urlscan.io logo urlscan.io
SecurityTrails logo

balotuixach.biz Open in urlscan Pro
125.212.217.45  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.unibackup.it/mslig
Effective URL: https://balotuixach.biz/.front/
Submission: On September 23 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 6 HTTP transactions. The main IP is 125.212.217.45, located in Viet Nam and belongs to VIETEL-AS-AP Viettel Group, VN. The main domain is balotuixach.biz.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 4th 2020. Valid for: 3 months.
This is the only time balotuixach.biz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 51.38.98.200 16276 (OVH)
1 5 125.212.217.45 7552 (VIETEL-AS...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 3
Apex Domain
Subdomains		 Transfer
5 balotuixach.biz
balotuixach.biz
281 KB
2 unibackup.it
www.unibackup.it
404 B
1 cloudflare.com
cdnjs.cloudflare.com
18 KB
6 3
Domain Requested by
5 balotuixach.biz 1 redirects balotuixach.biz
2 www.unibackup.it 1 redirects
1 cdnjs.cloudflare.com balotuixach.biz
6 3

This site contains no links.

Subject Issuer Validity Valid
unibackup.it
Let's Encrypt Authority X3		 2020-08-19 -
2020-11-17		 3 months crt.sh
balotuixach.biz
Let's Encrypt Authority X3		 2020-09-04 -
2020-12-03		 3 months crt.sh
cdnjs.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-12 -
2022-08-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://balotuixach.biz/.front/
Frame ID: 680E88D8CCF5047E5C3226A7D890E876
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.unibackup.it/mslig HTTP 301
    https://www.unibackup.it/mslig/ Page URL
  2. https://balotuixach.biz/.front HTTP 301
    https://balotuixach.biz/.front/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

300 kB
Transfer

351 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.unibackup.it/mslig HTTP 301
    https://www.unibackup.it/mslig/ Page URL
  2. https://balotuixach.biz/.front HTTP 301
    https://balotuixach.biz/.front/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.unibackup.it/mslig HTTP 301
  • https://www.unibackup.it/mslig/

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.unibackup.it/mslig/
Redirect Chain
  • https://www.unibackup.it/mslig
  • https://www.unibackup.it/mslig/
150 B
281 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.unibackup.it/mslig/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.38.98.200 , Germany, ASN16276 (OVH, FR),
Reverse DNS
200.ip-51-38-98.eu
Software
nginx / PHP/7.2.32 PleskLin
Resource Hash
1738cf72e4290a291e7929e267e07a827fdae76b09537d6b25c7223e232a24a9

Request headers

:method
GET
:authority
www.unibackup.it
:scheme
https
:path
/mslig/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
server
nginx
date
Wed, 23 Sep 2020 13:42:01 GMT
content-type
text/html; charset=UTF-8
content-length
134
x-powered-by
PHP/7.2.32 PleskLin
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

status
301
server
nginx
date
Wed, 23 Sep 2020 13:42:01 GMT
content-type
text/html; charset=iso-8859-1
content-length
306
location
https://www.unibackup.it/mslig/
x-powered-by
PleskLin
Primary Request /
balotuixach.biz/.front/
Redirect Chain
  • https://balotuixach.biz/.front
  • https://balotuixach.biz/.front/
984 B
545 B 		Document
General
Check archive.org
Download Go to
Full URL
https://balotuixach.biz/.front/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
125.212.217.45 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
29937cb9db2394fb7ffc6fe9e2dd9ee4169d52ab42a6480380650734e73c0e3d

Request headers

:method
GET
:authority
balotuixach.biz
:scheme
https
:path
/.front/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://www.unibackup.it/mslig/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.unibackup.it/mslig/

Response headers

status
200
content-type
text/html; charset=UTF-8
content-length
460
content-encoding
br
vary
Accept-Encoding
date
Wed, 23 Sep 2020 13:42:03 GMT
server
LiteSpeed

Redirect headers

status
301
content-type
text/html
content-length
706
date
Wed, 23 Sep 2020 13:42:03 GMT
server
LiteSpeed
location
https://balotuixach.biz/.front/
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
mobile-detect.js
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/ 		67 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.js
Requested by
Host: balotuixach.biz
URL: https://balotuixach.biz/.front/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a91c0c6e1abdac6c7a56cad366ef3e01dab8c36dc2d05ce9121a8ea34275e3b0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://balotuixach.biz/.front/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 13:42:03 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
567118
x-via
cfworker/kv
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
18681
cf-request-id
055ccc37860000c2b81639a200000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:13:25 GMT
server
cloudflare
etag
"5eb03f25-10cea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5d74afd27b16c2b8-FRA
expires
Mon, 13 Sep 2021 13:42:03 GMT
mslogo.jpg
balotuixach.biz/.front/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://balotuixach.biz/.front/mslogo.jpg
Requested by
Host: balotuixach.biz
URL: https://balotuixach.biz/.front/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
125.212.217.45 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
bc2b16b51738b77d94ed7591ad1033fa804297ca9faaa35222aa65773f749164

Request headers

Referer
https://balotuixach.biz/.front/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 13:42:04 GMT
last-modified
Wed, 23 Sep 2020 13:03:39 GMT
server
LiteSpeed
etag
"aed-5f6b47ab-40fdcdf83573ae6;;;"
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2797
expires
Wed, 30 Sep 2020 13:42:04 GMT
pc.css
balotuixach.biz/.front/css/ 		3 KB
648 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://balotuixach.biz/.front/css/pc.css
Requested by
Host: balotuixach.biz
URL: https://balotuixach.biz/.front/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
125.212.217.45 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2f3fe74f82d4619f71d0c839d690ffe686ab5c0022eade68609c840e0dd82429

Request headers

Referer
https://balotuixach.biz/.front/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 13:42:04 GMT
content-encoding
br
last-modified
Wed, 23 Sep 2020 13:03:39 GMT
server
LiteSpeed
etag
"b90-5f6b47ab-2f7f49557f6545e7;br"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
577
expires
Wed, 30 Sep 2020 13:42:04 GMT
img.jpg
balotuixach.biz/.front/ 		277 KB
277 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://balotuixach.biz/.front/img.jpg
Requested by
Host: balotuixach.biz
URL: https://balotuixach.biz/.front/css/pc.css
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
125.212.217.45 , Viet Nam, ASN7552 (VIETEL-AS-AP Viettel Group, VN),
Reverse DNS
Software
LiteSpeed /
Resource Hash
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb

Request headers

Referer
https://balotuixach.biz/.front/css/pc.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 23 Sep 2020 13:42:04 GMT
last-modified
Wed, 23 Sep 2020 13:03:39 GMT
server
LiteSpeed
etag
"452d7-5f6b47ab-faedaec3b57a23bd;;;"
content-type
image/jpeg
status
200
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
283351
expires
Wed, 30 Sep 2020 13:42:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| MobileDetect object| md

0 Cookies