admins-bwr.pages.dev Open in urlscan Pro
172.66.47.190 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://admins-bwr.pages.dev/
Effective URL:
https://admins-bwr.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On November 05 via api (November 5th 2024, 2:15:22 am UTC) from DE — Scanned from IT

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 172.66.47.190, located in United States and belongs to CLOUDFLARENET, US. The main domain is admins-bwr.pages.dev.
TLS certificate: Issued by WE1 on October 21st 2024. Valid for: 3 months.

This is the only time admins-bwr.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 7	172.66.47.190 172.66.47.190	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	199.232.196.193 199.232.196.193	54113 (FASTLY) (FASTLY)
1	172.67.174.203 172.67.174.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.58.212.170 216.58.212.170	15169 (GOOGLE) (GOOGLE)
17	5

7 172.66.47.190 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

admins-bwr.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 199.232.196.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.174.203 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn-googlapi-jquery.ga	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.170 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	imgur.com i.imgur.com — Cisco Umbrella Rank: 8556	76 KB
7	pages.dev 1 redirects admins-bwr.pages.dev	21 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1113	32 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 412	31 KB
1	cdn-googlapi-jquery.ga cdn-googlapi-jquery.ga	7 KB
17	5

	Domain	Requested by
7	i.imgur.com	admins-bwr.pages.dev
7	admins-bwr.pages.dev	1 redirects admins-bwr.pages.dev
2	maxcdn.bootstrapcdn.com	admins-bwr.pages.dev
1	ajax.googleapis.com	admins-bwr.pages.dev
1	cdn-googlapi-jquery.ga	admins-bwr.pages.dev
17	5

This site contains no links.

Subject Issuer	Validity	Valid
admins-bwr.pages.dev WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
cdn-googlapi-jquery.ga WE1	`2024-10-05` - `2025-01-03`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://admins-bwr.pages.dev/
Frame ID: FE5F26669FD23101FAC0293695AF063C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Files Location - 2023

Page URL History Show full URLs

http://admins-bwr.pages.dev/ HTTP 307
https://admins-bwr.pages.dev/ Page URL
https://admins-bwr.pages.dev/cdn-cgi/phish-bypass?atok=.Op8LQZehNy88BwmfnwhQsxnv7V9YNyKZ5pwjD9icE4-173077... HTTP 301
https://admins-bwr.pages.dev/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

166 kB
Transfer

397 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://admins-bwr.pages.dev/ HTTP 307
https://admins-bwr.pages.dev/ Page URL
https://admins-bwr.pages.dev/cdn-cgi/phish-bypass?atok=.Op8LQZehNy88BwmfnwhQsxnv7V9YNyKZ5pwjD9icE4-1730772902-0.0.1.1-%2F HTTP 301
https://admins-bwr.pages.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://admins-bwr.pages.dev/ HTTP 307
https://admins-bwr.pages.dev/

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

/ Show response
admins-bwr.pages.dev/
Redirect Chain

http://admins-bwr.pages.dev/
https://admins-bwr.pages.dev/

4 KB
2 KB

529ms
52ms

Document
text/html

172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5cf75e5acfb5b3c90dfd9126f3b447e6bf1198c9adc861a187ee7ff2a12d4b9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-ray: 8dd955723f4bbb0b-MXP
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 05 Nov 2024 02:15:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbCge5Ap855l8Rv5hc136654%2BYrOUWeObgvc5aNbbHYNt0BGkTLE0yTP4LI6FPJdNZAkNeaXvvKyU6C9cmmgKrhDVX70Nu4vqhV37U%2F796cZBplLrpG5SeAmrFmJQ3vtQ0fGV%2BGE3g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://admins-bwr.pages.dev/
Non-Authoritative-Reason: HSTS

GET
H2 200 cf.errors.css
admins-bwr.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 48ms
48ms Stylesheet
text/css 172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://admins-bwr.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"672112ac-5df3"
x-content-type-options: nosniff
cf-ray: 8dd95572af7fbb0b-MXP
expires: Tue, 05 Nov 2024 04:15:02 GMT
date: Tue, 05 Nov 2024 02:15:02 GMT
content-type: text/css
last-modified: Tue, 29 Oct 2024 16:51:56 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 icon-exclamation.png
admins-bwr.pages.dev/cdn-cgi/images/ 452 B
541 B 48ms
48ms Image
image/png 172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admins-bwr.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "672112ac-1c4"
x-content-type-options: nosniff
cf-ray: 8dd95572ffd2bb0b-MXP
expires: Tue, 05 Nov 2024 04:15:02 GMT
accept-ranges: bytes
content-length: 452
date: Tue, 05 Nov 2024 02:15:02 GMT
content-type: image/png
last-modified: Tue, 29 Oct 2024 16:51:56 GMT
server: cloudflare
x-frame-options: DENY

GET
H2 200 favicon.ico
admins-bwr.pages.dev/ 15 KB
5 KB 153ms
153ms Other
text/html 172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://admins-bwr.pages.dev/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8935c79afcc841eefe1b6d66d6eb5e417ca17ef640b5ac7899f62bccabd72051

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sU1uDSiPMNd0aVZ092j%2FDwQPKkAKDl98417ZxKdVSAJGa0OGvUCFHg2Mq0I0K6wNpQ%2BJo9ZZNufleCGrMy8gQ4cp41jSOEKkMKDGCdIv6CuXpzcHmo2wc3s7ZhK3D1YCM7qSHBfKdw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8dd955735804bb0b-MXP
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19623&sent=26&recv=21&lost=0&retrans=0&sent_bytes=11670&recv_bytes=2678&delivery_rate=589683&cwnd=257&unsent_bytes=0&cid=07d8444e548e37df&ts=378&x=0"
date: Tue, 05 Nov 2024 02:15:03 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2

200

Primary Request / Show response
admins-bwr.pages.dev/
Redirect Chain

https://admins-bwr.pages.dev/cdn-cgi/phish-bypass?atok=.Op8LQZehNy88BwmfnwhQsxnv7V9YNyKZ5pwjD9icE4-1730772902-0.0.1.1-%2F
https://admins-bwr.pages.dev/

15 KB
5 KB

66ms
66ms

Document
text/html

172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8935c79afcc841eefe1b6d66d6eb5e417ca17ef640b5ac7899f62bccabd72051

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://admins-bwr.pages.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8dd9558a1c56bb0b-MXP
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 05 Nov 2024 02:15:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y59uv4U3vFVXUFNiBYt1wsJpXfczWGrdjP5Kjl7QOmIdxUVYnLUi6KYt9I0SFP1yxy1PLqhzZIx6NlwFhHYH%2FeW5iunCmawHTN0mxx2w4Jy43kAcHxm2CwPH%2FTWrmjjPxNbHBddzWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=19958&sent=38&recv=27&lost=0&retrans=0&sent_bytes=17074&recv_bytes=2911&delivery_rate=589683&cwnd=257&unsent_bytes=0&cid=07d8444e548e37df&ts=3938&x=0"
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8dd95589cc3bbb0b-MXP
content-length: 167
content-type: text/html
date: Tue, 05 Nov 2024 02:15:06 GMT
location: https://admins-bwr.pages.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/ 119 KB
20 KB 572ms
64ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

cdn-status: 200
content-encoding: br
cf-cache-status: HIT
etag: "7f89537eaf606bff49f5cc1a7c24dbca"
age: 260397
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Tue, 05 Nov 2024 02:15:07 GMT
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-cache: HIT
cdn-cachedat: 10/20/2024 16:37:30
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-requesttime: 0
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: ef5806e3849e6e204c3d1f2a5976a395
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.04
cf-ray: 8dd9558dcaab0e66-MXP
access-control-allow-origin: *
cdn-edgestorageid: 752
server: cloudflare
cdn-requestcountrycode: DE

GET
H2 200 ULsf85T.png
i.imgur.com/ 29 KB
29 KB 256ms
139ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ULsf85T.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

fa3ea3c2b4c369c299be63a829f550de789e0073685517a050c8466e461acc4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "b9335c0faeaa0b45579a88fd13b45360"
age: 756706
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: a4e63di2RPEIVuZ1H4iQgF6Y0PM9wwW6Ei7pe1SEzFMZMkk3_ronLA==
date: Tue, 05 Nov 2024 02:15:06 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:30:08 GMT
x-cache-hits: 56, 0
x-served-by: cache-iad-kcgs7200078-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.765157,VS0,VE101
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29236
x-amz-cf-pop: JFK52-P10
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 Zjn9soJ.png
i.imgur.com/ 2 KB
2 KB 254ms
137ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/Zjn9soJ.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

6d38d0cae692499be2484b56002ee7c260422c4c48f19711742ddde02da72d81

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "fa2aca0c88cc9465c1a65e17160cf5c5"
age: 224918
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: D2JbC8bHZy5GXlQezMOosuznJ1pjfGCcTSeow1MlC56xJCJg6UWqMw==
date: Tue, 05 Nov 2024 02:15:06 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:24:57 GMT
x-cache-hits: 14, 0
x-served-by: cache-iad-kjyo7100045-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.765066,VS0,VE99
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2072
x-amz-cf-pop: MIA50-P3
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 favicon.png
cdn-googlapi-jquery.ga/img/ 6 KB
7 KB 1550ms
1092ms Image
image/png 172.67.174.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-googlapi-jquery.ga/img/favicon.png
Requested by: Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.174.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1155fdc56cb3a7894aa5d2a6d79ade979db8d67fd17668b1314496e808a4c65

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyGk6WmCNpNPAdNhd0CrOInOs%2F%2FeRXfoksHAi%2B4%2BgDTCEuv2UBxr0ARkXNH7M%2Be7BbKYpqfMQyew28K66Y1k5TgFolqEbuZmVAVBdGA1G2fG8fVOOTaSQifX0Xprn73Qo4IVm3Y6jj8V"}],"group":"cf-nel","max_age":604800}
expires: Tue, 12 Nov 2024 02:15:07 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24891&sent=7&recv=8&lost=0&retrans=0&sent_bytes=3921&recv_bytes=2210&delivery_rate=204715&cwnd=250&unsent_bytes=0&cid=128cf38d0edb1a11&ts=616&x=0"
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 11 Sep 2022 12:49:27 GMT
vary: Accept-Encoding
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8dd9558f0b26e28e-MRS
accept-ranges: bytes
content-length: 6250
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.3/ 88 KB
31 KB 1511ms
1071ms Script
text/javascript 216.58.212.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f10.1e100.net

Software

sffe /

Resource Hash

a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

content-encoding: gzip
age: 388880
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Fri, 31 Oct 2025 14:13:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 31 Oct 2024 14:13:47 GMT
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31191
x-xss-protection: 0
server: sffe

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/ 39 KB
11 KB 68ms
67ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

cdn-status: 200
content-encoding: br
cf-cache-status: HIT
etag: "2f34b630ffe30ba2ff2b91e3f3c322a1"
age: 600086
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
date: Tue, 05 Nov 2024 02:15:07 GMT
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-cache: HIT
cdn-cachedat: 10/20/2024 14:55:09
cdn-requestpullcode: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-requesttime: 0
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a6311287b75a26593d8e81a437617b94
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.04
cf-ray: 8dd9558e8b090e66-MXP
access-control-allow-origin: *
cdn-edgestorageid: 1053
server: cloudflare
cdn-requestcountrycode: DE

GET
H2 200 qXjvBuJ.png
i.imgur.com/ 1 KB
2 KB 1174ms
1173ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qXjvBuJ.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d2645eaab1cebd2b1ee1fb167f93a163d50a68b212ba079c5ec1baed2815df94

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "90484f656dc44c3525dbb7f9df5cbd28"
age: 110595
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: EXejvI2FNi4FQSaKkyK--easQoJwCsakUdSepNIPYK461jrbXxqRrQ==
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:10:01 GMT
x-cache-hits: 10, 0
x-served-by: cache-iad-kiad7000041-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.282354,VS0,VE100
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1386
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 0eFfOJD.png
i.imgur.com/ 10 KB
11 KB 1175ms
1174ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/0eFfOJD.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3044c77881eaad00ee277a198708220339f9794735cd83c6a0b5f4768e45cb75

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "a88009b53e5d7b5ec1047054bcafaf8b"
age: 128404
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: 8Sw99S0f8zq1ncYellTgidCI5bH7QjJLbblpvYJ3OYHBwsHq7fpEDQ==
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:14:02 GMT
x-cache-hits: 11, 0
x-served-by: cache-iad-kjyo7100145-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.282339,VS0,VE97
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10538
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 b7b7fz9.png
i.imgur.com/ 2 KB
3 KB 1175ms
1175ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/b7b7fz9.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

8065126cff824dc427e5ca1b0c55bf6a2aa706c85bb38ba88e4268bc0d1b541d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "52d0bb204780668e031c6f45fbaaec35"
age: 659669
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: nzlnSg8_5Di0RhUyMukZzO9axLjNTB5l_rrSovOSWiWC1ALdaUShQw==
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:16:20 GMT
x-cache-hits: 46, 0
x-served-by: cache-iad-kiad7000143-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.282311,VS0,VE97
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2349
x-amz-cf-pop: IAD12-P2
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 s3ZIXan.png
i.imgur.com/ 532 B
736 B 1173ms
1173ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/s3ZIXan.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

3c93da63a549e13f8a4c2707be1f5baa5eb0932aba0bdd60a8a0a57520b28c71

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "ffeea2da217ad021ee9c0b986839bbf9"
age: 105105
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: oZAuxMBhX5G24dBqN2GVr8HNxjNy2eIBQDrrtETrIT5ewrxbiZmyLQ==
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:19:26 GMT
x-cache-hits: 11, 0
x-served-by: cache-iad-kjyo7100073-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.282293,VS0,VE99
accept-ranges: bytes
access-control-allow-origin: *
content-length: 532
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 ojeGOvm.png
i.imgur.com/ 29 KB
29 KB 1174ms
1174ms Image
image/png 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/ojeGOvm.png

Requested by

Host: admins-bwr.pages.dev
URL: https://admins-bwr.pages.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

fa3ea3c2b4c369c299be63a829f550de789e0073685517a050c8466e461acc4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

etag: "b9335c0faeaa0b45579a88fd13b45360"
age: 413151
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: XfRuUIA7hS2fwx5YBRtBOu3uBxexUpKVwZX9591-_P5MAyKCwhIiKA==
date: Tue, 05 Nov 2024 02:15:07 GMT
content-type: image/png
last-modified: Sun, 12 Mar 2023 11:21:45 GMT
x-cache-hits: 29, 0
x-served-by: cache-iad-kiad7000088-IAD, cache-mxp6945-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1730772907.282273,VS0,VE100
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29236
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 favicon.ico
admins-bwr.pages.dev/ 15 KB
5 KB 81ms
79ms Other
text/html 172.66.47.190
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://admins-bwr.pages.dev/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.47.190 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8935c79afcc841eefe1b6d66d6eb5e417ca17ef640b5ac7899f62bccabd72051

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://admins-bwr.pages.dev/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FR%2FRfKIATNdHMDm%2BpBDJHsHeekGIvuss02hAaVh8p2ndC0JoqEKuwFJMXYXfkL7abuwV9TBCqgr0riq1yVR2q%2Bnm9vasvjC1tRNmmraRLhP3XMpiVwzvAne%2F6I%2Fo4P8SOLI8QDlLVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8dd955961ac6bb0b-MXP
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=19736&sent=48&recv=33&lost=0&retrans=0&sent_bytes=21912&recv_bytes=2971&delivery_rate=637119&cwnd=257&unsent_bytes=0&cid=07d8444e548e37df&ts=5867&x=0"
date: Tue, 05 Nov 2024 02:15:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.admins-bwr.pages.dev/	1970-01-21 00:47:39	Name: __cf_mw_byp Value: .Op8LQZehNy88BwmfnwhQsxnv7V9YNyKZ5pwjD9icE4-1730772902-0.0.1.1-/

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://admins-bwr.pages.dev/ Message: Failed to load resource: the server responded with a status of 403 ()
recommendation	verbose	URL: https://admins-bwr.pages.dev/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admins-bwr.pages.dev
ajax.googleapis.com
cdn-googlapi-jquery.ga
i.imgur.com
maxcdn.bootstrapcdn.com
104.18.10.207
172.66.47.190
172.67.174.203
199.232.196.193
216.58.212.170
3044c77881eaad00ee277a198708220339f9794735cd83c6a0b5f4768e45cb75
3c93da63a549e13f8a4c2707be1f5baa5eb0932aba0bdd60a8a0a57520b28c71
6d38d0cae692499be2484b56002ee7c260422c4c48f19711742ddde02da72d81
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
8065126cff824dc427e5ca1b0c55bf6a2aa706c85bb38ba88e4268bc0d1b541d
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8935c79afcc841eefe1b6d66d6eb5e417ca17ef640b5ac7899f62bccabd72051
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
d2645eaab1cebd2b1ee1fb167f93a163d50a68b212ba079c5ec1baed2815df94
f1155fdc56cb3a7894aa5d2a6d79ade979db8d67fd17668b1314496e808a4c65
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f5cf75e5acfb5b3c90dfd9126f3b447e6bf1198c9adc861a187ee7ff2a12d4b9
fa3ea3c2b4c369c299be63a829f550de789e0073685517a050c8466e461acc4e

admins-bwr.pages.dev Open in urlscan Pro 172.66.47.190 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

166 kBTransfer

397 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

admins-bwr.pages.dev Open in urlscan Pro
172.66.47.190 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

166 kB
Transfer

397 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!