balance.13141efgtrvbhjd.com Open in urlscan Pro
34.96.246.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wlmqbbs.net/down/dncl/flashplayer25_ga_install.exe
Effective URL:
https://balance.13141efgtrvbhjd.com/
Submission Tags: @ecarlesi threat #malware Search All
Submission: On November 01 via api (November 1st 2023, 2:45:40 am UTC) from FR — Scanned from FR

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 6 domains to perform 8 HTTP transactions. The main IP is 34.96.246.12, located in Hong Kong, Hong Kong and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is balance.13141efgtrvbhjd.com.
TLS certificate: Issued by R3 on October 23rd 2023. Valid for: 3 months.

This is the only time balance.13141efgtrvbhjd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	156.234.127.117 156.234.127.117	40065 (CNSERVERS) (CNSERVERS)
2	34.96.246.12 34.96.246.12	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
8	3

1 156.234.127.117 (Hong Kong, Hong Kong)

ASN40065 (CNSERVERS, US)

wlmqbbs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.246.12 (Hong Kong, Hong Kong)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 12.246.96.34.bc.googleusercontent.com

balance.13141efgtrvbhjd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	13141efgtrvbhjd.com balance.13141efgtrvbhjd.com	2 KB
1	wlmqbbs.net wlmqbbs.net	301 B
0	kdc694jq5oas194.com Failed akdo3123.kdc694jq5oas194.com Failed
0	lopa6ndb21sv3oewa.com Failed rp42kdwo.lopa6ndb21sv3oewa.com Failed
0	hg5ja97kqay21h3.com Failed rp42kdwo.hg5ja97kqay21h3.com Failed
0	h5jqh2kdb3as.com Failed akdo3123.h5jqh2kdb3as.com Failed rp42kdwo.h5jqh2kdb3as.com Failed
8	6

	Domain	Requested by
2	balance.13141efgtrvbhjd.com	wlmqbbs.net balance.13141efgtrvbhjd.com
1	wlmqbbs.net
0	akdo3123.kdc694jq5oas194.com Failed	balance.13141efgtrvbhjd.com
0	rp42kdwo.lopa6ndb21sv3oewa.com Failed	balance.13141efgtrvbhjd.com
0	rp42kdwo.hg5ja97kqay21h3.com Failed	balance.13141efgtrvbhjd.com
0	rp42kdwo.h5jqh2kdb3as.com Failed	balance.13141efgtrvbhjd.com
0	akdo3123.h5jqh2kdb3as.com Failed	balance.13141efgtrvbhjd.com
8	7

This site contains no links.

Subject Issuer	Validity	Valid
balance.13141efgtrvbhjd.com R3	`2023-10-23` - `2024-01-21`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://balance.13141efgtrvbhjd.com/
Frame ID: 435A236B65C1865BDD12CB608E4CF29F
Requests: 3 HTTP requests in this frame

Frame: https://akdo3123.h5jqh2kdb3as.com/?_rid=0.5319413266681294
Frame ID: 8AF510B81CCFD3E5887A6717B6C930C8
Requests: 1 HTTP requests in this frame

Frame: https://rp42kdwo.h5jqh2kdb3as.com/?_rid=0.23415019321594088
Frame ID: 99AC3B517B66683EA365A30B8BC54D7E
Requests: 1 HTTP requests in this frame

Frame: https://rp42kdwo.hg5ja97kqay21h3.com/?_rid=0.461595150626257
Frame ID: 2B61431A466B0D3EC3ABFCEBA443108B
Requests: 1 HTTP requests in this frame

Frame: https://rp42kdwo.lopa6ndb21sv3oewa.com/?_rid=0.5635937292205895
Frame ID: BC712949F089BB7A479D3D46E86D55E8
Requests: 1 HTTP requests in this frame

Frame: https://akdo3123.kdc694jq5oas194.com/?_rid=0.9120963882085193
Frame ID: 2FEE442E8E9C7A1C199A3EADB99FF8A5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://wlmqbbs.net/down/dncl/flashplayer25_ga_install.exe Page URL
https://balance.13141efgtrvbhjd.com/ Page URL
https://balance.13141efgtrvbhjd.com/ Page URL

Page Statistics

8
Requests

25 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

3
IPs

1
Countries

3 kB
Transfer

2 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wlmqbbs.net/down/dncl/flashplayer25_ga_install.exe Page URL
https://balance.13141efgtrvbhjd.com/ Page URL
https://balance.13141efgtrvbhjd.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 ok	flashplayer25_ga_install.exe Show response wlmqbbs.net/down/dncl/	165 B 301 B	757ms 163ms	Document text/html	156.234.127.117 CNSERVERS
General Check archive.org Show headers Download Go to Full URL http://wlmqbbs.net/down/dncl/flashplayer25_ga_install.exe Protocol HTTP/1.1 Server 156.234.127.117 Hong Kong, Hong Kong, ASN40065 (CNSERVERS, US), Reverse DNS Software nginx / Resource Hash `636a7936ea5220d6d79d85863c70b6a39344524f7bf62009a1060a9ef0f95830` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Cache-Control no-cache Connection close Content-Length 165 Date Wed, 01 Nov 2023 02:45:34 GMT Server nginx
GET H/1.1	200 OK	/ Show response balance.13141efgtrvbhjd.com/	685 B 802 B	4384ms 266ms	Document text/html	34.96.246.12 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://balance.13141efgtrvbhjd.com/ Requested by Host: wlmqbbs.net URL: http://wlmqbbs.net/down/dncl/flashplayer25_ga_install.exe Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.96.246.12 Hong Kong, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 12.246.96.34.bc.googleusercontent.com Software / Resource Hash `6a48b76d5c48950c42545a9a48f87c98ff419c5a4144d4438d65829c33da024e` Request headers Referer http://wlmqbbs.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Content-Length 685 Content-Type text/html; charset=utf-8 Date Wed, 01 Nov 2023 02:45:34 GMT
GET H/1.1	200 OK	Primary Request / Show response balance.13141efgtrvbhjd.com/	1 KB 2 KB	304ms 304ms	Document text/html	34.96.246.12 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://balance.13141efgtrvbhjd.com/ Requested by Host: balance.13141efgtrvbhjd.com URL: https://balance.13141efgtrvbhjd.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 34.96.246.12 Hong Kong, Hong Kong, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 12.246.96.34.bc.googleusercontent.com Software / Resource Hash `afe42649756213ffbfdf3d7be178bb6b80ce8647a06a16475245c292b773f6a1` Request headers Referer https://balance.13141efgtrvbhjd.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Accept-Ranges bytes Content-Length 1432 Content-Type text/html; charset=utf-8 Date Wed, 01 Nov 2023 02:45:38 GMT
GET		/ akdo3123.h5jqh2kdb3as.com/ Frame 8AF5	0 0

GET		/ rp42kdwo.h5jqh2kdb3as.com/ Frame 99AC	0 0

GET		/ rp42kdwo.hg5ja97kqay21h3.com/ Frame 2B61	0 0

GET		/ rp42kdwo.lopa6ndb21sv3oewa.com/ Frame BC71	0 0

GET		/ akdo3123.kdc694jq5oas194.com/ Frame 2FEE	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: akdo3123.h5jqh2kdb3as.com
URL: https://akdo3123.h5jqh2kdb3as.com/?_rid=0.5319413266681294

Domain: rp42kdwo.h5jqh2kdb3as.com
URL: https://rp42kdwo.h5jqh2kdb3as.com/?_rid=0.23415019321594088

Domain: rp42kdwo.hg5ja97kqay21h3.com
URL: https://rp42kdwo.hg5ja97kqay21h3.com/?_rid=0.461595150626257

Domain: rp42kdwo.lopa6ndb21sv3oewa.com
URL: https://rp42kdwo.lopa6ndb21sv3oewa.com/?_rid=0.5635937292205895

Domain: akdo3123.kdc694jq5oas194.com
URL: https://akdo3123.kdc694jq5oas194.com/?_rid=0.9120963882085193

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			balance.13141efgtrvbhjd.com/	1970-01-20 15:53:30	Name: _GATE_DID_ Value: GQ$RGQ$#HG%QRQ#R!@#RWE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

akdo3123.h5jqh2kdb3as.com
akdo3123.kdc694jq5oas194.com
balance.13141efgtrvbhjd.com
rp42kdwo.h5jqh2kdb3as.com
rp42kdwo.hg5ja97kqay21h3.com
rp42kdwo.lopa6ndb21sv3oewa.com
wlmqbbs.net
akdo3123.h5jqh2kdb3as.com
akdo3123.kdc694jq5oas194.com
rp42kdwo.h5jqh2kdb3as.com
rp42kdwo.hg5ja97kqay21h3.com
rp42kdwo.lopa6ndb21sv3oewa.com
156.234.127.117
34.96.246.12
636a7936ea5220d6d79d85863c70b6a39344524f7bf62009a1060a9ef0f95830
6a48b76d5c48950c42545a9a48f87c98ff419c5a4144d4438d65829c33da024e
afe42649756213ffbfdf3d7be178bb6b80ce8647a06a16475245c292b773f6a1

balance.13141efgtrvbhjd.com Open in urlscan Pro 34.96.246.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

25 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

3 IPs

1 Countries

3 kBTransfer

2 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

Indicators

balance.13141efgtrvbhjd.com Open in urlscan Pro
34.96.246.12 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

25 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

3
IPs

1
Countries

3 kB
Transfer

2 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions