urlscan.io logo urlscan.io
SecurityTrails logo

globalstar.com.bd Open in urlscan Pro
68.66.224.49  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nextadmission.com/.well-known
Effective URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180...
Submission: On February 21 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 68.66.224.49, located in United States and belongs to A2HOSTING, US. The main domain is globalstar.com.bd.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 27th 2023. Valid for: 3 months.
This is the only time globalstar.com.bd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paylife (Banking)

Domain & IP information

IP Address AS Autonomous System
5 20 68.66.224.49 55293 (A2HOSTING)
2 52.143.15.90 8075 (MICROSOFT...)
17 2
Apex Domain
Subdomains		 Transfer
16 globalstar.com.bd
globalstar.com.bd
347 KB
4 nextadmission.com
nextadmission.com
3 KB
2 paylife.at
my.paylife.at
9 KB
17 3
Domain Requested by
16 globalstar.com.bd 2 redirects globalstar.com.bd
4 nextadmission.com 3 redirects
2 my.paylife.at globalstar.com.bd
17 3

This site contains links to these domains. Also see Links.

Domain
www.paylife.at
b2bpr.vaservices.eu
Subject Issuer Validity Valid
globalstar.com.bd
cPanel, Inc. Certification Authority		 2023-01-27 -
2023-04-27		 3 months crt.sh
my.paylife.at
Entrust Certification Authority - L1M		 2022-11-11 -
2023-12-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Frame ID: 1C680118D55DF1F14B790BB53F138D04
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

myPayLife

Page URL History Show full URLs

  1. http://nextadmission.com/.well-known Page URL
  2. http://nextadmission.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=8503697 HTTP 302
    http://nextadmission.com/.well-known HTTP 301
    http://nextadmission.com/.well-known/ HTTP 302
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden Page URL
  3. https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6435667 HTTP 302
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden HTTP 301
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
  4. https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180cod... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

357 kB
Transfer

1070 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nextadmission.com/.well-known Page URL
  2. http://nextadmission.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=8503697 HTTP 302
    http://nextadmission.com/.well-known HTTP 301
    http://nextadmission.com/.well-known/ HTTP 302
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden Page URL
  3. https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6435667 HTTP 302
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden HTTP 301
    https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
  4. https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://nextadmission.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=8503697 HTTP 302
  • http://nextadmission.com/.well-known HTTP 301
  • http://nextadmission.com/.well-known/ HTTP 302
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
Request Chain 2
  • https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6435667 HTTP 302
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden HTTP 301
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
.well-known
nextadmission.com/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://nextadmission.com/.well-known
Protocol
HTTP/1.1
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
837f9b9a7f826a2c95e0a6ea373e9f0be6e35340065d1bbeccace2173b116252

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Connection
close
Content-Type
text/html
Date
Tue, 21 Feb 2023 21:06:32 GMT
Last-Modified
Tuesday, 21-Feb-2023 21:06:32 GMT
Server
imunify360-webshield/1.18
Transfer-Encoding
chunked
cf-edge-cache
no-cache
anmelden
globalstar.com.bd/.bin/pay/de/authentifizierung/
Redirect Chain
  • http://nextadmission.com/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=8503697
  • http://nextadmission.com/.well-known
  • http://nextadmission.com/.well-known/
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash

Request headers

Referer
http://nextadmission.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
cf-edge-cache
no-cache
content-type
text/html
date
Tue, 21 Feb 2023 21:06:34 GMT
last-modified
Tuesday, 21-Feb-2023 21:06:34 GMT
server
imunify360-webshield/1.18

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 21 Feb 2023 21:06:33 GMT
Location
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
Server
imunify360-webshield/1.18
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Powered-By
PHP/7.4.33
/
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Redirect Chain
  • https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=6435667
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
  • https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
274 B
473 B 		Document
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 / PHP/7.4.33
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
223
content-type
text/html; charset=UTF-8
date
Tue, 21 Feb 2023 21:06:35 GMT
server
imunify360-webshield/1.18
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.4.33

Redirect headers

content-length
273
content-type
text/html; charset=iso-8859-1
date
Tue, 21 Feb 2023 21:06:34 GMT
location
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
server
imunify360-webshield/1.18
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
Primary Request confirmjavascript.php
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 / PHP/7.4.33
Resource Hash
176a870db78cfc4976b2f27e547bb5f12a4ce0090effc5158822712d57361d41
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
3900
content-type
text/html; charset=UTF-8
date
Tue, 21 Feb 2023 21:06:35 GMT
server
imunify360-webshield/1.18
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.4.33
Umbraco%20styles%20for%20RTE.css
globalstar.com.bd/.bin/pay/css/ 		1020 B
688 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/css/Umbraco%20styles%20for%20RTE.css
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
67c13bc1e7b30e39f21198569a976a15806b2d81aa325db32e7294c5cce95e40
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:35 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 04 Aug 2020 21:35:08 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964caf-3fc-5ac1407753b00-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
332
expires
Mon, 22 May 2023 21:06:35 GMT
webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
globalstar.com.bd/.bin/pay/bundles/css/ 		378 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
78814fb0e9ae2fe9245f2d91f2b35715ce5f5a9ee5e972900407df0b79c31c4b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:35 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 24 Jan 2023 18:04:18 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964a8c-5e608-5f30658292c80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
50563
expires
Mon, 22 May 2023 21:06:35 GMT
js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js
globalstar.com.bd/.bin/pay/bundles/ 		535 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/bundles/js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
807ccdd80be2a66c8b7ae183c89e4953ef681df8c5be4978e5b8133f7dfdaaf6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:35 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Sun, 16 Aug 2020 23:19:38 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964a8d-85b1c-5ad06e3465680-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800, public
accept-ranges
bytes
expires
Mon, 22 May 2023 21:06:35 GMT
logo.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
ce4bc09c26096e87390c0a4d62140ed26eb5948b4ee80a07756750770f238fc9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964cab-f2d-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
3622
expires
Wed, 21 Feb 2024 21:06:36 GMT
logo-width=170.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-width=170.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
2a4ddac9cfcfd7f83c09fb10cfdddba8b76ee6abcfd9e799f762f3919855e91b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964caa-175a-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
6001
expires
Wed, 21 Feb 2024 21:06:36 GMT
logo-width=150.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-width=150.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
6fefab9015af22d17b2e5346f940396a464b2735cfd3bb62522c4154a1e1707d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964ca9-13d0-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
5095
expires
Wed, 21 Feb 2024 21:06:36 GMT
help.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		752 B
891 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/help.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
21e8c9fb8978cf65e8b926af1d7a143cce4e6edfa7082fa5ae17e6d79c35b7ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964ca7-2f0-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
534
expires
Wed, 21 Feb 2024 21:06:36 GMT
secureboxicon.png
my.paylife.at/media/1025/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.paylife.at/media/1025/secureboxicon.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.143.15.90 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
47a13da74f9915ae50863e89a9bdaca2960f502b70b064a1874132f9532e495d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
last-modified
Fri, 29 Aug 2014 07:37:12 GMT
accept-ranges
bytes
etag
"0c4d5b5cc3cf1:0"
content-length
3363
content-type
image/png
logo-footer.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-footer.jpg
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
6a19d22bfc68b1bb582052960839c1ab0057f9aa4ab6d9d36522d69cda5f603b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/confirmjavascript.php?ip=798865180code=107078871&id=59180227&country=706748362
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964ca8-16bd-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
4790
expires
Wed, 21 Feb 2024 21:06:36 GMT
background.png
my.paylife.at/Content/Images/Paylife/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.paylife.at/Content/Images/Paylife/background.png
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.143.15.90 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
70b675ffdf3c31c1ab63ae23fd328484b1fa2475ded5b8a99a44ce0cd4a15e7e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
last-modified
Thu, 16 Feb 2023 14:18:38 GMT
accept-ranges
bytes
etag
"073e28f1142d91:0"
content-length
5712
content-type
image/png
FrutigerLTW01-45Light.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ 		51 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/Content/Fonts/FrutigerLTW01-45Light.woff
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
c59249bec52a8fe8daa4cb518df92b5962157957901487ba571fc4c7d803e4d4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Origin
https://globalstar.com.bd
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
etag
"4964ae6-ccfd-5c7d10b3a0f80"
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
cache-control
max-age=31536000
accept-ranges
bytes
content-length
52477
expires
Wed, 21 Feb 2024 21:06:36 GMT
glyphicons-halflings-regular.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://globalstar.com.bd/.bin/pay/Content/Fonts/glyphicons-halflings-regular.woff
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Origin
https://globalstar.com.bd
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
etag
"4964b9e-5b18-5c7d10b3a0f80"
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
cache-control
max-age=31536000
accept-ranges
bytes
content-length
23320
expires
Wed, 21 Feb 2024 21:06:36 GMT
registration.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/registration.jpg
Requested by
Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
az1-ss24.a2hosting.com
Software
imunify360-webshield/1.18 /
Resource Hash
6cf93c289fb59cccdd59929eb1cd902521aa9436a3c20e8d6a97244970851894
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date
Tue, 21 Feb 2023 21:06:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
last-modified
Fri, 23 Jul 2021 21:25:34 GMT
server
imunify360-webshield/1.18
content-encoding
gzip
etag
"4964cac-8b6c-5c7d10b3a0f80-gzip"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
35518
expires
Wed, 21 Feb 2024 21:06:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paylife (Banking)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| LZ function| isDate function| compareDates function| formatDate function| _isInteger function| _getInt function| getDateFromFormat function| parseDate function| ResponsiveDatatablesHelper function| FileUpload object| ClientValidation object| MONTH_NAMES object| DAY_NAMES object| XBBCODE object| Browser object| Common object| AcceptCookies object| DataTableHelper object| Global object| Header object| StringUtil object| Timeout object| Tracker object| DataTablePlugins function| MobileSorting object| Account object| CurrencyTranslation object| CryptoUtil object| ExchangeRateHistory object| Faq object| FinancialTransactions object| Home object| Invoice object| Messaging object| MobileDevice object| MobileWallet object| MyControl object| OsaAuthentication object| DecryptPin object| DecryptPinIE11 object| PasswordOrder object| PersonalData object| ProductDetails object| ScaProcess object| PasswordValidator function| $ function| jQuery object| html5 object| Modernizr object| respond function| Truncate function| Spinner object| viewportSize function| _ object| FileUploadStorage

3 Cookies

Domain/Path Name / Value
.nextadmission.com/ Name: wschkid
Value: 73dc63c7f109497e2a5e79f90e0300463ab79f04.1677099992.1
.globalstar.com.bd/ Name: wschkid
Value: e5a114e3e13d666f77a3d38f5ab7e17b2a4928a6.1677099994.1
my.paylife.at/ Name: ApplicationGatewayAffinityCORS
Value: 07d950101640d6056654bc871671b1b5