globalstar.com.bd Open in urlscan Pro
68.66.224.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Effective URL:
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693...
Submission: On February 21 via automatic, source phishtank (February 21st 2023, 9:06:43 pm UTC) — Scanned from DE

Summary HTTP 16 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 68.66.224.49, located in United States and belongs to A2HOSTING, US. The main domain is globalstar.com.bd.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 27th 2023. Valid for: 3 months.

This is the only time globalstar.com.bd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Paylife (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 15	68.66.224.49 68.66.224.49	55293 (A2HOSTING) (A2HOSTING)
2	52.143.15.90 52.143.15.90	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
16	2

15 68.66.224.49 (United States) 1 redirects

ASN55293 (A2HOSTING, US)
PTR: az1-ss24.a2hosting.com

globalstar.com.bd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.143.15.90 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

my.paylife.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	globalstar.com.bd 1 redirects globalstar.com.bd	346 KB
2	paylife.at my.paylife.at	391 B
16	2

	Domain	Requested by
15	globalstar.com.bd	1 redirects globalstar.com.bd
2	my.paylife.at	globalstar.com.bd
16	2

This site contains links to these domains. Also see Links.

Domain
www.paylife.at
b2bpr.vaservices.eu

Subject Issuer	Validity	Valid
globalstar.com.bd cPanel, Inc. Certification Authority	`2023-01-27` - `2023-04-27`	3 months	crt.sh
my.paylife.at Entrust Certification Authority - L1M	`2022-11-11` - `2023-12-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
Frame ID: 47708D7A52F5FE8ED66CF8D8042949DC
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

myPayLife

Page URL History Show full URLs

https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315 HTTP 302
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=1... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

346 kB
Transfer

1059 kB
Size

2
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paylife.at/paylife/service/serviceportal/kundennummer
Title: PayLife Kundennummer

Search URL Search Domain Scan URL

URL: https://www.paylife.at/paylife/service/serviceportal/mypaylife-passwort
Title: myPayLife Passwort

Search URL Search Domain Scan URL

URL: https://b2bpr.vaservices.eu/plb/PayLifeBalanceInquiry/
Title: Zur Guthabensabfrage für Prepaid Karten

Search URL Search Domain Scan URL

URL: https://www.paylife.at/serviceportal
Title: www.paylife.at/serviceportal

Search URL Search Domain Scan URL

URL: https://www.paylife.at/impressum

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315 HTTP 302
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ Page URL
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315 HTTP 302
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ 1 KB
2 KB 460ms
149ms Document
text/html 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 68.66.224.49 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS: az1-ss24.a2hosting.com
Software: imunify360-webshield/1.18 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
cf-edge-cache: no-cache
content-type: text/html
date: Tue, 21 Feb 2023 21:06:37 GMT
last-modified: Tuesday, 21-Feb-2023 21:06:37 GMT
server: imunify360-webshield/1.18

GET
H2

200

/
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Redirect Chain

https://globalstar.com.bd/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=23065315
https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/

271 B
469 B

158ms
157ms

Document
text/html

68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 219
content-type: text/html; charset=UTF-8
date: Tue, 21 Feb 2023 21:06:37 GMT
server: imunify360-webshield/1.18
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/7.4.33

Redirect headers

content-length: 142
content-type: text/html
date: Tue, 21 Feb 2023 21:06:37 GMT
location: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
server: imunify360-webshield/1.18

GET
H2 200 Primary Request charsetcontent.php Show response
globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/ 15 KB
4 KB 160ms
158ms Document
text/html 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 / PHP/7.4.33

Resource Hash

176a870db78cfc4976b2f27e547bb5f12a4ce0090effc5158822712d57361d41

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 3900
content-type: text/html; charset=UTF-8
date: Tue, 21 Feb 2023 21:06:38 GMT
server: imunify360-webshield/1.18
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/7.4.33

GET
H2 200 Umbraco%20styles%20for%20RTE.css
globalstar.com.bd/.bin/pay/css/ 1020 B
688 B 157ms
154ms Stylesheet
text/css 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/css/Umbraco%20styles%20for%20RTE.css

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

67c13bc1e7b30e39f21198569a976a15806b2d81aa325db32e7294c5cce95e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 04 Aug 2020 21:35:08 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964caf-3fc-5ac1407753b00-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 332
expires: Mon, 22 May 2023 21:06:38 GMT

GET
H2 200 webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
globalstar.com.bd/.bin/pay/bundles/css/ 378 KB
50 KB 452ms
449ms Stylesheet
text/css 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

78814fb0e9ae2fe9245f2d91f2b35715ce5f5a9ee5e972900407df0b79c31c4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 24 Jan 2023 18:04:18 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964a8c-5e608-5f30658292c80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 50563
expires: Mon, 22 May 2023 21:06:38 GMT

GET
H2 200 js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js Show response
globalstar.com.bd/.bin/pay/bundles/ 535 KB
158 KB 304ms
302ms Script
application/javascript 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/bundles/js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

807ccdd80be2a66c8b7ae183c89e4953ef681df8c5be4978e5b8133f7dfdaaf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Sun, 16 Aug 2020 23:19:38 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964a8d-85b1c-5ad06e3465680-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800, public
accept-ranges: bytes
expires: Mon, 22 May 2023 21:06:38 GMT

GET
H2 200 logo.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 4 KB
4 KB 155ms
155ms Image
image/png 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo.png

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

ce4bc09c26096e87390c0a4d62140ed26eb5948b4ee80a07756750770f238fc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964cab-f2d-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 3622
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 200 logo-width=170.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 6 KB
6 KB 153ms
153ms Image
image/png 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-width=170.png

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

2a4ddac9cfcfd7f83c09fb10cfdddba8b76ee6abcfd9e799f762f3919855e91b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964caa-175a-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 6001
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 200 logo-width=150.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 5 KB
5 KB 155ms
154ms Image
image/png 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-width=150.png

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

6fefab9015af22d17b2e5346f940396a464b2735cfd3bb62522c4154a1e1707d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964ca9-13d0-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 5095
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 200 help.png
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 752 B
891 B 156ms
155ms Image
image/png 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/help.png

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

21e8c9fb8978cf65e8b926af1d7a143cce4e6edfa7082fa5ae17e6d79c35b7ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964ca7-2f0-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 534
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 404 secureboxicon.png
my.paylife.at/media/1025/ 0
195 B 61ms
28ms Image
text/plain 52.143.15.90
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://my.paylife.at/media/1025/secureboxicon.png
Requested by: Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.143.15.90 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
content-length: 0
server: Microsoft-IIS/10.0

GET
H2 200 logo-footer.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 6 KB
5 KB 156ms
156ms Image
image/jpeg 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/logo-footer.jpg

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

6a19d22bfc68b1bb582052960839c1ab0057f9aa4ab6d9d36522d69cda5f603b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/de/authentifizierung/anmelden/charsetcontent.php?ip=213861486code=106616645&id=36181693&country=360455906
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964ca8-16bd-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 4790
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 404 background.png
my.paylife.at/Content/Images/Paylife/ 0
196 B 58ms
27ms Image
text/plain 52.143.15.90
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://my.paylife.at/Content/Images/Paylife/background.png
Requested by: Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.143.15.90 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
content-length: 0
server: Microsoft-IIS/10.0

GET
H2 200 FrutigerLTW01-45Light.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ 51 KB
52 KB 156ms
155ms Font
application/x-font-woff 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/Content/Fonts/FrutigerLTW01-45Light.woff

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

c59249bec52a8fe8daa4cb518df92b5962157957901487ba571fc4c7d803e4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Origin: https://globalstar.com.bd
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
etag: "4964ae6-ccfd-5c7d10b3a0f80"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 52477
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 200 glyphicons-halflings-regular.woff
globalstar.com.bd/.bin/pay/Content/Fonts/ 23 KB
23 KB 154ms
154ms Font
application/x-font-woff 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://globalstar.com.bd/.bin/pay/Content/Fonts/glyphicons-halflings-regular.woff

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
Origin: https://globalstar.com.bd
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
etag: "4964b9e-5b18-5c7d10b3a0f80"
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 23320
expires: Wed, 21 Feb 2024 21:06:38 GMT

GET
H2 200 registration.jpg
globalstar.com.bd/.bin/pay/Content/Images/PayLife/ 35 KB
35 KB 153ms
153ms Image
image/jpeg 68.66.224.49
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://globalstar.com.bd/.bin/pay/Content/Images/PayLife/registration.jpg

Requested by

Host: globalstar.com.bd
URL: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

68.66.224.49 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

az1-ss24.a2hosting.com

Software

imunify360-webshield/1.18 /

Resource Hash

6cf93c289fb59cccdd59929eb1cd902521aa9436a3c20e8d6a97244970851894

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://globalstar.com.bd/.bin/pay/bundles/css/webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 21:06:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 23 Jul 2021 21:25:34 GMT
server: imunify360-webshield/1.18
content-encoding: gzip
etag: "4964cac-8b6c-5c7d10b3a0f80-gzip"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 35518
expires: Wed, 21 Feb 2024 21:06:38 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Paylife (Banking)

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.globalstar.com.bd/	1970-01-20 10:33:25	Name: wschkid Value: 24baf8d9adb17840f0af3a1b74f1da8d6a9e7fd0.1677099997.1
			my.paylife.at/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: 0b2ceeb53e7d7551aafefb5354e57014

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://my.paylife.at/Content/Images/Paylife/background.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://my.paylife.at/media/1025/secureboxicon.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

globalstar.com.bd
my.paylife.at
52.143.15.90
68.66.224.49
176a870db78cfc4976b2f27e547bb5f12a4ce0090effc5158822712d57361d41
21e8c9fb8978cf65e8b926af1d7a143cce4e6edfa7082fa5ae17e6d79c35b7ed
2a4ddac9cfcfd7f83c09fb10cfdddba8b76ee6abcfd9e799f762f3919855e91b
67c13bc1e7b30e39f21198569a976a15806b2d81aa325db32e7294c5cce95e40
6a19d22bfc68b1bb582052960839c1ab0057f9aa4ab6d9d36522d69cda5f603b
6cf93c289fb59cccdd59929eb1cd902521aa9436a3c20e8d6a97244970851894
6fefab9015af22d17b2e5346f940396a464b2735cfd3bb62522c4154a1e1707d
78814fb0e9ae2fe9245f2d91f2b35715ce5f5a9ee5e972900407df0b79c31c4b
807ccdd80be2a66c8b7ae183c89e4953ef681df8c5be4978e5b8133f7dfdaaf6
c59249bec52a8fe8daa4cb518df92b5962157957901487ba571fc4c7d803e4d4
ce4bc09c26096e87390c0a4d62140ed26eb5948b4ee80a07756750770f238fc9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

globalstar.com.bd Open in urlscan Pro 68.66.224.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

346 kBTransfer

1059 kBSize

2 Cookies

5 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

57 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

globalstar.com.bd Open in urlscan Pro
68.66.224.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

346 kB
Transfer

1059 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!