kylabaltazar.com
Open in
urlscan Pro
104.219.248.102
Malicious Activity!
Public Scan
Submitted URL: http://929293.karmuhasebetr.com/
Effective URL: https://kylabaltazar.com/XYSYD/
Submission: On January 31 via manual from US
Effective URL: https://kylabaltazar.com/XYSYD/
Submission: On January 31 via manual from US
Summary
This website contacted 4 IPs
in 5 countries
across 5 domains to perform 26 HTTP transactions.
The main IP is 104.219.248.102, located in
Los Angeles, United States and
belongs to NAMECHEAP-NET, US.
The main domain is kylabaltazar.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 31st 2020. Valid for: 3 months.
This is the only time kylabaltazar.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on January 31st 2020. Valid for: 3 months.
This is the only time kylabaltazar.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 217.195.198.35 217.195.198.35 | 20649 (ASFIBERSU...) (ASFIBERSUNUCU) | |
| 20 | 104.219.248.102 104.219.248.102 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 4 | 2a02:26f0:10c... 2a02:26f0:10c:383::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:820::200a | 15169 (GOOGLE) (GOOGLE) | |
| 26 | 4 |
1
217.195.198.35
(Turkey)
ASN20649 (ASFIBERSUNUCU, TR)
PTR: mx35.dayneks.com
ASN20649 (ASFIBERSUNUCU, TR)
PTR: mx35.dayneks.com
| 929293.karmuhasebetr.com |
20
104.219.248.102
(Los Angeles, United States)
ASN22612 (NAMECHEAP-NET, US)
PTR: server137-4.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: server137-4.web-hosting.com
| kylabaltazar.com |
4
2a02:26f0:10c:383::35c1
(Ascension Island)
ASN20940 (AKAMAI-ASN1, US)
ASN20940 (AKAMAI-ASN1, US)
| secure.aadcdn.microsoftonline-p.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
kylabaltazar.com
kylabaltazar.com |
173 KB |
| 4 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
283 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
658 B |
| 1 |
jquery.com
code.jquery.com |
30 KB |
| 1 |
karmuhasebetr.com
1 redirects
929293.karmuhasebetr.com |
252 B |
| 26 | 5 |
| Domain | Requested by | |
|---|---|---|
| 20 | kylabaltazar.com |
kylabaltazar.com
|
| 4 | secure.aadcdn.microsoftonline-p.com |
kylabaltazar.com
|
| 1 | fonts.googleapis.com |
kylabaltazar.com
|
| 1 | code.jquery.com |
kylabaltazar.com
|
| 1 | 929293.karmuhasebetr.com | 1 redirects |
| 26 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| login.microsoftonline.com |
| login.live.com |
| www.microsoft.com |
| privacy.microsoft.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| kylabaltazar.com Let's Encrypt Authority X3 |
2020-01-31 - 2020-04-30 |
3 months | crt.sh |
| secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 4 |
2019-07-17 - 2021-07-17 |
2 years | crt.sh |
| jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-01-14 - 2020-04-07 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://kylabaltazar.com/XYSYD/
Frame ID: 3AD603BA0ACF3685507437046DA6C577
Requests: 7 HTTP requests in this frame
Frame:
https://kylabaltazar.com/XYSYD/Sign%20in%20to%20your%20account_files/prefetch(1).html
Frame ID: 38CD6D53B0F6D202BD4C83E2FA58D4B5
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://929293.karmuhasebetr.com/
HTTP 301
https://kylabaltazar.com/XYSYD/ Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: https://login.microsoftonline.com/common/reprocess?ctx=rQIIAXWRO2_TUACFc_MwLSCoWGDswARy4nfiiA4hcZ2E2A6O3dZeItfx48bP2DeE5BewIHVg6oiEkCompgqE2DtVgglWBlQJCXVAjKQ_gOVMR5-OzvegRFbJ5n2GZlirfsjjvMXROMOTBG4xFIfTLM3RFEFOWILO7lzfQu--Tj7_edR9-ePG4OLyy6cTcNdHKM2btdpisagmrgttp2onUe0UgHMAfgJwXKw4Ma6PToo5R3N1muGoxppG8STL81VJU31F1BlppSNpakIZEoRMSauB5jHS9CmSRJ2StUlk7JuhFOmMMTVYRbMXSkdHZsePlDZBmOIuHOzvhvKaoYh7vjQNlsZKWMmRTn4r3lZac-RTV5FkcOVcFjfdJIvGaZKj49JboKRO3Ju0kzh2bFS9qjkxgraFYBIPsyR1MgSdfKc1U-XelOxanDmSGS8Yj4LnASFEROIqoc8m6p5gisFyZgxmPWt2yPYzlTOIpZaKMJuyFg_DgfvE16h2iFBg0l6wtDNZ2A_GJs6SndZAsqgof0an-MFjXqWEnt1osKY59zx3tpwPrfB9CVvfGiXxWenWelQMJ9tplrgwdM7L4KJ8kyg1NzawLXCvsF34WwavK2tbvwz3o2RG4hv--6j06rRwVqk9hKHHBhRNacOJwB9IklKPPFX1uSHZ7_aZrsApi5xvEMOY2WGa5BEGjjDsNwZeXCt82Pyf6381
Title: Can’t access your account?
Title: Can’t access your account?
Search URL Search Domain Scan URL
URL: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSvW_TUBTF4yQNbUFQISQYOzCBnDw_fySO6FBa10mJ7eDYbe0lch1_vPgzzmtD8hewIHVgyoiEkCompgqE2DtVgqmsDKgSEuqAGHHZu9zlnvPT1Tn3UYmqUs2HDM2wVn2fJ3mLo0mGpwBpMZAjaZbmaAioAQvo7O7yCn7_bfDlz5PWqx83OxeXXz_PiaV-iA6dqp1Ex8R9H-N03KzVJpNJNXFdZP9f1E4I4owgfhLEvLjgxKTeOy6OOZqr0wwHGzkZ8hTL81VJU31F1BlppmNpaCIZASBDadbRPEYaPseSqENZG0TGrhlKkc4YQ4NVNHuibOrY3PQjZQMAU9xCnd2tUM4ZirjjS8NgasyEmRzp1HnxjrJ-gH14NZIMzZzL4pKbZFE_TcZ4XnpHKKkTtwcbSRw7Nq5eyZwYI9vCKIm7WZI6GUbOeG19pMrtIdWyOLMnM17Q7wUvAiBEIHGV0GcTdUcwxWA6MjqjtjXaZ7czlTPAVEtFlA1Zi0dhx33ma3AjxDgwaS-Y2pks7AZ9k2SpzfWOZMFofEin5N5TXoVC2240WNM88Dx3ND3oWuGHUiWPNUri09Lt_KgYDVbTLHFR6JyViYvyLVBqLi5WVogHhdXC3zLxZiFv7pfhfpLMSHzLf--VXp8UThdqj1HosQGkodYdCPyeJCn1yFNVn-tS261tpiVwymTMN0A3ZtaYJnVUIY4qld-V4ssbhY9L13V9vnwv_5cGCXgSsquAb1K5tW7-Aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=4345a7b9-9a63-4910-a426-35363201d503&mkt=en-US
Title: Create one!
Title: Create one!
Search URL Search Domain Scan URL
URL: https://www.microsoft.com/en-US/servicesagreement/
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Privacy & cookies
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://929293.karmuhasebetr.com/
HTTP 301
https://kylabaltazar.com/XYSYD/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
kylabaltazar.com/XYSYD/ Redirect Chain
|
204 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ellipsis_white.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
915 B 641 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ellipsis_grey.svg
kylabaltazar.com/XYSYD/Sign%20in%20to%20your%20account_files/ |
16 KB 16 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0-small.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/ |
277 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prefetch(1).html
kylabaltazar.com/XYSYD/Sign%20in%20to%20your%20account_files/ Frame 38CD |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.min.css
kylabaltazar.com/wp-includes/css/dist/block-library/ Frame 38CD |
40 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sfsi-style.css
kylabaltazar.com/wp-content/plugins/ultimate-social-media-plus/css/ Frame 38CD |
85 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ Frame 38CD |
5 KB 658 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
kylabaltazar.com/wp-content/themes/hamilton/ Frame 38CD |
49 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
kylabaltazar.com/wp-includes/js/jquery/ Frame 38CD |
95 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-migrate.min.js
kylabaltazar.com/wp-includes/js/jquery/ Frame 38CD |
10 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Kyla_Baltazar_Logo.png
kylabaltazar.com/wp-content/uploads/2018/10/ Frame 38CD |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
so-css-hamilton.css
kylabaltazar.com/wp-content/uploads/so-css/ Frame 38CD |
1 KB 786 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
core.min.js
kylabaltazar.com/wp-includes/js/jquery/ui/ Frame 38CD |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
modernizr.custom.min.js
kylabaltazar.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/ Frame 38CD |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.shuffle.min.js
kylabaltazar.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/ Frame 38CD |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
random-shuffle-min.js
kylabaltazar.com/wp-content/plugins/ultimate-social-media-plus/js/shuffle/ Frame 38CD |
1 KB 1000 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
custom.js
kylabaltazar.com/wp-content/plugins/ultimate-social-media-plus/js/ Frame 38CD |
31 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imagesloaded.min.js
kylabaltazar.com/wp-includes/js/ Frame 38CD |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
masonry.min.js
kylabaltazar.com/wp-includes/js/ Frame 38CD |
28 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
global.js
kylabaltazar.com/wp-content/themes/hamilton/assets/js/ Frame 38CD |
5 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wp-embed.min.js
kylabaltazar.com/wp-includes/js/ Frame 38CD |
1 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wp-emoji-release.min.js
kylabaltazar.com/wp-includes/js/ Frame 38CD |
14 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| goNext function| closeBox function| checkSubmit function| isEmail function| iserror1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| kylabaltazar.com/ | Name: PHPSESSID Value: go2g6j9o5t2vr6o6k89gias4t5 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
929293.karmuhasebetr.com
code.jquery.com
fonts.googleapis.com
kylabaltazar.com
secure.aadcdn.microsoftonline-p.com
104.219.248.102
2001:4de0:ac19::1:b:1a
217.195.198.35
2a00:1450:4001:820::200a
2a02:26f0:10c:383::35c1
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0513682c213928134ae282ebe3e1b8c20ef47c645e9fb462c7909d6ca67f09e2
0cd7490040fae2ca6f3a17c8d69fe8b06b009f6fdb7bcc2e7acfcdc49e76a049
11e15f1d64a63cb498d0d42720a688ed15bf78393d8c460d695a110244c066e3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1b038a83ade416be4acfee8435bd3757489f209fd38013259f9460d4294aed40
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
211376d1923f1a2dd8eadae4c4d079eb12a160321b0f2995087e4075106c1b1a
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
46e6f42a22054a793841935920cbbc723856e339fead50fa33c1f1bb3ec5a251
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4f2194bc1abe7fa634a8792eac943b7875114179a9ea403483e9309d35aac454
500f4ca779caecaaec6546808a1fa0eb86da2347e3e38f7ec3647ec676f917ad
540c6850ec4086846fe3103a777eae0a07c844a1c87cbed88a96e84eef440923
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
6a1fe0907100410728ab4d870e8b1cca4b9ce788b9c87e83444dd0cd5818ca3e
733d7c26a5fb7240e83e8af2c822218b321b5143e28c2dd65ab2492297ac6bd7
911a22a49446e9a6abe2a966001e657e80aff9ecbc9b922f740a39ad8ef3c3e1
9c0a98f8e26fe86c900086f3942c393391656704df8e31097fbd2af3ac036e76
a746e8a4ff2bd977ab0fc4e3ce1d4d506a3bc8b767e6103e7ed8883521df2018
b6bb56a3a4db244f9fa44d6373c0bd391ac69e8ee2e8dd86ac9b997d75bbe95c
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea