phishtank (July 23rd 2017, 10:44:47 pm UTC)

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 176.9.32.72, located in Germany and belongs to HETZNER-AS, DE. The main domain is gazipursadar.gov.bd.

This is the only time gazipursadar.gov.bd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telekom (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
10	176.9.32.72 176.9.32.72	24940 (HETZNER-AS) (HETZNER-AS)
1	195.93.153.4 195.93.153.4	48716 (PS) (PS)
11	2

10 176.9.32.72 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: server001.webhosting24x7.net

gazipursadar.gov.bd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.93.153.4 (Almaty, Kazakhstan)

ASN48716 (PS, KZ)
PTR: web-c-4.neolabs.kz

ugur1.kz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	gazipursadar.gov.bd gazipursadar.gov.bd	73 KB
1	ugur1.kz ugur1.kz
11	2

	Domain	Requested by
10	gazipursadar.gov.bd	gazipursadar.gov.bd
1	ugur1.kz	gazipursadar.gov.bd
11	2

This site contains links to these domains. Also see Links.

Domain
meinkonto.telekom-dienste.de

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/
Frame ID: 5360.1
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

73 kB
Transfer

433 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://meinkonto.telekom-dienste.de/wiederherstellung/passwort/index.xhtml
Title: Passwort vergessen?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	11 KB 4 KB	17ms 16ms	Document text/html	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `2b286ca3e981a79eca3b858822d9386420bc390d9a8c45a153023dd30a4632d9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Content-Encoding gzip Last-Modified Tue, 25 Apr 2017 07:37:46 GMT Server Apache Vary Accept-Encoding,User-Agent Upgrade h2,h2c Cache-Control max-age=3600, must-revalidate Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/html Keep-Alive timeout=1, max=30 Content-Length 3905
GET H/1.1	200 OK	dtag.css gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	308 KB 28 KB	18ms 18ms	Stylesheet text/css	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/dtag.css Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `06c4b6f45cd9a7ad46218c2091ccf99e219564640400d4b657d98a5f0e6a7b15` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Content-Encoding gzip Last-Modified Wed, 23 Nov 2016 20:32:24 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control max-age=3600, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=1, max=29 Content-Length 28866
GET H/1.1	200 OK	web.min.css gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	6 KB 2 KB	7ms 6ms	Stylesheet text/css	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/web.min.css Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Content-Encoding gzip Last-Modified Wed, 23 Nov 2016 20:31:42 GMT Server Apache Vary Accept-Encoding,User-Agent Upgrade h2,h2c Cache-Control max-age=3600, public Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=1, max=30 Content-Length 1773
GET H/1.1	200 OK	require-jquery.min.js Show response gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	105 KB 38 KB	17ms 16ms	Script application/javascript	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/require-jquery.min.js Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `2f7e6b7468366efc884e59791d8f155894a2345f6cb7b4428805a27b1ed072ea` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Content-Encoding gzip Last-Modified Wed, 23 Nov 2016 20:31:02 GMT Server Apache Vary Accept-Encoding,User-Agent Upgrade h2,h2c Cache-Control max-age=3600, public Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type application/javascript Keep-Alive timeout=1, max=30 Content-Length 38715
GET H/1.1	200 OK	login-information-bubble.min.js Show response gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	1 KB 502 B	9ms 8ms	Script application/javascript	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/login-information-bubble.min.js Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `b960c78ab89422ac3bc38c2cecd9e9cf7ea4d7adecf24563f681cacdb009e0f1` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Content-Encoding gzip Last-Modified Wed, 23 Nov 2016 20:30:28 GMT Server Apache Vary Accept-Encoding,User-Agent Upgrade h2,h2c Cache-Control max-age=3600, public Connection Upgrade, Keep-Alive Accept-Ranges bytes Content-Type application/javascript Keep-Alive timeout=1, max=30 Content-Length 502
GET H/1.1	200 OK	icons_16x16.png gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	431 B 431 B	6ms 6ms	Image image/png	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/icons_16x16.png Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Last-Modified Wed, 23 Nov 2016 20:50:16 GMT Server Apache Content-Type image/png Cache-Control max-age=3600, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=1, max=29 Content-Length 431
GET H/1.1	404 Not Found	login.min.js ugur1.kz/-/	0 0	2504ms 2200ms	Script text/html	195.93.153.4 PS
General Check archive.org Show headers Download Go to Full URL http://ugur1.kz/-/login.min.js Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 195.93.153.4 Almaty, Kazakhstan, ASN48716 (PS, KZ), Reverse DNS web-c-4.neolabs.kz Software Apache / Resource Hash Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Pragma no-cache Date Sun, 23 Jul 2017 22:44:35 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <http://ugur1.kz/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=100 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	logo_short_50x25.png gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/	310 B 310 B	6ms 6ms	Image image/png	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/logo_short_50x25.png Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Last-Modified Wed, 23 Nov 2016 20:41:56 GMT Server Apache Content-Type image/png Cache-Control max-age=3600, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=1, max=28 Content-Length 310
GET H/1.1	404 Not Found	TeleGroteskNormal.woff gazipursadar.gov.bd/images/Kontoaktualisierung/fonts/	0 0	6ms 6ms	Font text/html	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/fonts/TeleGroteskNormal.woff Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/dtag.css Origin http://gazipursadar.gov.bd Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=1, max=27 Content-Length 372 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	icons_16x16.png gazipursadar.gov.bd/images/Kontoaktualisierung/images/sprites/	374 B 0	6ms 6ms	Image text/html	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/images/sprites/icons_16x16.png Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/ Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `521da418be559c41c1351c7b4e67c19114f71465c6829b9b4be128cfdff1d7fc` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/web.min.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=1, max=28 Content-Length 374 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	logo_short_50x25.png gazipursadar.gov.bd/images/Kontoaktualisierung/images/	371 B 0	6ms 6ms	Image text/html	176.9.32.72 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://gazipursadar.gov.bd/images/Kontoaktualisierung/images/logo_short_50x25.png Requested by Host: gazipursadar.gov.bd URL: http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/require-jquery.min.js Protocol HTTP/1.1 Server 176.9.32.72 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS server001.webhosting24x7.net Software Apache / Resource Hash `9b519a2e41f381f915a9dbf181e15f928639e9747e0273b9aee1c1ce60b18669` Request headers Referer http://gazipursadar.gov.bd/images/Kontoaktualisierung/t-online.de/web.min.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Sun, 23 Jul 2017 22:44:34 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=1, max=27 Content-Length 371 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telekom (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gazipursadar.gov.bd
ugur1.kz
176.9.32.72
195.93.153.4
06c4b6f45cd9a7ad46218c2091ccf99e219564640400d4b657d98a5f0e6a7b15
1e9b8dff87cfa82666141f733968f3f04130f8308b423fda13a160c76eee0d95
2b286ca3e981a79eca3b858822d9386420bc390d9a8c45a153023dd30a4632d9
2f7e6b7468366efc884e59791d8f155894a2345f6cb7b4428805a27b1ed072ea
521da418be559c41c1351c7b4e67c19114f71465c6829b9b4be128cfdff1d7fc
5a1e69517c76c1fda68cff8b3b6fb6b7773a4b75932684b72b0a23325b14c5fd
9b519a2e41f381f915a9dbf181e15f928639e9747e0273b9aee1c1ce60b18669
b960c78ab89422ac3bc38c2cecd9e9cf7ea4d7adecf24563f681cacdb009e0f1
c51918b2e8a90ec12f396f1fbda614322033a6897a6812c58233f8ad4d4e1c2a

gazipursadar.gov.bd Open in urlscan Pro 176.9.32.72 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

73 kBTransfer

433 kBSize

0 Cookies

1 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

gazipursadar.gov.bd Open in urlscan Pro
176.9.32.72 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

73 kB
Transfer

433 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!