balance.qjnbdgcfax.com Open in urlscan Pro
156.234.127.77 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://91t1.com/
Effective URL:
https://balance.qjnbdgcfax.com/
Submission: On November 06 via manual (November 6th 2023, 6:42:26 am UTC) from CN — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 7 domains to perform 8 HTTP transactions. The main IP is 156.234.127.77, located in Hong Kong, Hong Kong and belongs to CNSERVERS, US. The main domain is balance.qjnbdgcfax.com.
TLS certificate: Issued by R3 on September 12th 2023. Valid for: 3 months.

This is the only time balance.qjnbdgcfax.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	156.251.239.180 156.251.239.180	40065 (CNSERVERS) (CNSERVERS)
2	156.234.127.77 156.234.127.77	40065 (CNSERVERS) (CNSERVERS)
8	3

1 156.251.239.180 (United States)

ASN40065 (CNSERVERS, US)

91t1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 156.234.127.77 (Hong Kong, Hong Kong)

ASN40065 (CNSERVERS, US)

balance.qjnbdgcfax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	qjnbdgcfax.com balance.qjnbdgcfax.com	3 KB
1	91t1.com 91t1.com	296 B
0	91qwercf.com Failed n3tsfg.91qwercf.com Failed
0	91kgjtfv.com Failed htw442.91kgjtfv.com Failed
0	91dotgrf.com Failed h7u5sa.91dotgrf.com Failed
0	91hybja.com Failed jjyert.91hybja.com Failed
0	91pions.com Failed l76yur.91pions.com Failed
8	7

	Domain	Requested by
2	balance.qjnbdgcfax.com	91t1.com balance.qjnbdgcfax.com
1	91t1.com
0	n3tsfg.91qwercf.com Failed	balance.qjnbdgcfax.com
0	htw442.91kgjtfv.com Failed	balance.qjnbdgcfax.com
0	h7u5sa.91dotgrf.com Failed	balance.qjnbdgcfax.com
0	jjyert.91hybja.com Failed	balance.qjnbdgcfax.com
0	l76yur.91pions.com Failed	balance.qjnbdgcfax.com
8	7

This site contains no links.

Subject Issuer	Validity	Valid
balance.qjnbdgcfax.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://balance.qjnbdgcfax.com/
Frame ID: A27CFCFF0E7603998E76CA75A194131A
Requests: 3 HTTP requests in this frame

Frame: https://l76yur.91pions.com/?_rid=0.2555039449698613
Frame ID: EDF9ADAD9CD3AF8F000C93F99B1A200B
Requests: 1 HTTP requests in this frame

Frame: https://jjyert.91hybja.com/?_rid=0.7280087172276155
Frame ID: 6F26BB097897F7AF665DB9C7094588D4
Requests: 1 HTTP requests in this frame

Frame: https://h7u5sa.91dotgrf.com/?_rid=0.2654775049311082
Frame ID: 83CD8397F86F2B32E45B90280BC0179A
Requests: 1 HTTP requests in this frame

Frame: https://htw442.91kgjtfv.com/?_rid=0.27621528465333034
Frame ID: A58112D1C0DD873B78739DA4C000071D
Requests: 1 HTTP requests in this frame

Frame: https://n3tsfg.91qwercf.com/?_rid=0.2584464882562556
Frame ID: FACE75C3754797B3B1311C8C4856CB37
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://91t1.com/ Page URL
https://balance.qjnbdgcfax.com/ Page URL
https://balance.qjnbdgcfax.com/ Page URL

Page Statistics

8
Requests

25 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

3
IPs

2
Countries

3 kB
Transfer

3 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://91t1.com/ Page URL
https://balance.qjnbdgcfax.com/ Page URL
https://balance.qjnbdgcfax.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 ok	/ 91t1.com/	160 B 296 B	5356ms 178ms	Document text/html	156.251.239.180 CNSERVERS
General Check archive.org Show headers Download Go to Full URL http://91t1.com/ Protocol HTTP/1.1 Server 156.251.239.180 , United States, ASN40065 (CNSERVERS, US), Reverse DNS Software nginx / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache Connection close Content-Length 160 Date Mon, 06 Nov 2023 06:42:20 GMT Server nginx
GET H/1.1	200 OK	/ Show response balance.qjnbdgcfax.com/	685 B 802 B	4030ms 167ms	Document text/html	156.234.127.77 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://balance.qjnbdgcfax.com/ Requested by Host: 91t1.com URL: http://91t1.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 156.234.127.77 Hong Kong, Hong Kong, ASN40065 (CNSERVERS, US), Reverse DNS Software / Resource Hash `6a48b76d5c48950c42545a9a48f87c98ff419c5a4144d4438d65829c33da024e` Request headers Referer http://91t1.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Content-Length 685 Content-Type text/html; charset=utf-8 Date Mon, 06 Nov 2023 06:42:20 GMT
GET H/1.1	200 OK	Primary Request / Show response balance.qjnbdgcfax.com/	2 KB 2 KB	370ms 369ms	Document text/html	156.234.127.77 CNSERVERS
General Check archive.org Show headers Download Go to Full URL https://balance.qjnbdgcfax.com/ Requested by Host: balance.qjnbdgcfax.com URL: https://balance.qjnbdgcfax.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 156.234.127.77 Hong Kong, Hong Kong, ASN40065 (CNSERVERS, US), Reverse DNS Software / Resource Hash `9aabd07252551426211109c64509df1daa0e2972e80b538d5d20efe0b5edeec2` Request headers Referer https://balance.qjnbdgcfax.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Accept-Ranges bytes Content-Length 1945 Content-Type text/html; charset=utf-8 Date Mon, 06 Nov 2023 06:42:23 GMT
GET		/ l76yur.91pions.com/ Frame EDF9	0 0

GET		/ jjyert.91hybja.com/ Frame 6F26	0 0

GET		/ h7u5sa.91dotgrf.com/ Frame 83CD	0 0

GET		/ htw442.91kgjtfv.com/ Frame A581	0 0

GET		/ n3tsfg.91qwercf.com/ Frame FACE	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: l76yur.91pions.com
URL: https://l76yur.91pions.com/?_rid=0.2555039449698613

Domain: jjyert.91hybja.com
URL: https://jjyert.91hybja.com/?_rid=0.7280087172276155

Domain: h7u5sa.91dotgrf.com
URL: https://h7u5sa.91dotgrf.com/?_rid=0.2654775049311082

Domain: htw442.91kgjtfv.com
URL: https://htw442.91kgjtfv.com/?_rid=0.27621528465333034

Domain: n3tsfg.91qwercf.com
URL: https://n3tsfg.91qwercf.com/?_rid=0.2584464882562556

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			balance.qjnbdgcfax.com/	1970-01-20 16:00:56	Name: _GATE_DID_ Value: GQ$RGQ$#HG%QRQ#R!@#RWE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

91t1.com
balance.qjnbdgcfax.com
h7u5sa.91dotgrf.com
htw442.91kgjtfv.com
jjyert.91hybja.com
l76yur.91pions.com
n3tsfg.91qwercf.com
h7u5sa.91dotgrf.com
htw442.91kgjtfv.com
jjyert.91hybja.com
l76yur.91pions.com
n3tsfg.91qwercf.com
156.234.127.77
156.251.239.180
6a48b76d5c48950c42545a9a48f87c98ff419c5a4144d4438d65829c33da024e
9aabd07252551426211109c64509df1daa0e2972e80b538d5d20efe0b5edeec2

balance.qjnbdgcfax.com Open in urlscan Pro 156.234.127.77 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

8 Requests

25 %HTTPS

0 %IPv6

7 Domains

7 Subdomains

3 IPs

2 Countries

3 kBTransfer

3 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

1 Cookies

Indicators

balance.qjnbdgcfax.com Open in urlscan Pro
156.234.127.77 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

25 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

3
IPs

2
Countries

3 kB
Transfer

3 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions