www.inspiredbybalkans.com Open in urlscan Pro
162.159.134.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
Effective URL:
https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu
Submission: On October 09 via manual (October 9th 2024, 10:02:23 am UTC) from US — Scanned from IT

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 162.159.134.42, located in and belongs to CLOUDFLARENET, US. The main domain is www.inspiredbybalkans.com.
TLS certificate: Issued by WE1 on August 13th 2024. Valid for: 3 months.

This is the only time www.inspiredbybalkans.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 2	197.230.9.162 197.230.9.162	36925 (ASMedi) (ASMedi)
7	162.159.134.42 162.159.134.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2

2 197.230.9.162 (Rabat, Morocco) 2 redirects

ASN36925 (ASMedi, MA)

crm.alyousr.ma	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 162.159.134.42 (None, )

ASN13335 (CLOUDFLARENET, US)

www.inspiredbybalkans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	inspiredbybalkans.com www.inspiredbybalkans.com	644 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	92 KB
2	alyousr.ma 2 redirects crm.alyousr.ma	1 KB
10	3

	Domain	Requested by
7	www.inspiredbybalkans.com	www.inspiredbybalkans.com
3	cdnjs.cloudflare.com	www.inspiredbybalkans.com cdnjs.cloudflare.com
2	crm.alyousr.ma	2 redirects
10	3

This site contains no links.

Subject Issuer	Validity	Valid
inspiredbybalkans.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu
Frame ID: DE5EE932873FD6ECBE5D43FD42146868
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in

Page URL History Show full URLs

http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
https://www.inspiredbybalkans.com//wp-admin/js/app/?link= Page URL
https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

736 kB
Transfer

869 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
https://www.inspiredbybalkans.com//wp-admin/js/app/?link= Page URL
https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 307
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 301
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c HTTP 302
https://www.inspiredbybalkans.com//wp-admin/js/app/?link=

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
www.inspiredbybalkans.com//wp-admin/js/app/
Redirect Chain

http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
http://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
https://crm.alyousr.ma/r/c4e1dda7a0c8b9dbaf91d2b7c
https://www.inspiredbybalkans.com//wp-admin/js/app/?link=

404 B
898 B

1704ms
1339ms

Document
text/html

162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?link=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8cfd889d2858374e-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 10:02:12 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=20.2.8;mv=3.1.2
ki-origin: g1p
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWrJC5jzBf3aW5Hu0%2BqxlM3L7P5F%2BeLHYC1jUdI3JPiVluNm7Ent7aCE7WhB0xw0O8n9kWlSpNnsE9TRIJb1FDA94Ttx6ARVuCgJLDkNVFaoYw%2F6%2BeymC%2Bfqd8Lyf8pCOF1Y0HBCq1KXbOM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS

Redirect headers

Cache-Control: max-age=0, must-revalidate, private
Connection: Keep-Alive
Content-Length: 474
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' data: https://www.gravatar.com https://i0.wp.com; font-src 'self' https://fonts.gstatic.com https://fonts.odoocdn.com;
Content-Type: text/html; charset=UTF-8
Date: Wed, 09 Oct 2024 10:02:06 GMT
Expires: Wed, 09 Oct 2024 10:02:06 GMT
Keep-Alive: timeout=5, max=100
Location: https://www.inspiredbybalkans.com//wp-admin/js/app/?link=
Permissions-Policy: accelerometer=(), geolocation=('self'), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=('self')
Referrer-Policy: no-referrer
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Powered-By: Server
X-XSS-Protection: 1; mode=block

GET
H2 200 Primary Request / Show response
www.inspiredbybalkans.com//wp-admin/js/app/ 17 KB
4 KB 383ms
370ms Document
text/html 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?link=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582d5e9c3ddd892046e3cd160f3906590c7d5a5825bd9873e34c41cf2ca2df4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?link=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8cfd88a6ba4b374e-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 09 Oct 2024 10:02:13 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
ki-cache-type: None
ki-cf-cache-status: BYPASS
ki-edge: v=20.2.8;mv=3.1.2
ki-origin: g1p
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZtkERhh43973l7iQvLgqHnEO%2FmE7WR8IOXDyypKCqEyGLSC22%2B8318EauoZHLK00xELjQw4ssPpZN1SPEFJ%2B9LKFtGWatYGN7RNlwr0uZMQEXmaTe8Hucc113hoMtR6DrnxMN3gihAfDbs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-edge-location-klb: 1
x-kinsta-cache: BYPASS

GET
H2 200 /
www.inspiredbybalkans.com//wp-admin/js/app/ 11 KB
3 KB 399ms
373ms Stylesheet
text/css 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/ca/csspage2.php?page=signin&t=3tdzxjg51kstenu

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

189eda263ca3ccfbef3f1cc5aa4f92d3d39a72f289b1ca0c128a975023fad949

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lk2MU%2FLOY4C1wdA%2BgnqcNPu%2BVVPz9%2BLhFXDI5Y6WuOcIod%2FGMSTE7BsMJoAvdwZTrGtAwnhsnwWlXhSgu3zni5kajdNxUmms384si7WlvhIe64HUjy3R3%2FXlInsUcaBlG6HlY4fRJIuZ0to%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: text/css; charset: UTF-8;charset=UTF-8
ki-cf-cache-status: BYPASS
vary: Accept-Encoding
ki-origin: g1p
x-kinsta-cache: BYPASS
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
x-edge-location-klb: 1
cf-ray: 8cfd88a94f8b374e-MXP
ki-cache-type: None
ki-edge: v=20.2.8;mv=3.1.2
server: cloudflare

GET
H2 200 modernizr.min.js Show response
cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/ 11 KB
5 KB 563ms
73ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.inspiredbybalkans.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03f26-2b4c"
age: 460607
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G5pinLXxmpXPKdx5H0i3fxb3fyXdhmZohPDnB3MPJHwzrHlgoSJif1%2F5cecbP0P243jV4O1q%2FN7HUkV%2F7N%2Fnc7YIfHt1C7tJuNte7%2FRqno85eNy7qCIdRHJf%2Ft9rTolIV4aTcJGI"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 29 Sep 2025 10:02:13 GMT
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:13:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cfd88ac39135261-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3980
server: cloudflare

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 606ms
116ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.inspiredbybalkans.com
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "613fa20b-28de"
age: 455219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J6AX8WygJmsq6oOKRVAm7NMDFkPJ133I9MLwWVRwAGEEhGy0t62KJFPUWme10tcRDAruBqZOUopNYkDmRN7KhjYVnqkJgWLMf4cUN5d7idcOzrdq4x6tloqUkv2tymw8m%2BBa%2BZGr"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 29 Sep 2025 10:02:13 GMT
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cfd88ac390c5261-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10462
server: cloudflare

GET
H2 200 / Show response
www.inspiredbybalkans.com//wp-admin/js/app/ 85 KB
29 KB 482ms
460ms Script
application/javascript 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/lib/js/jquery-3.3.1.min.js

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AfgRUboQX340oJKReuYbSjAdvwOjpGi8IEbKa%2BepjnlU2NrEzvLSxuzW79Xxg5RQ4QEhFdaky79sQQcWs532ZL3fdwOlxlgDlvZV%2Fb4wM%2F3nm5e8kznt435faOzxpXN%2BEREjB932BGRYopw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
ki-cf-cache-status: BYPASS
ki-origin: g1p
x-kinsta-cache: BYPASS
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
x-edge-location-klb: 1
cf-ray: 8cfd88a94f90374e-MXP
ki-cache-type: None
ki-edge: v=20.2.8;mv=3.1.2
server: cloudflare

GET
H2 200 /
www.inspiredbybalkans.com//wp-admin/js/app/ 3 KB
4 KB 580ms
558ms Image
image/png 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/pics/logo.png

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e4af3f39885c55017c51ee4c68ab87c4ecb6af0d9a54417eee33d9db13b036e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18cTqeqC5j4k%2B0uApuVQrqUQRbpt8EC8vIDRnLmiZ5mXPJUoZ5cvuMPmi4iUKTHG2Q6Jm6Tp%2B3OY%2FESue6v5d4krrv9t8TLkqcIEBUNo%2F458PiPa6ltbbKwpwKMuBkWDU%2Bi0rGjdrk%2BRF9s%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: image/png
ki-cf-cache-status: BYPASS
vary: Accept-Encoding
ki-origin: g1p
x-kinsta-cache: BYPASS
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
x-edge-location-klb: 1
cf-ray: 8cfd88a94f93374e-MXP
ki-cache-type: None
ki-edge: v=20.2.8;mv=3.1.2
server: cloudflare

GET
H2 200 /
www.inspiredbybalkans.com//wp-admin/js/app/ 599 KB
600 KB 581ms
580ms Image
image/jpeg 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/pics/background.jpg

Requested by

Host: www.inspiredbybalkans.com
URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/ca/csspage2.php?page=signin&t=3tdzxjg51kstenu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/ca/csspage2.php?page=signin&t=3tdzxjg51kstenu

Response headers

cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xsAF9%2BssX6eh5JvEs3V11JR3UQIuBqQn3v2yjvGvw8OXxxS8TqimJWmnE6zlkd1fnA9x10K4LMlH2zDlkpO7ShVp8e6PiAcRVAjRrea25e9Hl5laKFymVgAxOHTk6VySLnOteuahp%2FM5cWY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 09 Oct 2024 10:02:14 GMT
content-type: image/jpeg
ki-cf-cache-status: BYPASS
vary: Accept-Encoding
ki-origin: g1p
x-kinsta-cache: BYPASS
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
x-edge-location-klb: 1
cf-ray: 8cfd88acfe93374e-MXP
ki-cache-type: None
ki-edge: v=20.2.8;mv=3.1.2
server: cloudflare

GET
H2 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 47ms
46ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.inspiredbybalkans.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "613fa20b-131bc"
age: 509383
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iaFGufHAvQJVrRHrLTnsRQAHmACfQbC25ArQPyZWcrgS3PIdHCMyffJDfgamXv%2Flw0OBZ5kA%2BJuUYrAUHSQubPQ12EMWConCrSJPVXhELJD2Gcg3J7pIO6jiyI4QVsfRbTMCMKNy"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 29 Sep 2025 10:02:13 GMT
date: Wed, 09 Oct 2024 10:02:13 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8cfd88ad4b775261-MXP
accept-ranges: bytes
access-control-allow-origin: *
content-length: 78268
server: cloudflare

GET
H2 200 /
www.inspiredbybalkans.com//wp-admin/js/app/ 9 KB
3 KB 340ms
339ms Other
image/x-icon 162.159.134.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inspiredbybalkans.com//wp-admin/js/app/?get_link=we_files/lib/pics/favi.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.159.134.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CD8i85rNHxcnbGZKzA564L2mF2LWoDgj7lHDjq2Q40a1wiWzDnritMo1oEOy%2F1lOzCiM9qN4xAz%2F1ELtqel6d5vXNOc4jLKZfyfs4gYXl%2BOrxzOHX8XN%2FFI9sZSjR33c6ZCWUgt%2F05wB7Y4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 19 Nov 1981 08:52:00 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 09 Oct 2024 10:02:15 GMT
content-type: image/x-icon
vary: Accept-Encoding
ki-cf-cache-status: BYPASS
ki-origin: g1p
x-kinsta-cache: BYPASS
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
x-edge-location-klb: 1
cf-ray: 8cfd88b269cc374e-MXP
ki-cache-type: None
ki-edge: v=20.2.8;mv=3.1.2
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| html5 object| Modernizr function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.inspiredbybalkans.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0a8665826ef80d6008f9869a996a4bce

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://www.inspiredbybalkans.com//wp-admin/js/app/?auth&apitoken=3tdzxjg51kstenu Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
crm.alyousr.ma
www.inspiredbybalkans.com
104.17.24.14
162.159.134.42
197.230.9.162
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
189eda263ca3ccfbef3f1cc5aa4f92d3d39a72f289b1ca0c128a975023fad949
3e4af3f39885c55017c51ee4c68ab87c4ecb6af0d9a54417eee33d9db13b036e
582d5e9c3ddd892046e3cd160f3906590c7d5a5825bd9873e34c41cf2ca2df4b
6780d0b2bc67397895ef7b8845261eee7b9b22610b026835362128942da5fb7c
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
d2b82e612d2a812e8be2a57300dab8923c4f2edbe7a799e7da70791b595646fe
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe

www.inspiredbybalkans.com Open in urlscan Pro 162.159.134.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

736 kBTransfer

869 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

www.inspiredbybalkans.com Open in urlscan Pro
162.159.134.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

736 kB
Transfer

869 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!