balaaj.xyz - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 38.111.97.22, located in Georgetown, Canada and belongs to COGENT-174, US. The main domain is balaaj.xyz.
TLS certificate: Issued by R3 on January 8th 2022. Valid for: 3 months.

This is the only time balaaj.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TSB Bank (Banking) Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	83.209.174.180 83.209.174.180	45011 (SE-A3 www...) (SE-A3 www.a3.se)
6	38.111.97.22 38.111.97.22	174 (COGENT-174) (COGENT-174)
7	2

1 83.209.174.180 (Sundbyberg, Sweden)

ASN45011 (SE-A3 www.a3.se, SE)
PTR: h83-209-174-180.cust.a3fiber.se

www.krama.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 38.111.97.22 (Georgetown, Canada)

ASN174 (COGENT-174, US)

balaaj.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	balaaj.xyz balaaj.xyz	152 KB
1	krama.se www.krama.se	431 B
7	2

	Domain	Requested by
6	balaaj.xyz	balaaj.xyz www.krama.se
1	www.krama.se
7	2

This site contains no links.

Subject Issuer	Validity	Valid
balaaj.xyz R3	`2022-01-08` - `2022-04-08`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5
Frame ID: 50D29CE777DD018D264E5C5F4C890642
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://www.krama.se/logic/old.html Page URL
https://balaaj.xyz/games/tsb/ Page URL
https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0As... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

153 kB
Transfer

179 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.krama.se/logic/old.html Page URL
https://balaaj.xyz/games/tsb/ Page URL
https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	old.html Show response www.krama.se/logic/	104 B 431 B	110ms 52ms	Document text/html	83.209.174.180 SE-A3 www.a3.se
General Check archive.org Show headers Download Go to Full URL http://www.krama.se/logic/old.html Protocol HTTP/1.1 Server 83.209.174.180 Sundbyberg, Sweden, ASN45011 (SE-A3 www.a3.se, SE), Reverse DNS h83-209-174-180.cust.a3fiber.se Software Apache / Resource Hash `f90993a10e32444bcf8868af1486e9cd5ba04198d2b527471c6729d347170c42` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language en-GB,en;q=0.9 Response headers Date Mon, 17 Jan 2022 15:41:15 GMT Server Apache Last-Modified Fri, 07 Jan 2022 12:32:43 GMT ETag "68-5d4fd2ef250c0-gzip" Accept-Ranges bytes Vary Accept-Encoding Content-Encoding gzip Content-Length 111 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	/ Show response balaaj.xyz/games/tsb/	563 B 886 B	948ms 388ms	Document text/html	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://balaaj.xyz/games/tsb/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `8a67f84c31b5b18bfe6f15ce0c1aa2dde0dc88a4eb5dbb19f51bd7f9ef54f212` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language en-GB,en;q=0.9 Referer http://www.krama.se/ Response headers Date Mon, 17 Jan 2022 15:41:15 GMT Server Apache/2 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 469 Keep-Alive timeout=2, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	soa.js Show response balaaj.xyz/games/tsb/	20 KB 6 KB	108ms 108ms	Script application/javascript	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://balaaj.xyz/games/tsb/soa.js Requested by Host: balaaj.xyz URL: https://balaaj.xyz/games/tsb/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8` Request headers Accept-Language en-GB,en;q=0.9 Referer https://balaaj.xyz/games/tsb/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Mon, 17 Jan 2022 15:41:16 GMT Content-Encoding gzip Last-Modified Fri, 14 Jan 2022 09:20:23 GMT Server Apache/2 ETag "4f65-5d5875006d0b5-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=99 Content-Length 6049
GET H/1.1	200 OK	Primary Request Login.php Show response balaaj.xyz/games/tsb/	2 KB 2 KB	369ms 368ms	Document text/html	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Requested by Host: www.krama.se URL: http://www.krama.se/logic/old.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `680b738674cd870d656a0b525cedef29cbde3c11da305fe7711d110eaf3a0fdf` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language en-GB,en;q=0.9 Referer https://balaaj.xyz/games/tsb/ Response headers Date Mon, 17 Jan 2022 15:41:16 GMT Server Apache/2 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 1284 Keep-Alive timeout=2, max=98 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	soa.js Show response balaaj.xyz/games/tsb/	20 KB 6 KB	108ms 108ms	Script application/javascript	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Full URL https://balaaj.xyz/games/tsb/soa.js Requested by Host: balaaj.xyz URL: https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8` Request headers Accept-Language en-GB,en;q=0.9 Referer https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Mon, 17 Jan 2022 15:41:16 GMT Content-Encoding gzip Last-Modified Fri, 14 Jan 2022 09:20:23 GMT Server Apache/2 ETag "4f65-5d5875006d0b5-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=97 Content-Length 6049
GET H/1.1	200 OK	1.png balaaj.xyz/games/tsb/	135 KB 136 KB	119ms 118ms	Image image/png	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://balaaj.xyz/games/tsb/1.png Requested by Host: balaaj.xyz URL: https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `d22a8fec25e0f44176ac92b1b8adeb7e3a1222be1f0fdb8b7382c02800252d08` Request headers Accept-Language en-GB,en;q=0.9 Referer https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Mon, 17 Jan 2022 15:41:16 GMT Last-Modified Fri, 14 Jan 2022 09:20:23 GMT Server Apache/2 ETag "21d66-5d58750062ca4" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=96 Content-Length 138598
GET H/1.1	200 OK	continue.png balaaj.xyz/games/tsb/assets/img/	1 KB 2 KB	314ms 106ms	Image image/png	38.111.97.22 COGENT-174
General Check archive.org Show headers Download Go to Show image Full URL https://balaaj.xyz/games/tsb/assets/img/continue.png Requested by Host: balaaj.xyz URL: https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 38.111.97.22 Georgetown, Canada, ASN174 (COGENT-174, US), Reverse DNS Software Apache/2 / Resource Hash `618b0e96c6bf41f64cb14c9c32219f278311936e6cf5a7ba832230389db3ccb0` Request headers Accept-Language en-GB,en;q=0.9 Referer https://balaaj.xyz/games/tsb/Login.php?sslchannel=true&form=AccountVerification&sessionid=qr0AsFs1fJ04gFd7a1roI8r255Pd0JkdxY0keYdlK6kTGhHfXmrGJrBLHXIOxdoB6nxHbZrsYAZxKms5 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Mon, 17 Jan 2022 15:41:17 GMT Last-Modified Fri, 14 Jan 2022 09:20:23 GMT Server Apache/2 ETag "5a6-5d587500676dc" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=100 Content-Length 1446

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TSB Bank (Banking) Generic (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			balaaj.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: b2t0v2m436e31925lbecjge9tm

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

balaaj.xyz
www.krama.se
38.111.97.22
83.209.174.180
618b0e96c6bf41f64cb14c9c32219f278311936e6cf5a7ba832230389db3ccb0
680b738674cd870d656a0b525cedef29cbde3c11da305fe7711d110eaf3a0fdf
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
8a67f84c31b5b18bfe6f15ce0c1aa2dde0dc88a4eb5dbb19f51bd7f9ef54f212
d22a8fec25e0f44176ac92b1b8adeb7e3a1222be1f0fdb8b7382c02800252d08
f90993a10e32444bcf8868af1486e9cd5ba04198d2b527471c6729d347170c42

balaaj.xyz Open in urlscan Pro 38.111.97.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

86 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

153 kBTransfer

179 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

balaaj.xyz Open in urlscan Pro
38.111.97.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

153 kB
Transfer

179 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!