shaifulkhan.com Open in urlscan Pro
103.48.119.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://aarexasia.com/Abc.php
Effective URL:
https://shaifulkhan.com/Chase/
Submission: On November 24 via api (November 24th 2020, 5:32:54 pm UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 103.48.119.13, located in Dhaka, Bangladesh and belongs to XEON-BD Xeon, BD. The main domain is shaifulkhan.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 23rd 2020. Valid for: 3 months.

This is the only time shaifulkhan.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Chase (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	104.238.220.186 104.238.220.186	23470 (RELIABLESITE) (RELIABLESITE)
1 9	103.48.119.13 103.48.119.13	133938 (XEON-BD Xeon) (XEON-BD Xeon)
13	3

1 104.238.220.186 (Miami, United States)

ASN23470 (RELIABLESITE, US)
PTR: in3.fastwebhost.com

aarexasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 103.48.119.13 (Dhaka, Bangladesh) 1 redirects

ASN133938 (XEON-BD Xeon, BD)
PTR: orbit.mydchub.com

shaifulkhan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	shaifulkhan.com shaifulkhan.com Failed www.shaifulkhan.com Failed	174 KB
1	aarexasia.com aarexasia.com	435 B
13	2

	Domain	Requested by
9	shaifulkhan.com	aarexasia.com shaifulkhan.com
1	aarexasia.com
0	www.shaifulkhan.com Failed	shaifulkhan.com
13	3

This site contains no links.

Subject Issuer	Validity	Valid
aarexasia.com cPanel, Inc. Certification Authority	`2020-10-09` - `2021-01-07`	3 months	crt.sh
shaifulkhan.com cPanel, Inc. Certification Authority	`2020-11-23` - `2021-02-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://shaifulkhan.com/Chase/
Frame ID: 99A890FB7487AD690FD9DC8BB7BB578D
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://aarexasia.com/Abc.php Page URL
https://shaifulkhan.com/Chase HTTP 301
https://shaifulkhan.com/Chase/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

69 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

174 kB
Transfer

470 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://aarexasia.com/Abc.php Page URL
https://shaifulkhan.com/Chase HTTP 301
https://shaifulkhan.com/Chase/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://shaifulkhan.com/Chase/css/fonts/dcefont.woff HTTP 301
https://www.shaifulkhan.com/Chase/css/fonts/dcefont.woff

Request Chain 10

https://shaifulkhan.com/Chase/css/opensans-regular.ttf HTTP 301
https://www.shaifulkhan.com/Chase/css/opensans-regular.ttf

Request Chain 11

https://shaifulkhan.com/Chase/css/fonts/dcefont.ttf HTTP 301
https://www.shaifulkhan.com/Chase/css/fonts/dcefont.ttf

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Abc.php Show response aarexasia.com/	240 B 435 B	217ms 217ms	Document text/html	104.238.220.186 RELIABLESITE
General Check archive.org Show headers Download Go to Full URL https://aarexasia.com/Abc.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.220.186 Miami, United States, ASN23470 (RELIABLESITE, US), Reverse DNS in3.fastwebhost.com Software Apache / Resource Hash `38337e0a3e5d9f2c22a1400c7de8eaa5228abd4df403250fc4b14257655957d3` Request headers Host aarexasia.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Tue, 24 Nov 2020 17:32:33 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 189 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET		Chase shaifulkhan.com/	0 0

GET H2	200	Primary Request / Show response shaifulkhan.com/Chase/ Redirect Chain https://shaifulkhan.com/Chase https://shaifulkhan.com/Chase/	11 KB 3 KB	262ms 261ms	Document text/html	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Full URL https://shaifulkhan.com/Chase/ Requested by Host: aarexasia.com URL: https://aarexasia.com/Abc.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `d7598a974e18e78b8b9bab0f389574bd2e35214050b90b91ea85da499e9a1696` Request headers :method GET :authority shaifulkhan.com :scheme https :path /Chase/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer https://aarexasia.com/Abc.php accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://aarexasia.com/Abc.php Response headers content-type text/html; charset=UTF-8 content-length 3056 content-encoding br vary Accept-Encoding date Tue, 24 Nov 2020 17:32:33 GMT server LiteSpeed Redirect headers content-type text/html content-length 706 date Tue, 24 Nov 2020 17:32:33 GMT server LiteSpeed location https://shaifulkhan.com/Chase/
GET H2	200	blue-ui.css shaifulkhan.com/Chase/css/	258 KB 33 KB	243ms 242ms	Stylesheet text/css	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Full URL https://shaifulkhan.com/Chase/css/blue-ui.css Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `80a18543ba3fff90a23a10df2d435680fcefee6c962dd9d20ab3f51c2abaf162` Request headers Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:33 GMT content-encoding br last-modified Fri, 15 Sep 2017 13:07:40 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 34008 expires Tue, 01 Dec 2020 17:32:33 GMT
GET H2	200	logon.css shaifulkhan.com/Chase/css/	65 KB 10 KB	713ms 713ms	Stylesheet text/css	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Full URL https://shaifulkhan.com/Chase/css/logon.css Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `2e8c3233428a93ef9bb4be8188eaed6dbbfa559618f014b08cc6c97dd6ff8bfb` Request headers Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:33 GMT content-encoding br last-modified Sat, 12 Aug 2017 17:01:22 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 9735 expires Tue, 01 Dec 2020 17:32:33 GMT
GET H2	200	chase.png shaifulkhan.com/Chase/	18 KB 18 KB	713ms 713ms	Image image/png	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Show image Full URL https://shaifulkhan.com/Chase/chase.png Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `be2e9a139a53a358658b746924656ebcb08cafe09636949e4cdcd2cde9ce6d5d` Request headers Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:33 GMT last-modified Sat, 12 Aug 2017 17:01:14 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 18850 expires Tue, 01 Dec 2020 17:32:33 GMT
GET H2	200	Capture.PNG shaifulkhan.com/Chase/css/	1 KB 1 KB	718ms 717ms	Image image/png	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Show image Full URL https://shaifulkhan.com/Chase/css/Capture.PNG Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `922579c97e77c029923625e04383db0a7d2060e94170a7493f7f15b111eb832b` Request headers Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:33 GMT last-modified Fri, 15 Sep 2017 13:35:24 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 1062 expires Tue, 01 Dec 2020 17:32:33 GMT
GET H2	200	background.mobile.night.7.jpeg shaifulkhan.com/Chase/css/	80 KB 80 KB	717ms 717ms	Image image/jpeg	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Show image Full URL https://shaifulkhan.com/Chase/css/background.mobile.night.7.jpeg Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `fa5166010c751844a915458795a7c560af4bc1b1f3b71215d1d5b6b661e8176b` Request headers Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:33 GMT last-modified Fri, 05 Jan 2018 03:40:38 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 82134 expires Tue, 01 Dec 2020 17:32:33 GMT
GET H2	200	opensans-semibold.woff shaifulkhan.com/Chase/css/	25 KB 25 KB	239ms 239ms	Font font/woff	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Full URL https://shaifulkhan.com/Chase/css/opensans-semibold.woff Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3` Request headers Origin https://shaifulkhan.com Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:34 GMT last-modified Fri, 15 Sep 2017 13:08:34 GMT server LiteSpeed content-type font/woff cache-control public, max-age=604800 accept-ranges bytes content-length 25108 expires Tue, 01 Dec 2020 17:32:34 GMT
GET H2	200	/ shaifulkhan.com/Chase/	11 KB 3 KB	250ms 249ms	Font text/html	103.48.119.13 XEON-BD Xeon
General Check archive.org Show headers Download Go to Full URL https://shaifulkhan.com/Chase/ Requested by Host: shaifulkhan.com URL: https://shaifulkhan.com/Chase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.48.119.13 Dhaka, Bangladesh, ASN133938 (XEON-BD Xeon, BD), Reverse DNS orbit.mydchub.com Software LiteSpeed / Resource Hash `809e66957cdf04a6bf6b74d8e2b4b3ba20bb9c6411a75531922d059b94744105` Request headers Origin https://shaifulkhan.com Referer https://shaifulkhan.com/Chase/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 24 Nov 2020 17:32:34 GMT content-encoding br server LiteSpeed content-length 3056 vary Accept-Encoding content-type text/html; charset=UTF-8
GET		dcefont.woff www.shaifulkhan.com/Chase/css/fonts/ Redirect Chain https://shaifulkhan.com/Chase/css/fonts/dcefont.woff https://www.shaifulkhan.com/Chase/css/fonts/dcefont.woff	0 0

GET		opensans-regular.ttf www.shaifulkhan.com/Chase/css/ Redirect Chain https://shaifulkhan.com/Chase/css/opensans-regular.ttf https://www.shaifulkhan.com/Chase/css/opensans-regular.ttf	0 0

GET		dcefont.ttf www.shaifulkhan.com/Chase/css/fonts/ Redirect Chain https://shaifulkhan.com/Chase/css/fonts/dcefont.ttf https://www.shaifulkhan.com/Chase/css/fonts/dcefont.ttf	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: shaifulkhan.com
URL: https://shaifulkhan.com/Chase

Domain: www.shaifulkhan.com
URL: https://www.shaifulkhan.com/Chase/css/fonts/dcefont.woff

Domain: www.shaifulkhan.com
URL: https://www.shaifulkhan.com/Chase/css/opensans-regular.ttf

Domain: www.shaifulkhan.com
URL: https://www.shaifulkhan.com/Chase/css/fonts/dcefont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Chase (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aarexasia.com
shaifulkhan.com
www.shaifulkhan.com
shaifulkhan.com
www.shaifulkhan.com
103.48.119.13
104.238.220.186
2e8c3233428a93ef9bb4be8188eaed6dbbfa559618f014b08cc6c97dd6ff8bfb
38337e0a3e5d9f2c22a1400c7de8eaa5228abd4df403250fc4b14257655957d3
809e66957cdf04a6bf6b74d8e2b4b3ba20bb9c6411a75531922d059b94744105
80a18543ba3fff90a23a10df2d435680fcefee6c962dd9d20ab3f51c2abaf162
922579c97e77c029923625e04383db0a7d2060e94170a7493f7f15b111eb832b
be2e9a139a53a358658b746924656ebcb08cafe09636949e4cdcd2cde9ce6d5d
d2113460c69de50edc6206a20deec3c2bc2733929f53817f1faca74ab34c33e3
d7598a974e18e78b8b9bab0f389574bd2e35214050b90b91ea85da499e9a1696
fa5166010c751844a915458795a7c560af4bc1b1f3b71215d1d5b6b661e8176b

shaifulkhan.com Open in urlscan Pro 103.48.119.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

69 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

174 kBTransfer

470 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

shaifulkhan.com Open in urlscan Pro
103.48.119.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

69 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

174 kB
Transfer

470 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!