oldweb.globalstar.com.bd
Open in
urlscan Pro
68.66.224.49
Malicious Activity!
Public Scan
Effective URL: https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/htmlwindows.php?ip=583392914code=864143847&id=52829639&countr...
Submission: On February 22 via manual from NZ — Scanned from NZ
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 8th 2022. Valid for: 3 months.
This is the only time oldweb.globalstar.com.bd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Paylife (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 17 | 68.66.224.49 68.66.224.49 | 55293 (A2HOSTING) (A2HOSTING) | |
2 | 52.143.15.90 52.143.15.90 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
15 | 2 |
ASN55293 (A2HOSTING, US)
PTR: az1-ss24.a2hosting.com
nextadmission.com | |
oldweb.globalstar.com.bd |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
globalstar.com.bd
2 redirects
oldweb.globalstar.com.bd |
347 KB |
2 |
paylife.at
my.paylife.at |
9 KB |
2 |
nextadmission.com
2 redirects
nextadmission.com |
815 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
15 | oldweb.globalstar.com.bd |
2 redirects
oldweb.globalstar.com.bd
|
2 | my.paylife.at |
oldweb.globalstar.com.bd
|
2 | nextadmission.com | 2 redirects |
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paylife.at |
b2bpr.vaservices.eu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
oldweb.globalstar.com.bd cPanel, Inc. Certification Authority |
2022-12-08 - 2023-03-08 |
3 months | crt.sh |
my.paylife.at Entrust Certification Authority - L1M |
2022-11-11 - 2023-12-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/htmlwindows.php?ip=583392914code=864143847&id=52829639&country=441404778
Frame ID: 0EAF0FBE50DA46D192A225CF31DC9B03
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
myPayLifePage URL History Show full URLs
-
http://nextadmission.com/.well-known
HTTP 301
http://nextadmission.com/.well-known/ HTTP 302
https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/ HTTP 302
https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/on HTTP 301
https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/ Page URL
- https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/htmlwindows.php?ip=583392914code=86414384... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: PayLife Kundennummer
Search URL Search Domain Scan URL
Title: myPayLife Passwort
Search URL Search Domain Scan URL
Title: Zur Guthabensabfrage für Prepaid Karten
Search URL Search Domain Scan URL
Title: www.paylife.at/serviceportal
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nextadmission.com/.well-known
HTTP 301
http://nextadmission.com/.well-known/ HTTP 302
https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/ HTTP 302
https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/on HTTP 301
https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/ Page URL
- https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/htmlwindows.php?ip=583392914code=864143847&id=52829639&country=441404778 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://nextadmission.com/.well-known HTTP 301
- http://nextadmission.com/.well-known/ HTTP 302
- https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/ HTTP 302
- https://oldweb.globalstar.com.bd/%D0%94/pay/de/authentifizierung/on HTTP 301
- https://oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/ Redirect Chain
|
268 B 606 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
htmlwindows.php
oldweb.globalstar.com.bd/%d0%94/pay/de/authentifizierung/on/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Umbraco%20styles%20for%20RTE.css
oldweb.globalstar.com.bd/%d0%94/pay/css/ |
1020 B 825 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webportal-v=wQn4spmujMJL0Llwu8vQ7NhGT6nfCio2Kk6M7LY4PiE1.css
oldweb.globalstar.com.bd/%d0%94/pay/bundles/css/ |
378 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js-v=VdFq4nv7Rl2n-_qUVZdurp_SQjnIrdw85_JGmKfS_9E1.js
oldweb.globalstar.com.bd/%d0%94/pay/bundles/ |
535 KB 158 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-width=170.png
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-width=150.png
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help.png
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
752 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secureboxicon.png
my.paylife.at/media/1025/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-footer.jpg
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
6 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.png
my.paylife.at/Content/Images/Paylife/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FrutigerLTW01-45Light.woff
oldweb.globalstar.com.bd/%d0%94/pay/Content/Fonts/ |
51 KB 52 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyphicons-halflings-regular.woff
oldweb.globalstar.com.bd/%d0%94/pay/Content/Fonts/ |
23 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
registration.jpg
oldweb.globalstar.com.bd/%d0%94/pay/Content/Images/PayLife/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Paylife (Banking)57 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange function| LZ function| isDate function| compareDates function| formatDate function| _isInteger function| _getInt function| getDateFromFormat function| parseDate function| ResponsiveDatatablesHelper function| FileUpload object| ClientValidation object| MONTH_NAMES object| DAY_NAMES object| XBBCODE object| Browser object| Common object| AcceptCookies object| DataTableHelper object| Global object| Header object| StringUtil object| Timeout object| Tracker object| DataTablePlugins function| MobileSorting object| Account object| CurrencyTranslation object| CryptoUtil object| ExchangeRateHistory object| Faq object| FinancialTransactions object| Home object| Invoice object| Messaging object| MobileDevice object| MobileWallet object| MyControl object| OsaAuthentication object| DecryptPin object| DecryptPinIE11 object| PasswordOrder object| PersonalData object| ProductDetails object| ScaProcess object| PasswordValidator function| $ function| jQuery object| html5 object| Modernizr object| respond function| Truncate function| Spinner object| viewportSize function| _ object| FileUploadStorage2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
oldweb.globalstar.com.bd/ | Name: PHPSESSID Value: dcaa737dd5b372f1f6b5273ea8623170 |
|
my.paylife.at/ | Name: ApplicationGatewayAffinityCORS Value: 0b2ceeb53e7d7551aafefb5354e57014 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
my.paylife.at
nextadmission.com
oldweb.globalstar.com.bd
52.143.15.90
68.66.224.49
176a870db78cfc4976b2f27e547bb5f12a4ce0090effc5158822712d57361d41
21e8c9fb8978cf65e8b926af1d7a143cce4e6edfa7082fa5ae17e6d79c35b7ed
2a4ddac9cfcfd7f83c09fb10cfdddba8b76ee6abcfd9e799f762f3919855e91b
47a13da74f9915ae50863e89a9bdaca2960f502b70b064a1874132f9532e495d
67c13bc1e7b30e39f21198569a976a15806b2d81aa325db32e7294c5cce95e40
6a19d22bfc68b1bb582052960839c1ab0057f9aa4ab6d9d36522d69cda5f603b
6cf93c289fb59cccdd59929eb1cd902521aa9436a3c20e8d6a97244970851894
6fefab9015af22d17b2e5346f940396a464b2735cfd3bb62522c4154a1e1707d
70b675ffdf3c31c1ab63ae23fd328484b1fa2475ded5b8a99a44ce0cd4a15e7e
78814fb0e9ae2fe9245f2d91f2b35715ce5f5a9ee5e972900407df0b79c31c4b
807ccdd80be2a66c8b7ae183c89e4953ef681df8c5be4978e5b8133f7dfdaaf6
c59249bec52a8fe8daa4cb518df92b5962157957901487ba571fc4c7d803e4d4
ce4bc09c26096e87390c0a4d62140ed26eb5948b4ee80a07756750770f238fc9
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e