![](/screenshots/0fad9603-22ab-478e-942d-b41b926252a5.png)
balaaj.xyz
Open in
urlscan Pro
38.111.97.22
Malicious Activity!
Public Scan
Effective URL: https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r25...
Submission: On January 17 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by R3 on January 8th 2022. Valid for: 3 months.
This is the only time balaaj.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: TSB Bank (Banking) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 83.209.174.180 83.209.174.180 | 45011 (SE-A3 www...) (SE-A3 www.a3.se) | |
6 | 38.111.97.22 38.111.97.22 | 174 (COGENT-174) (COGENT-174) | |
7 | 2 |
ASN45011 (SE-A3 www.a3.se, SE)
PTR: h83-209-174-180.cust.a3fiber.se
www.krama.se |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
balaaj.xyz
balaaj.xyz |
152 KB |
1 |
krama.se
www.krama.se |
431 B |
7 | 2 |
Domain | Requested by | |
---|---|---|
6 | balaaj.xyz |
balaaj.xyz
www.krama.se |
1 | www.krama.se | |
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
balaaj.xyz R3 |
2022-01-08 - 2022-04-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5
Frame ID: 50D29CE777DD018D264E5C5F4C890642
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/0fad9603-22ab-478e-942d-b41b926252a5.png)
Page Title
LoginPage URL History Show full URLs
- http://www.krama.se/logic/old.html Page URL
- https://balaaj.xyz/games/tsb/ Page URL
- https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0As... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.krama.se/logic/old.html Page URL
- https://balaaj.xyz/games/tsb/ Page URL
- https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
old.html
www.krama.se/logic/ |
104 B 431 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
balaaj.xyz/games/tsb/ |
563 B 886 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
soa.js
balaaj.xyz/games/tsb/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Login.php
balaaj.xyz/games/tsb/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
soa.js
balaaj.xyz/games/tsb/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.png
balaaj.xyz/games/tsb/ |
135 KB 136 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
continue.png
balaaj.xyz/games/tsb/assets/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: TSB Bank (Banking) Generic (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
balaaj.xyz/ | Name: PHPSESSID Value: b2t0v2m436e31925lbecjge9tm |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
balaaj.xyz
www.krama.se
38.111.97.22
83.209.174.180
618b0e96c6bf41f64cb14c9c32219f278311936e6cf5a7ba832230389db3ccb0
680b738674cd870d656a0b525cedef29cbde3c11da305fe7711d110eaf3a0fdf
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
8a67f84c31b5b18bfe6f15ce0c1aa2dde0dc88a4eb5dbb19f51bd7f9ef54f212
d22a8fec25e0f44176ac92b1b8adeb7e3a1222be1f0fdb8b7382c02800252d08
f90993a10e32444bcf8868af1486e9cd5ba04198d2b527471c6729d347170c42