![](/screenshots/c17a3b4e-de5c-401a-871f-954744563164.png)
globalstar.com.bd
Open in
urlscan Pro
68.66.224.49
Malicious Activity!
Public Scan
Effective URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693...
Submission: On February 21 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 27th 2023. Valid for: 3 months.
This is the only time globalstar.com.bd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Paylife (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 68.66.224.49 68.66.224.49 | 55293 (A2HOSTING) (A2HOSTING) | |
2 | 52.143.15.90 52.143.15.90 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
16 | 2 |
ASN55293 (A2HOSTING, US)
PTR: az1-ss24.a2hosting.com
globalstar.com.bd |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
globalstar.com.bd
1 redirects
globalstar.com.bd |
346 KB |
2 |
paylife.at
my.paylife.at |
391 B |
16 | 2 |
Domain | Requested by | |
---|---|---|
15 | globalstar.com.bd |
1 redirects
globalstar.com.bd
|
2 | my.paylife.at |
globalstar.com.bd
|
16 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paylife.at |
b2bpr.vaservices.eu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
globalstar.com.bd cPanel, Inc. Certification Authority |
2023-01-27 - 2023-04-27 |
3 months | crt.sh |
my.paylife.at Entrust Certification Authority - L1M |
2022-11-11 - 2023-12-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
Frame ID: 47708D7A52F5FE8ED66CF8D8042949DC
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/c17a3b4e-de5c-401a-871f-954744563164.png)
Page Title
myPayLifePage URL History Show full URLs
- https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
-
https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315
HTTP 302
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
- https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=1... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: PayLife Kundennummer
Search URL Search Domain Scan URL
Title: myPayLife Passwort
Search URL Search Domain Scan URL
Title: Zur Guthabensabfrage für Prepaid Karten
Search URL Search Domain Scan URL
Title: www.paylife.at/serviceportal
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
-
https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315
HTTP 302
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
- https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315 HTTP 302
- https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Redirect Chain
|
271 B 469 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
charsetcontent.php
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Umbraco%20styles%20for%20RTE.css
globalstar.com.bd/.bin/pay/css/ |
1020 B 688 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
globalstar.com.bd/.bin/pay/bundles/css/ |
378 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js
globalstar.com.bd/.bin/pay/bundles/ |
535 KB 158 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-width=170.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-width=150.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
help.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
752 B 891 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secureboxicon.png
my.paylife.at/media/1025/ |
0 195 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-footer.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
6 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.png
my.paylife.at/Content/Images/Paylife/ |
0 196 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FrutigerLTW01-45Light.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ |
51 KB 52 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyphicons-halflings-regular.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ |
23 KB 23 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
registration.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Paylife (Banking)57 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange function| LZ function| isDate function| compareDates function| formatDate function| _isInteger function| _getInt function| getDateFromFormat function| parseDate function| ResponsiveDatatablesHelper function| FileUpload object| ClientValidation object| MONTH_NAMES object| DAY_NAMES object| XBBCODE object| Browser object| Common object| AcceptCookies object| DataTableHelper object| Global object| Header object| StringUtil object| Timeout object| Tracker object| DataTablePlugins function| MobileSorting object| Account object| CurrencyTranslation object| CryptoUtil object| ExchangeRateHistory object| Faq object| FinancialTransactions object| Home object| Invoice object| Messaging object| MobileDevice object| MobileWallet object| MyControl object| OsaAuthentication object| DecryptPin object| DecryptPinIE11 object| PasswordOrder object| PersonalData object| ProductDetails object| ScaProcess object| PasswordValidator function| $ function| jQuery object| html5 object| Modernizr object| respond function| Truncate function| Spinner object| viewportSize function| _ object| FileUploadStorage2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.globalstar.com.bd/ | Name: wschkid Value: 24baf8d9adb17840f0af3a1b74f1da8d6a9e7fd0.1677099997.1 |
|
my.paylife.at/ | Name: ApplicationGatewayAffinityCORS Value: 0b2ceeb53e7d7551aafefb5354e57014 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
globalstar.com.bd
my.paylife.at
52.143.15.90
68.66.224.49
176a870db78cfc4976b2f27e547bb5f12a4ce0090effc5158822712d57361d41
21e8c9fb8978cf65e8b926af1d7a143cce4e6edfa7082fa5ae17e6d79c35b7ed
2a4ddac9cfcfd7f83c09fb10cfdddba8b76ee6abcfd9e799f762f3919855e91b
67c13bc1e7b30e39f21198569a976a15806b2d81aa325db32e7294c5cce95e40
6a19d22bfc68b1bb582052960839c1ab0057f9aa4ab6d9d36522d69cda5f603b
6cf93c289fb59cccdd59929eb1cd902521aa9436a3c20e8d6a97244970851894
6fefab9015af22d17b2e5346f940396a464b2735cfd3bb62522c4154a1e1707d
78814fb0e9ae2fe9245f2d91f2b35715ce5f5a9ee5e972900407df0b79c31c4b
807ccdd80be2a66c8b7ae183c89e4953ef681df8c5be4978e5b8133f7dfdaaf6
c59249bec52a8fe8daa4cb518df92b5962157957901487ba571fc4c7d803e4d4
ce4bc09c26096e87390c0a4d62140ed26eb5948b4ee80a07756750770f238fc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e